Barracuda Antivirus

If you've never heard of Barracuda Antivirus, don't assume that means you can ignore Barracuda Antivirus as a threat. Barracuda Antivirus is an ancestor (and one of the older members) of the huge malware family that includes AntiVira Av, which is at present an extremely prevalent threat. In order to understand Barracuda Antivirus, a general description is in order, despite the age of this rogue anti-virus application.

Signs of Barracuda Antivirus Infection

Barracuda Antivirus causes symptoms that are, by now, nothing out of the ordinary for fake security software. Barracuda Antivirus changes the registry, configuring itself to run every time Windows starts; so the first time you see Barracuda Antivirus will be the first time you restart Windows after Barracuda Antivirus installs itself. Then, at startup, Barracuda Antivirus will show its fake user interface, which uses the logo for Microsoft Malware Protection Center without permission, and includes the slogan "Protecting every second...." This interface is what Barracuda Antivirus will display when Barracuda Antivirus runs its fake system scans, and these "scans" always turn up lists of results. Then, of course, Barracuda Antivirus will alert you that it can't remove all of the threats that it found unless you register the software and pay for Barracuda Antivirus, since you have the "trial" version. Following these prompts will take you to or another one of the malicious websites associated with Barracuda Antivirus, where you can pay $49.95 for the malware – but doing so gets you nothing, because the entire thing is just a scam.

Barracuda Antivirus also generates pop-up alerts, which will warn of security threats that Barracuda Antivirus has detected, and it will use these to prompt you to pay for Barracuda Antivirus software. Barracuda Antivirus can even cause alerts to appear from the system tray, which will often say that Windows has detected an infection on the system and that you need anti-virus software to remove Barracuda Antivirus. Of course, following the prompts to download or buy this anti-virus software leads you to – you guessed it – a download of Barracuda Antivirus. With this threat on your computer, you may also find that your browser is getting redirected to Barracuda Antivirus's malicious sites, even if you don't click on the buttons in the warning alerts.

The Trojan that Installs Barracuda Antivirus

At its core, Barracuda Antivirus is a scam that relies on a virus called Trojan:Win32/FakeSpypro. All of the rogue security applications in the family of Barracuda Antivirus use this Trojan, and to create a new rogue anti-virus application, the crooks behind the scam just modify Trojan:Win32/FakeSpypro to install a slightly modified version of the same malware – usually with very superficial differences, which may be as minor as a simple name change. This is why there are so many mutations of what is essentially the same malware, because the people using Trojan:Win32/FakeSpypro are trying to stay ahead of detection by security programs in order to steal as much money as possible.

Trojan:Win32/FakeSpypro is typically hidden in downloaded files, although Trojan:Win32/FakeSpypro may also be hidden in malicious, fake online "free virus scan" sites. Trojan:Win32/FakeSpypro is very frequently bundled with downloads on torrent and pirating sites, as well as on legitimate filesharing sites. Once Trojan:Win32/FakeSpypro is downloaded, it creates a backdoor and downloads Barracuda Antivirus (or whatever piece of rogue security software Trojan:Win32/FakeSpypro has been modified to promote).

Barracuda Antivirus Big Family

Barracuda Antivirus and its descendants and mutations are all part of a single, large-scale, fradulent Russian operation, which is focused on stealing money from PC users by using scare tactics and ransoming of the infected computers. Other members of this family include, but are not limited to, the following: Spyware Protect 2009, Antivirus System Pro, Security Central, Windows Antispyware 2009, Antivir Solution Pro, Antivirus Soft, Antivirus Suite, AV Security Suite, Antivirus .NET, and AntiVira AV. Many more members of this family are out there, and it is very likely that many more will eventually be created. The Barracuda Antivirus malware was released in early summer 2009.   

File System Details

Barracuda Antivirus may create the following file(s):
# File Name Detections
1. %ProgramFiles%\Barracuda Antivirus\uninstall.exe
2. %ProgramFiles%\Barracuda Antivirus\Antivirussystempro.exe
3. %ProgramFiles%\Barracuda Antivirus\quarantine.vdb
4. %ProgramFiles%\Barracuda Antivirus\mbase.vdb
5. %ProgramFiles%\Barracuda Antivirus\conf.cfg
6. %ProgramFiles%\Barracuda Antivirus\queue.vdb

Registry Details

Barracuda Antivirus may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Barracuda Antivirus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Barracuda Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "ieModule"

Related Posts


Most Viewed