A family member got an offer to become a beta tester for Hello Kitty Online today. The email message she received provided a link to download a setup program
HKO_Downloader.exe. After she downloaded
the file, I had her submit it to Virustotal
, a site that checks files for malware with multiple antivirus programs.
The
Virustotal analysis of the file showed 2 of the 41 programs it used
to check the file reporting a potential issue with the file. Note: someone
else had uploaded a file named HKO_Island_of_Fun.exe on
September 3, 2009 that Virustotal identified as being an identical file
because that file had an identical
hash
value.
File HKO_Island_of_Fun.exe received on
2009.09.03 20:55:55 (UTC)
Current status: finished
Result: 2/41 (4.88%)
The two that identified the file as potentially being malware were as follows:
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| McAfee+Artemis | 5730 | 2009.09.03 | Suspect-29!4A5CA8AF0ECD |
| Sunbelt | 3.2.1858.2 | 2009.09.03 | Trojan.Win32.Generic!BT |
Information on Mcafee+Artemis is available at McAfee Artemis Technology. An evaluation of McAfee+Artemis is available at Anti-Virus Comparative Technology Preview Report McAfee Artemis.
Sunbelt's Trojan.Win32.Generic!BT Information and Removal webpage shows the following:
| Threat Name | Trojan.Win32.Generic!BT |
| Summary | Trojan.Win32.Generic!BT is a downloader associated with rogue security programs (also called “scareware.”) Once downloaded, the rogues pretend to scan a victim.s computer for malware then display false warnings that the machine is infected. It tries to convince victims to purchase useless security software. |
| Category | Trojan |
| Level | High |
| Advice | Remove |
| Description | Other names: F-Secure: Trojan-Downloader.Win32.FraudLoad.ffz Kaspersky: Trojan-Downloader.Win32.FraudLoad.ffz Microsoft: TrojanDownloader:Win32/FakeVimes |
| Release Date | Apr 7 2009 |
| Last Updated | Aug 7 2009 |
| File Traces | - No traces available. |
The HKO_Downloader.exe file downloads the actual software needed to participate in Hello Kitty Online, which is a site run by Aeria Games. I concluded that they may have licensed a downloading program that some others may use for nefarious purposes, but I didn't see sufficient reason to be concerned in this case and told her she could download the software and participate in the beta testing.
