Monday, July 25th, 2011 - BitDefender
SYDNEY & AUCKLAND – July 25, 2011 - BitDefender, an award-winning provider of innovative Internet security solutions, has discovered a new online threat that uses very sophisticated social engineering techniques in order to uninstall your antivirus solution while adding it to a botnet of infected systems.

The Trojan, dubbed Trojan.FakeAV.LVT, tricks unsuspecting Facebook users into believing that a video about them has been posted on YouTube. The video appears extremely convincing, as it also contains multiple comments from your Facebook friends which have been mocked up. And to make matters worse, if infected the fake YouTube video contains your full name in its title, correctly spelt as it appears on your Facebook profile.

As you try to watch the movie, the Trojan prompts you to install an ‘updated version’ of the Flash player plugin. This in fact carries a rogue - or fake - antivirus (AV) solution with both malware downloader and botnet capabilities that enable it to continue spreading.

To make matters worse, the fake AV is capable of impersonating the look and feel of 16 different security solutions currently on the market and asks for you to reboot your system in order to complete the install. However, upon restarting, the genuine AV solution on the system is uninstalled and completely replaced by a high-quality replica that not only lacks AV functionality, but also uses the infected PC to spread malware to others.

The fake antivirus can imitate 16 different security solutions from top-tier antivirus vendors. These replicas are also localised and will only display messages in the language that the genuine antivirus has been set to.

Catalin Cosoi, head of BitDefender’s antimalware research lab said: “Trojan.FakeAV.LVT takes social engineering to a whole new level by presenting the user with extremely convincing scenarios at each stage of the process. The video looks and feels real as it contains your name in the title, as well as comments from your Facebook friends. Meanwhile, fake antivirus solutions used to be easy to spot, as they’re often completely different to the one that you have installed onto your system. However, Trojan.FakeAV.LVT is deceptively clever as it is capable of replicating almost any antivirus or online security software on the market today.”

“To guard against these cunning new threats, BitDefender recommends downloading Flash-related updates through the Adobe website, instead of through a redirect link. If you are unsure whether the video is legitimate, it’s best to go directly to YouTube and search for the video’s existence,” Catalin advised.

Contact Profile


BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified internet security software. Since 2001, BitDefender has been an industry pioneer, introducing and developing award-winning protection technologies. Every day, BitDefender secures the digital experience of tens of millions of home and corporate users across the globe. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in countries across the world. 

Recently, the company has won a range of key recommendations in the US, UK and across Europe, including ConsumerSearch, Which?, Stiftung Warentest and Taenk. BitDefender antivirus technology has also finished top in leading industry tests from both AV Test and AV-Comparatives. More information about BitDefender and its products is available from the company’s security solutions press room. Additionally, BitDefender publishes Malware City providing the latest updates on security threats and helping users stay informed in the everyday battle against malware.

Anna Barnes
P: 02 8281 3802


BitDefender, ethreat, YouTube, Facebook, Trojan



More Formats