Fake updater destroys software’s ability to auto-update

A new type of malware variants was discovered by researchers of Vietnam-based security company Bkis.

The variants look like the legitimate update programs of popular software like DeepFreeze, Java, Windows, Adobe Reader, etc. They have the same icon and version details, and can fool regular users and experts alike.

The malware is written in Visual Basic. It can be downloaded on a Windows-running machine and, upon execution, swaps itself with the legitimate update program and right away opens the DHCP client, the DNS client, Network share and open port for receiving commands.

Even if the users notice and delete the malware, they are still in danger of getting infected again by this and other malware since the legitimate software has lost its ability to auto-update. The only solution is to deinstall the damaged version, download the software again and reinstall it.