This Mutant Adware Is Killing Antivirus: What to Do

Prominent Romanian cybersecurity and antivirus software company Bitdefender has revealed the latest resilient weapon for crooks looking to breach Windows operating systems: a piece of adware the researchers are calling Zacinlo.

The phony VPN's interface allowed users to believe they were enabling a connection rather than downloading adware. (Credit: Bitdefender)

(Image credit: The phony VPN's interface allowed users to believe they were enabling a connection rather than downloading adware. (Credit: Bitdefender))

It turns out that around 2,500 machines have, since 2012, installed a fake VPN application called S5Mark that, unbeknownst to the machines' users, came bundled with this sophisticated bit of adware. 

What to Do

Removing a Zacinlo infection is quite difficult, but a Bitdefender researcher told ZDNet that the best way would be to use an antivirus rescue disk, which uses a USB stick or optical disk to boot the infected machine into a specialized form of Linux that then scans the Windows drive without running Windows. Rescue disk images are offered for free by many antivirus vendors -- Bitdefender has instructions on how to create one here

MORE: Best Antivirus Software and Apps

Where Did Zacinlo Come From?

The masterminds behind Zacinlo have been spreading it since 2012 and are believed to have optimized it for Windows 10 sometime in the past two years.

Zacinlo activity saw big spikes in 2014 and 2015, but the adware was most active late in 2017. Its victims are heavily concentrated in the U.S. and on Windows 10 machines --  about 90 percent of Zacinlo-infected systems were running Windows 10. 

Two factors now make Zacinlo a bigger threat than it was a year ago. First, it can survive most traditional defenses against malware. The adware is able to upload your system's configuration information to a remote command-and-control server for analysis. The command-and-control server can then instruct the adware to disable and uninstall other applications on your computer -- namely, your antivirus and anti-malware programs, as well as competing strains of adware. 

Second,  Zacinlo is now a rootkit, operating at the lowest level of the operating system, which makes it very hard to detect. It also writes reinstallation information to the Windows Registry so that it will survive reboots and perhaps even systems upgrades.

Additionally, it's dangerous. Zacinlo has (so far) mainly been deployed to inject ads into web pages and to run a "headless browser" (an invisible browser without a user interface) to click ads in the background of victims' computers. 

It Could Mess with Online Payments

But the adware is capable of more sinister business. Because it uses a stolen It's also capable of intercepting even encrypted communication, which could enable it to view and tamper with your online payments.

It can redirect browser requests, meaning it can load fake web pages that look exactly like the real thing. And it contains a module that can remotely take and transfer screenshots of your screen -- which could compromise a lot of your personal information. 

Bottom Line

This discovery should serve as a wake-up call: Don't download shady software. Before installing VPN software, do your research and make sure it's one you can trust.

This article was originally published on Laptop Mag.

TOPICS

Monica Chin is a writer at The Verge, covering computers. Previously, she was a staff writer for Tom's Guide, where she wrote about everything from artificial intelligence to social media and the internet of things to. She had a particular focus on smart home, reviewing multiple devices. In her downtime, you can usually find her at poetry slams, attempting to exercise, or yelling at people on Twitter.

Latest in Antivirus
A woman using her laptop securely with a cup of coffee in hand
5 common mistakes people make when shopping for antivirus software
Best antivirus software
How does antivirus software work?
Avast software on a webpage
FTC rules Avast customers entitled to $16.5 million settlement — how to claim your share
A laptop with the screen displaying both the logos for Norton antivirus and McAfee antivirus softwares.
I compared Norton vs McAfee’s antivirus software to see which one is best
Bitdefender and Norton logo split a computer screen
I put Bitdefender vs Norton antivirus through a 7-round face-off — here's the winner
Norton 360 Standard (for Mac)
Norton 360 Deluxe is 75% off in this Black Friday deal — protect 5 PCs, Macs tablets or phones for just $30
Latest in News
Apple Peek Performance
Apple makes a move to revive its Siri revamp — and the Vision Pro boss could play a part
NYTimes Connections
NYT Connections today hints and answers — Friday, March 21 (#649)
Xbox Elite Wireless Controller Series 2
Deleted image reveals Steam games in the Xbox app — here's what it could mean
Adam Scott and Britt Lower in "Severance."
‘Severance’ season 2 finale explained — we finally just got some answers
Severance season 2 finale
How to watch 'Severance' finale online – stream final episode of season 2 tonight
Render of the alleged design of the iPhone 17 Pro
New iPhone 17 Pro dummy leak highlights redesigned camera and part glass body
  • 3schoolroad
    So how do you detect it on your machine ? How about a bit of useful information instead of just serving up your own ads.
    Reply