September 2008

The Sunbelt Blog reports a new rogue program, eAntivirusPro.

eAntivirusPro is a new clone of Antivirus XP 2008 rogue security product.
AntiMalware 2009 is yet another clone of Antivirus XP 2008 rogue security product.
ekerberos is another rogue security product from Innovagest 2000.

I checked out Innovagest2000.com, don’t try this at home.

On the site they advertise:
alfacleaner.com
anti-virus-pro.com
spydeface.com
system-defender.com

Clicking on the picture for System Defender brought up this warning:

324 threats and viruses found on a clean machine, yeah right…
This is the kind of ’scareware’ Microsoft and Washington State’s AG has filed suit against.
Microsoft and Washington State’s lawsuits reveal ’scareware’ defendants

Explorer asks:

No surprise:

{ 0 comments }

Fright Fight: Washington Attorney General leading battle against scareware with Microsoft
SEATTLE – Attorney General Rob McKenna stood at the frontlines with Microsoft Corp. in the war against spyware in 2006. Now armed with tougher legislation, the state’s top law enforcement officer, with the world’s largest software company, is charging forward with new lawsuits targeting scareware purveyors.

“The Attorney General’s Office along with Microsoft has yanked the fear factor dial out of the hands of businesses that use scareware as a marketing tool and have spun it toward them,” McKenna said.

“We won’t tolerate the use of alarmist warnings or deceptive ‘free scans’ to trick consumers into buying software to fix a problem that doesn’t even exist,” McKenna continued. “We’ve repeatedly proven that Internet companies that prey on consumers’ anxieties are within our reach.”

The Attorney General’s Office along with Microsoft announced the filing of new cases under Washington’s recently improved Computer Spyware Act during a joint press conference today in Seattle.

“Microsoft is honored to assist Washington Attorney General McKenna in helping to protect consumers from online threats,” said Richard Boscovich, Senior Attorney for Microsoft’s Internet Safety Enforcement Team. “Cybercrime continues to evolve, but with public/private collaboration such as this, we can work to champion tougher laws, greater public awareness and, ultimately, stronger protections for online consumers.”

In 2005, Washington became one of the first states to adopt a law explicitly prohibiting spyware activities and imposing serious penalties on violators. The statute doesn’t stop at outlawing programs that collect personal information, but uses a broader definition of “spyware” and punishes those who mislead users into believing software is necessary for security. The law was updated last session to create additional liability for third-parties that permit the transmission of spyware and to address new types of deceptive behaviors, such as misrepresenting the need for computer repairs.

As of today, the Attorney General’s Office has filed seven suits under the statute.

The Attorney General’s Office filed its latest case today in King County Superior Court against the marketers of a program called Registry Cleaner XP. The civil suit brings five causes of action against James Reed McCreary IV, of The Woodlands, Texas, and two businesses: Branch Software, of The Woodlands, Texas, doing business as Registry Cleaner XP, and Alpha Red, Inc., of Houston, Texas. McCreary is the sole director of Branch Software and CEO of Alpha Red.

McKenna said Microsoft referred the case to the Attorney General’s Consumer Protection High-Tech Unit and has been helpful in assisting the office with enforcement issues.

According to the state’s complaint, the defendants sent incessant pop-ups resembling system warnings to consumers’ personal computers. The messages read “CRITICAL ERROR MESSAGE! – REGISTRY DAMAGED AND CORRUPTED,” and instructed users to visit a Web site to download Registry Cleaner XP.

Computers capable of receiving Windows Messenger Service pop-ups, also known as Net Send messages, were vulnerable to the attacks. Windows Messenger Service, not to be confused with the instant-messaging program Windows Live Messenger, is primarily designed for use on a network and allows administrators to send notices to users.

“Consumers who visited the Web site were offered a free scan to check their computer – but the program found ‘critical’ errors every time,” said Senior Counsel Paula Selis, who leads the Attorney General’s Consumer Protection High-Tech Unit. “Users were then told to pay $39.95 to repair these dubious problems.”

The filings today bring the number of civil spyware actions brought by Microsoft since the Computer Spyware Act was first enacted in 2005 to 17. In 2006, Microsoft and the Attorney General each brought lawsuits against the same group of defendants under the Washington Computer Spyware Act, obtaining permanent injunctions and settlements. Additionally, Microsoft has routinely worked with the FTC and other state and federal law enforcement agencies in the battle against spyware.

Spyware has arguably become the biggest online threat to consumers and businesses since the advent of the Internet. Microsoft has said that 50 percent of its customer-support calls related to computer crashes can be blamed on spyware.

Complaint

Registry Cleaner XP demo

- 30 –

Media Contacts:
Janelle Guthrie, APR, Communications Director, Office of the Attorney General, 360-586-0725 or janelleg@atg.wa.gov
Dan Sytman, Media Relations, Office of the Attorney General, 360-586-7842 or dans@atg.wa.gov

Editor’s Note: The Attorney General’s Office has also brought enforcement actions against companies that market products named Registry Cleaner, Registry Cleaner Pro, Registry Cleaner 32 and related names. Those cases are unrelated and involve different defendants.

Press release

Update
Microsoft also filed five “John Does” lawsuits. Nameless defendents until discovery reveals the identities of the individuals responsible for marketing the scareware, aka ‘rogues’.
The actual products are well known in the security community and forums that help victims of malware infections.

Antivirus 2009
Malwarecore
WinDefender
WinSpywareProtect
XPDefender

The lawsuits were filed under Washington’s Computer Spyware Act.
Microsoft also amended two complaints filed earlier to unmask those running SMP Soft LLC, a Delaware corporation that markets a scareware product called Scan & Repair Utilities.

A few names should ring a bell.

Antivirus 2009
This site is currently under construction!
ICANN Registrar: 1 & 1 INTERNET AG
registrant-firstname: Oneandone
registrant-lastname: Private Registration

Malwarecore
ICANN Registrar: ESTDOMAINS, INC.
Registration Service Provided By: ESTDOMAINS INC
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

XPDefender
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By: VIVIDS MEDIA GMBH
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

WinDefender
ICANN Registrar: TUCOWS INC.
Registrant: Whois Anonymizer

WinSpywareProtect
ICANN Registrar: GODADDY.COM, INC.
Registrant: Domains by Proxy, Inc.

XPDefender
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By: VIVIDS MEDIA GMBH
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

{ 0 comments }

Fast on the heels of the 3.0.2 release, Mozilla has updated Firefox to version 3.0.3.

Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bug 454708)

Download
Release notes

{ 0 comments }

September 29, 2008, Washington state’s Attorney General and lawyers from Microsoft’s Internet Safety Enforcement team will announce several lawsuits against aggressive marketeers of scareware who are being charged under Washington’s Computer Spyware Act.

Microsoft and Washington’s AG have worked together before, jointly suing ‘Secure Computer’ for using fake error messages to scare users into buying its Spyware Cleaner software.

Certifiedbug April 20, 2006. Oregon Man Fined $84K for promoting bogus anti-spyware program

{ 0 comments }

Galexia Pty Ltd.

The basic premise of privacy trustmarks is that end users are supposed to have confidence in web sites displaying the trustmark seal, as it presumably indicates that the site adheres to good privacy standards.[2] In practice, although trustmark seals all appear similar, the level of privacy protection varies a great deal. Some seals are backed by detailed standards and independent audits. Other seals are provided with no requirements or checks (other than payment). Some seals include a free dispute resolution service for complaints, other seals have no complaints mechanism or charge consumers for lodging complaints.

It’s a long interesting article, the author’s conclusion is on page 12 here.

Trustmark Schemes Struggle to Protect Privacy (2008)

Source: Sunbelt Blog

{ 0 comments }

Backbone provider Global Crossing, which previously “de-peered” from Atrivo/Intercage, More on Atrivo-Intercage-Estdomains, has negated the decision by transit provider UnitedLayer to give Intercage upstream service.

“It has come to our attention that United Layer is now routing traffic for Intercage (AS 27595) over the Global Crossing network,” Andrew Ramsey, Global Crossing’s manager of information security operations, wrote in an email sent to UniterLayer on Wednesday morning. “Intercage was removed from our network for violating our acceptable use policy, and is not welcome to return under any circumstance.”

The Register: Net pariah Intercage back among the dead

Edit:
Robert McMillan, IDG News Service.

After being notified of more problems on the network this week, UnitedLayer pulled the plug on Intercage late Thursday afternoon, said UnitedLayer Chief Operating Officer Richard Donaldson. “We decided that, given the stuff that was going on and with a couple of infractions that we were made aware of, that they needed to purge themselves of any [malicious] stuff that remained,” he said.

Notorious ISP Intercage goes dark again

Hat Tip to Sandi at Spyware Sucks: Atrivo/Intercage have been knocked offline again?

The Report for AS27595 remains as it was before UnitedLayer became Intercage’s provider.
Certifiedbug; September 22, 2008. Atrivo-Intercage offline

{ 0 comments }

Arts+Labs is a collaboration between creators and innovators who regard the Internet as a vibrant town center where all consumers can safely choose from a vast array of digital products, entertainment and services. Because quality content drives the Internet, Arts+Labs and its founding members: AT&T, Viacom, NBC Universal, Cisco, Microsoft and the Songwriters Guild of America, also aims to ensure that artists, creators and innovators can safely share their works through new online distribution channels with confidence that their right to earn fair compensation for their creativity is respected.

http://blog.artsandlabs.com/2008/09/announcing-artslabs.html

“We certainly do not condone online theft of copyrighted materials. At the same time, we similarly do not favor the unwarranted intrusion into the Internet that this group promises for the future.”

http://www.publicknowledge.org/node/1760

{ 0 comments }

David Letterman Reacts to John McCain Suspending Campaign

{ 0 comments }

Robert Half Technology, a California-based staffing company that provides information technology professionals, asked 1,400 CIOs nationwide for the most unusual queries their help desks/technical support team had received.

Their responses included:

* “Why isn’t my wireless mouse connected to the computer?”
* “My laptop was run over by a truck. What should I do?”
* “Can you rearrange the keyboard alphabetically?”
* “How do I read my e-mail?”
* “My computer is telling me to press any key to continue. Where is the ‘any’ key?”
* “Can you reset the Internet for me?”
* “There are animal crackers in my CD-ROM drive.”
* “Can you build me a robot?”

Some end users called to report problems with mice — not the electronic kind — and other pests. To wit:

* “Can you get the mice out of the ceiling?”
* “A server went down, and I found a lizard had crawled into it and died.”
* “A skunk ate my cable.”

Other requests signal more trouble than just a technical glitch. Here are some examples:

* “How can I block e-mail from my manager?”
* “Can I open the bank safe using my computer?”
* “Can you install cable TV on my PC?”
* “Can you order joysticks so that we can play video games?”
* “I’d like to stop receiving e-mail on Fridays.”

Help desk professionals are known for lending a hand, but these end users took the concept too far:

* “Can you come and install my car stereo?”
* “Where can I locate dry ice?”
* “I’d like wireless computer access in my motor home.”
* “Can you fix my typewriter?”
* “How long does it take to bake a potato in a microwave?”
* “My daughter is locked in the bathroom, can you pick the lock?”
* “Can you tell me the weather forecast for next year?”
* “The elevator is broken.”
* “How do I wire a robotic turkey?”
* “Where can I get software to track UFOs?”
* “Can you repair my motorbike?”

Katherine Spencer Lee, the executive director of Robert Half Technology, said in the Press Release,
“These unusual requests highlight the need for technical support personnel to also demonstrate patience, empathy and a sense of humor,”

Be honest now, how many of you think that slot that pops out of the computer, (otherwise known as a CD Drive), is a nice convenience to hold your coffee cup.

{ 0 comments }