OFFICIAL SECURITY BLOG
May 1, 2014 | BY Jovi Umawing
A month after Malwarebytes CEO Marcin Kleczynski announced the launch of Malwarebytes Anti-Malware 2.0, we already started seeing executable files purporting to be free versions of our product being hosted on unfamiliar sites – some are bundles, and others are fakes which lead to things such as survey scams.
These are all potentially unwanted programs (PUPs), meaning they’re not really malware, but they exhibit behaviours that we find questionable (and some folks would argue certain behaviours are potentially malicious). Here are our detections for the following files:
Upon testing, we found that these files have common behaviours: they all enable themselves to run whenever Windows is restarted or the system is turned on and they’re capable of accessing private information that browsers store whenever we go online, such as data pertaining to cookies, browsing history, and list of restricted sites. These files also create the following noteworthy registry keys upon installation:
Several of these samples also create entries to IE’s restricted sites zone, consequently blocking users from accessing specific domains. Some of these sites are as follows:
We’ve also seen torrent download sites claiming that they are hosting the Premium version of MBAM with a keygen. To even access the supposed download, you have to fill in a survey:
For anyone interested in trying out MBAM 2.0, the wisest thing to do is still to go to our official download site, try it for free and, if it grew on you within the 14-day trial, get the Premium version.