The newest variants of the notorious Bing.vc browser-hijacking malware are being distributed by legitimate Lavians Inc.`s applications, claim Intel McAfee security researchers.
The Bing.vc malware has been around for over a year now and many security firms have updated their products to remove the browser hijacker from the victims` computers.
According to Intel McAfee, the software company Lavians Inc. is to be held responsible for spreading the Bing.vc malware, as recent versions of it have been found bundled in Lavians`s legitimate products.
“We have come across several files from Lavians Inc. that look like legitimate applications but may pose a serious risk.” – says Intel’s researcher, Santosh Revankar -“We have observed that Lavians Inc. is repackaging clean applications with a browser hijacker to avoid suspicion and to increase its outreach.”
Intel McAfee says that most of the infected files are disguised as driver utilities, using names like DELL Inspiron 5100 Drivers Utility Setup, Acer Aspire ONE ZG5 Drivers Utility Setup or HP DESKJET F4580 Driver Utility Setup. When these files are executed, the user would have the legitimate app installed, but they would also get Bing.vc, hiding itself inside a file named IconOverlayEx.dll.
The browser hijacker would work on Firefox, Chrome or Internet Explorer browsers. Once running Bing.vc would invade the website`s homepage and insert ads into visited webpages. It would also redirect users to a webpage called Bing.vc, hence its name. The Bing.vc website isn’t connected in any way with the Bing service Microsoft offers and researchers are surprised of the fact Microsoft hasn’t done anything to take the domain down yet.
Moreover, the Intel McAfee experts noted a link on the hijacked homepage which leads victims to another website where they are offered some really expensive product to help them get rid of Bing.vc.
After becoming suspicious, some of the users, who got the Bing.vc browser hijacker via a legitimate-looking application, tried to uninstall it. They were surprised to find out that all files related to the app were deleted except for IconOverlayEx.dll.
In the course of the uninstalling process, Bing.vc modifies the user’s PC registry keys and adds two new entries that will load the DLL on every boot-up. That’s why even after the original infected files are deleted, the browser-hijacking malware remains intact in the system.
In order to remove it, victims would have to use an automated PC clean-up utility that usually comes with an anti-virus program or remove the registry keys themselves. Also, each shortcut from the browsers should be cleaned-up by deleting the URL at the end of the application target parameter.
