1. The leading source for trustworthy and timely health and medical news and information. Providing credible health information, supportive community, and educational services by blending award.
2. The Microsoft DirectX® End-User Runtime installs a number of runtime libraries from the legacy DirectX SDK for some games that use D3DX9, D3DX10, D3DX11, XAudio 2.7, XInput 1.3, XACT, and/or Managed DirectX 1.1. Note that this package does not modify the DirectX Runtime installed on your Windows OS in any way.

1. Dr Web Cureit Official Site
2. Mcafee Official Site

Excela Health, established in 2004, seeks to enhance access to care, expand services and promote health and wellness.

Back to news

The official website of a popular video editing software was infected with a banking trojan

Fish hooks games catapult chaos. April 11, 2019

Doctor Web researchers discovered that the official website of a well-known video editing software, VSDC, was compromised. The hackers hijacked download links on the website causing visitors to download a dangerous banking trojan, Win32.Bolik.2, and the Trojan.PWS.Stealer (KPOT stealer) along with the editing software.

VSDC is a popular, free software for editing video and sound. According to SimilarWeb statistics, monthly visits of the VSDC website come close to 1.3 million users. However, the security measures taken by the website’s developers often turn out to be insufficient for such traffic volume, which endangers a large number of people.

Last year unknown hackers gained access to the administrative side of the VSDC website and replaced the download links. Instead of the editing software, users received a JavaScript file, which then downloaded the AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor. The VSDC team stated that they closed the vulnerability, but recently we received information about additional cases of infection through their website.

According to our researchers, the VSDC developer’s computer has been compromised several times since the previous incident. One such hack led to the website being compromised again between 2019-02-21 and 2019-03-23. This time hackers took a different approach to spreading the malware: they embedded a malicious JavaScript code inside the VSDC website. Its task was to determine the visitor’s geolocation and replace download links for users from the UK, USA, Canada and Australia. Native website links were substituted by links to another compromised website:

• https://thedoctorwithin[.]com/video_editor_x64.exe
• https://thedoctorwithin[.]com/video_editor_x32.exe
• https://thedoctorwithin[.]com/video_converter.exe

Users that downloaded software from that website also received a dangerous banking trojan, Win32.Bolik.2. Same as its predecessor, Win32.Bolik.1, this malware has qualities of a multicomponent polymorphic file virus. Trojans of this family are designed to perform web injections, traffic intercepts, key-logging and stealing information from different bank-client systems. At the moment we have information on at least 565 cases of infection with this trojan via videosoftdev.com site. It’s worth mentioning that so far only Dr.Web products successfully detect all the trojan’s components.

Additionally, on 22.03.2019 the attackers changed the Win32.Bolik.2 trojan to another malware, a variation of the Trojan.PWS.Stealer, KPOT Stealer. This trojan steals information from browsers, Microsoft accounts, several messengers and some other programs. In just one day it was downloaded by 83 users.

The VSDC developers were notified about the threat; and at the present moment, download links were restored to the originals. However, Doctor Web experts recommend that all VSDC users check their devices with our antivirus.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments

Dr.Web is a software suite developed by Russian anti-malware company Doctor Web. First released in 1992, it became the first anti-virus service in Russia.^[1]

The company also offers anti-spam solutions and is used by Yandex to scan e-mail attachments. It also features an add-on for all major browsers which checks links with the online version of Dr Web.^[2]

Dr.Web has withdrawn from AV tests such as Virus Bulletin VB100% around 2008 stating that they believe that virus scans on viruses are different subject from that of real world malware attacks.^[3]

Critics, reviews and reliability[edit]

Staunch anti-adware policy led to software developers complaints that Dr.Web treated their virus free applications as 'virus' and receive no responds from Dr.Web if they try to contact Dr.Web to resolve the issue.^[4]

Notable discoveries[edit]

Flashback Trojan[edit]

Dr.Web discovered the Trojan BackDoor.Flashback variant that affected more than 600,000 Macs.^[5]

Trojan.Skimer.18[edit]

Dr.Web discovered the Trojan.Skimer.18, a Trojan that works like an ATM software skimmer.^[6] The Trojan can intercept and transmit bank card information processed by ATMs as well as data stored on the card and its PIN code. Wd22x10017.

Linux.Encoder.1[edit]

Dr Web Cureit Official Site

Dr.Web discovered the ransomware Linux.Encoder.1 that affected more than 2,000 Linux users.^[7] Linux.Encoder.2 which was discovered later turned out to be an earlier version of this ransomware.

Trojan.Skimer discovery and attacks on Doctor Web offices[edit]

Doctor Web received a threat supposedly from the Trojan writers or criminal organization sponsoring this malware's development and promotion:^[8] On March 31, 2014, after two arson attacks were carried out on Igor Daniloff's anti-virus laboratory in St. Petersburg,^[9] company received a second threat. Doctor Web released a statement that the company considers it its duty to provide users with the ultimate protection against the encroachments of cybercriminals and consequently, efforts aimed at identifying and studying ATM threats with their ATM Shield.^[10]

See also[edit]

References[edit]

1. ^'Dr. Web LTD Doctor Web / Dr. Web Reviews, Best AntiVirus Software Reviews, Review Centre'. Reviewcentre.com. Retrieved 2014-02-17.
2. ^Web, Doctor (2013-10-07). 'Dr. Web LinkChecker :: Add-ons for Firefox'. Addons.mozilla.org. Retrieved 2014-02-17.
3. ^'Doctor Web: statement on Virus Bulletin comparative reviews'. news.drweb.com. Retrieved 2015-11-03.
4. ^'Drweb and false positive'. Malwarebytes Forums.
5. ^Greenberg, Andy (April 9, 2012). 'Apple Snubs Firm That Discovered Mac Botnet, Tries To Cut Off Its Server Monitoring Infections'. Forbes. Retrieved April 10, 2012.
6. ^'Trojan.Skimer.18 infects ATMs'. news.drweb.com. Retrieved 2015-11-27.
7. ^Dr.Web (November 6, 2015). 'Encryption Ransomware Threatens Linux Users'. Forbes. Retrieved November 16, 2015.
8. ^'Dr.Web - ATM Trojans – Doctor Web and ATM Trojans'. antifraud.drweb.com. Retrieved 2015-12-09.
9. ^'ATM Skimmer Gang Firebombed Antivirus Firm — Krebs on Security'. krebsonsecurity.com. Retrieved 2015-12-09.
10. ^''На карте – ваши деньги'! Банкоматные троянцы угрожают вам, а их распространители – поджогами и физической расправой сотрудникам компании 'Доктор Веб''. news.drweb.ru. Retrieved 2015-12-09.

External links[edit]

• Official website(in English)

Mcafee Official Site