A family member got an offer to become a beta tester for Hello Kitty Online today. The email message she received provided a link to download a setup program
HKO_Downloader.exe. After she downloaded the file, I had her submit it to Virustotal , a site that checks files for malware with multiple antivirus programs. The Virustotal analysis of the file showed 2 of the 41 programs it used to check the file reporting a potential issue with the file. Note: someone else had uploaded a file named
HKO_Island_of_Fun.exeon September 3, 2009 that Virustotal identified as being an identical file because that file had an identical hash value.
File HKO_Island_of_Fun.exe received on
2009.09.03 20:55:55 (UTC)
Current status: finished
Result: 2/41 (4.88%)
The two that identified the file as potentially being malware were as follows:
Information on Mcafee+Artemis is available at McAfee Artemis Technology. An evaluation of McAfee+Artemis is available at Anti-Virus Comparative Technology Preview Report McAfee Artemis.
Sunbelt's Trojan.Win32.Generic!BT Information and Removal webpage shows the following:
|Summary||Trojan.Win32.Generic!BT is a downloader associated with rogue security programs (also called “scareware.”) Once downloaded, the rogues pretend to scan a victim.s computer for malware then display false warnings that the machine is infected. It tries to convince victims to purchase useless security software.|
|Description||Other names: F-Secure: Trojan-Downloader.Win32.FraudLoad.ffz Kaspersky: Trojan-Downloader.Win32.FraudLoad.ffz Microsoft: TrojanDownloader:Win32/FakeVimes|
|Release Date||Apr 7 2009|
|Last Updated||Aug 7 2009|
|File Traces||- No traces available.|
The HKO_Downloader.exe file downloads the actual software needed to participate in Hello Kitty Online, which is a site run by Aeria Games. I concluded that they may have licensed a downloading program that some others may use for nefarious purposes, but I didn't see sufficient reason to be concerned in this case and told her she could download the software and participate in the beta testing.