BitDefender update servers were infected with Ramnit-AR?

jigawatts
jigawatts
edited September 2017 in Bitdefender antivirus free edition


I had BitDefender running in a VM, and, twice, my host AV (Avast) detected a connection infected with Ramnit-AR to the following files (see here for Avast log report):


  1. http://upgr-avfree-2017-p.2d8cd.cdn.bitdefender.net/v1/patches/B/4/5/F/b2271a5e70a2002164f7999d8255932a-b45fb9cc89f27b7aa7461eafe3b43fb7-cevakrnl.rv1.gzip

  2. http://upgr-avfree-2017-p.2d8cd.cdn.bitdefender.net/v1/patches/4/7/4/C/583a944efec5399b30dd74889c106cd9-474c39bb47501b78d22d068ea36cb39d-cevakrnl.rv1.gzip


The URLs themselves appear clean on VirusTotal (1, 2), but if you click on the link to follow "Downloaded File" atop VirusTotal, you'll see both files are infected (1, 2).  Further, if you follow the "Host" link atop VirusTotal in the aforementioned scanned-URL links, you'll see that there are other similar gzip files in the same domain/directory that DID return positive scan results for Ramnit-AR (scroll down to Downloaded Files).


Naturally, I'm very concerned that my host machine might be infected, but on the surface, it looks like it was BitDefender's server that was infected, and my machine blocked a connection to that server. 


Can anyone corroborate or confirm this?

Comments

This discussion has been closed.

All Time Leaders

Categories

Defenders of the month - Feb