BitDefender Detects New Harry Potter and the Half-Blood Prince Malware

Researchers at BitDefender® have detected a new wave of spam attacks focused around the release of the latest Harry Potter movie. The new wave of malware downloads the Rogue Trojan and steals credit card information from computer users who attempt to watch the latest movie free online.

Users who click on the link directing them to a free broadcast of the movie are redirected to an infected website. The browser window is then minimized, and a warning message notifies the user about several computer infections and the availability of Personal Antivirus for e-threat removal purposes. By clicking either OK or Cancel, the user triggers a fake movie that plays in the restored browser window. The movie mimics an on-going scanning process that detects malware within the system. Upon completion, the user is advised to download and install the Rogue Trojan to eliminate over 500 files altered by various types of malware.

By clicking either OK or Cancel the user activates a fake Windows® Security Alert which is a simple screenshot that acts like a trigger for the rogue. Clicking anywhere within the borders of the window will initiate the malware download.

Once the installer component completes the download of Personal Antivirus, it also connects to a Microsoft® Windows® Update Thank You page to simulate that the software is from a trusted source and it is legitimate.

Personal Antivirus rogue modifies the registry settings, requests the user to buy/renew a license and downloads additional malware responsible for the fake alerts it displays. To remain undetected, it terminates the Windows Defender process.

“Internet users should be cautious of any sites promising free screenings of the latest Harry Potter movie” said Vlad Valceanu, head of BitDefender’s anti-spam research. “The only way users can prevent and protect themselves from these attacks is to have a security solution installed on their systems.”