Categories
General

Malwarebytes brand exploited through search

It’s not often that I search for the term Malwarebytes on Google. I know how to get to my own company’s website by typing it into the address bar. However, when a friend or family member asks me how to get to our website, I almost always instruct them to search.

Unfortunately, there exists a market where bad people benefit by preying on our users. They create websites which advertise that they distribute Malwarebytes and instead, download a product of their own onto our user’s machine. They advertise on Google and turn up in search results. I’d equate this to a cereal company packaging their generic, less delicious brand into a Cheerios box and putting it on shelves.

If you see a page like this, it is fraudulent and you should go directly to www.malwarebytes.org instead.

It makes me sick, and I refuse to let it go on. Today, I instructed our legal team to pursue all of these cheaters in hopes that we can wipe them from the face of the Internet.

But that’s not all. How far is too far? Should advertisers on Google be allowed to use company names as keywords? If I search for Cheerios, should the first advertisement be for the generic brand? It’s allowed, a common practice, and in my opinion completely unethical.

Categories
Security

Mysterious case of the executable hijack

I got a message from my friend Paul today asking for help with an infection. He was using the latest version of Firefox at the time and was positive he did not click on any odd links or downloaded anything malicious. Naturally, I advised him to run Malwarebytes Anti-Malware and had him send me the log. One specific entry popped out at me.

Memory Processes Infected:
c:UsersPaulAppDataLocalojx.exe (Trojan.ExeShell.Gen) -> 3508 -> No action taken.

I picked up the phone and called Bruce Harrison, our VP of Research, and asked for an explanation. The result had shocked me. I was told that this was an executable hijack that is used with FakeAlert, a Trojan we see almost daily in our research center.

What exactly does that mean? Well, when the infection is able to penetrate your computer, it hijacks all executables to run the malicious file instead of their intended targets. For example, you try to open Skype and the malicious file starts instead.

It does this in two ways. First, it modifies each shortcut itself to point to the malware. Secondly, it modifies the .exe shell in the registry so that once again instead of starting the correct executable, it starts the malicious file.

Luckily, Malwarebytes Anti-Malware was able to patch Paul up, but we both wanted to know how this had happened. Bruce advised us to check the installed Java version. It was in fact outdated by several versions. I advised Paul to update to the latest version and he now has a healthy computer!