Michal Krejdl

13 February 2013

Avast antivirus 2012 trial? No, just a scam

I don't know what kind of curiosity leads people to the dark corners of the internet, when they want to obtain a new version of antivirus software. It's somehow irrational to find security software at insecure places. But.... it happens.

FP submission FP submission

As you can see, the file name is Avast_Antivirus_2012_Trial_Verion.exe - but it is definitely not a proper setup released by us. Here are some facts, that are worth remembering:

  • we don't distribute new versions through grayzone portals. The best way to download recent version is to visit www.avast.com
  • our original setup package is properly signed with a valid certificate
  • our original setup has a typical "a" icon

The mentioned file from FP submission was not downloaded from the official source. It has no digital signature and no icon. In fact, it is a dangerous bootkit dropper - Sirefef/ZeroAccess - which no one really wants to have.

VT analysis: http://www.virustotal.com/en-gb/file/990974a2a557796c8ad2a8fbd1cd59a1867a8557f7a5fe7fb9e508f52874ce3f/analysis/1360768918/

 

Threat Research, Security News