McAfee Labs: Lavians Inc. repackaging utilities programs with browser hijacker

A recent McAfee Labs analysis found that the browser hijacking malware Bing.vc was redirecting its victims to this anti-hijacking advertisement.
A recent McAfee Labs analysis found that the browser hijacking malware Bing.vc was redirecting its victims to this anti-hijacking advertisement.

Software company Lavians Inc. is offering free utilities applications for download that actually infect users with the Bing.vc browser hijacker software, Intel Security's McAfee Labs warned in a blog post yesterday.

The malware purports to be legitimate driver utilities for computer brands including HP, Dell and Acer. Available on third-party sites, these once-clean applications have been repackaged to contain malware that controls the Internet Explorer, Firefox, and Chrome browsers, changing their home pages to a malicious URL and switching their default search engines to bing.vc (no relation to Microsoft's Bing).

McAfee's attempt to uninstall one of the samples failed – the malware only removed clean components while adding two more registry entries, including a shell extension handler for persistence. Even after restarting the computer, the home page remained changed – hosting a "FixBrowserRedirect" advertisement that linked to a website conveniently selling anti-hijacking software.

To restore the system, McAfee suggested removing the registry entries, deleting the malicious file IconOverlayEx.dll, and removing the malicious target in the properties of all browsers.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS