Tuesday, September 22, 2009

Supposed Avira key generator contains malware

So-called key generators for Avia AntiVir have recently turned up on Internet exchange sites, but instead of giving users a valid license key, they load an autorun worm

Tettnang, 22 September 2009 – Key generators for Avia AntiVir products turned up last weekend on Internet exchange sites, promising users an illegal free license. But instead of getting a license key, users find that a harmful worm has been installed on their system.

A key generator is a piece of software that produces a free license key for a program for which a charge is usually made. In this case, as well as a current demo version of Avira AntiVir Premium, users also receive the “Avira Anti-Virus KeyGen.exe” file. After this has been run, it creates the following harmful files “< % Profile Folder AllUsers % >\Local Settings\Application Data\scvhost.exe”, “C:\Sys.exe” and “C:\autorun.inf”. The scvhost.exe file also anchors itself in the system registry, so that it is executed at every reboot. The malware also infects USB storage media, enabling it to spread. Further details about the threat can be found at Avira TechBlog. Avira detects the damaging software with virus definition file 7.1.6.18 as Worm/Autorun.sxa.

Key generators have long been used by cybercriminals as access point where user’s systems can be infected. Therefore, any message from the virus scanner when key generators are used or in relation to sites where key generators are available to download should be taken very seriously. Otherwise you run the risk of turning your computer into part of an illegal botnet, for example. Anyone wishing to avoid malware and who also wishes to play it safe from a legal perspective is advised by Avira not to use free key generators.

About Avira

Avira protects people in the connected world – enabling everyone to manage, secure, and improve their digital lives. The Avira umbrella covers a portfolio of security and performance applications for Windows, Android, Mac, and iOS. In addition, the reach of our protective technologies extends through OEM partnerships. Our security solutions consistently achieve best-in-class results in independent tests for detection, performance, and usability. Avira is a privately-owned company that employs 500 people. Its headquarters are near Lake Constance, in Tettnang, Germany, and the company has additional offices in Romania, India, Singapore, China, Japan & the United States. A portion of Avira's sales support the Auerbach Foundation, which assists education, children, and families in need. For more information about Avira visit www.avira.com.