by certifiedbug on October 23, 2008
in Rogue
Noted by users, ‘official-download.net’ appears to be selling a product that is presented in such a way as to mislead a person searching for the download page for a well known antispyware program.
Domain Tools.
Related Sites: 2008-official.net
Website title: Earth 2009 Secrets
That’s how the banner appeared yesterday, today it looked like this.
At the bottom of the page in pale grey,
This website has no affiliation whatsoever with the owner of this software program, and provides ONLY a link to the software program. If you are a member and need support please contact us and not the software owner. This Software may be obtained freely New computer users should find our services valuable, and a time saver. If you are an advanced computer user, you probably don’t need our services.
The download button took me to secure.signupsecurity.com and the following steps requiring one fill out an email address, contact information, 1,2 or 3 year membership options and features.
No thanks…
Persistant aren’t they… 
http://www.mywot.com/en/scorecard/official-download.net
The real thing: Spybot-S&D©® http://www.spybot.info/
by certifiedbug on October 23, 2008
in Rogue
Victims report a rogue named ‘Spybot 2009′ received in the form of email spam posing as an application upgrade. The scam is playing off the trademark name of the well known antispyware program, Spybot-S&D.
Be warned you may also see websites offering the fake, rogue program Spybot 2009.
Screenshots of the rogue at a blog containing malicious code on Google’s blogspot.com, which is yet a separate matter to be addressed. Just going to the site will infect your computer.
http://www.avira.com/en/threats/section/fulldetails/id_vir/3684/html_infected.webpage.gen.html
Don’t fall for the rogue scam, Spybot - Search & Destroy©® is free for personal use and you can download the program at the official site here: http://www.spybot.info/
The current version of Spybot - Search & Destroy©® is at v 1.6.
by certifiedbug on October 10, 2008
in Rogue
Stay away from these.
206.161.120.20 Xp-antispyware2009. com
206.161.120.21 Xp-antispyware-2009. com
ICANN Registrar: ONLINENIC, INC.
206.161.120.22 Xpantispyware-2009. com
206.161.120.23 Xpas2009. com
ICANN Registrar: REGTIME LTD.
206.161.120.24 Xp-as-2009. com
ICANN Registrar: BIZCN.COM, INC.
XpAntispyware2009 was one of the domains suspended by DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM.
http://whois.domaintools.com/xpantispyware2009.com
Certifiedbug, September 14, 2008:
Directi continues to suspend malware sites
by certifiedbug on October 3, 2008
in Rogue
Trend Micro, October 2, 2008. Rogue AV Tactics Continue to Threaten
October has just begun and Trend Micro threat researchers keep seeing more and more — slightly different, but yet increasingly more annoying — variations to the set of rogue AV infection signals we have been documenting on this blog.
Fake BSOD (actually a screensaver) now sports a specific mention of the problem — an unregistered version of a certain AV product.
Now even the fake reboot screen (also a screensaver) has text
The bogus reboot screen poses as Microsoft’s Security Center and recommends you activate your anti virus protection software, (which happens to be AntiVirus 2009).
Certifiedbug, September 29, 2008.
Microsoft and Washington State’s lawsuits reveal ’scareware’ defendants
Microsoft also filed five “John Does” lawsuits. Nameless defendents until discovery reveals the identities of the individuals responsible for marketing the scareware, aka ‘rogues’.
The actual products are well known in the security community and forums that help victims of malware infections.
Antivirus 2009
Microsoft® Malware Protection Center, October 2, 2008.
Rogue Antivirus - A Closer Look at Win32/Antivirusxp
Subratam Biswas and Scott Wu.
Fake security applications have always been good at confusing end-users. Win32/Antivirusxp is no difference in that aspect, and with names such as Antivirus2008, XPAntivirus, Windows Antivirus, Antivirus 2008 XP, confusion is hard to avoid.
by certifiedbug on September 30, 2008
in Rogue
The Sunbelt Blog reports a new rogue program, eAntivirusPro.
eAntivirusPro is a new clone of Antivirus XP 2008 rogue security product.
AntiMalware 2009 is yet another clone of Antivirus XP 2008 rogue security product.
ekerberos is another rogue security product from Innovagest 2000.
I checked out Innovagest2000.com, don’t try this at home.
On the site they advertise:
alfacleaner.com
anti-virus-pro.com
spydeface.com
system-defender.com
Clicking on the picture for System Defender brought up this warning:
324 threats and viruses found on a clean machine, yeah right…
This is the kind of ’scareware’ Microsoft and Washington State’s AG has filed suit against.
Microsoft and Washington State’s lawsuits reveal ’scareware’ defendants
Explorer asks:
No surprise:
by certifiedbug on September 10, 2008
in Rogue
There are a lot of rogue (fake) security programs afflicting the Internet.
When a rogue is new often the first victims are few, (that will change swiftly enough), and security companies look for samples so they can add the rogue to their software’s detections.
Often at this early stage one will see places touting a program to remove the new rogue, even as the infecter domain is still revving up. Sometimes warez sites, well you shouldn’t be going there anyway. 
by certifiedbug on September 6, 2008
in Rogue
Another rogue spreading fast. If your computer has been infected please seek assistance with removal at one of the security forums, short list in right side column.
Domains on the same IP.
1. Antispyware2008b.com
2. Antivir–2008.com
3. Antivirus2008proxp.com
4. Directnameservice2008.com
5. Mediatubeforme1.com
6. Onsafepro2008.com
7. Smart-antivirus-2009-buy.com
8. Smart-antivirus-2009.com
9. Smart-antivirus-2009buy.com
10. Smart-antivirus2009-buy.com
11. Smart-antivirus2009.com
12. Smart-antivirus2009buy.com
13. Smartantivirus-2009-buy.com
14. Smartantivirus-2009.com
15. Smartantivirus-2009buy.com
16. Smartantivirus2009-buy.com
17. Smartantivirus2009.com
18. Smartantivirus2009buy.com
19. Traff-drive.com
20. Viruswebprotect2008.com
SmartAntivirus2009
Registration Service Provided By: ESTDOMAINS INC
Domain Name: SMARTANTIVIRUS2009.COM
Dates: Created 22-aug-2008 Updated 29-aug-2008 Expires 22-aug-2009
Certifiedbug:
Spamhaus Report, Cybercrime’s U.S. Hosts
Edit
Harry Waldon has a nice article Malware Close Encounters - Close Pop-ups using Task Manager to safely exit which could help users to exit a pop-up install before too much damage is inflicted.
by certifiedbug on September 5, 2008
in Rogue
I was taking a look at nine4teen.com with Fiddler running.
Brief lowdown of the trail:
nine4teen.com
Host: ferlin.ifrance.com
Host: js-perso.ifrance.com
Host: web.ifrance.com
Host: ad.ieurop.net
Host: sfttraff.com
Edit:
Domain Name: SFTTRAFF.COM
Registrar: ESTDOMAINS, INC.
Dates: Created 01-sep-2008 Updated 01-sep-2008 Expires 01-sep-2009
srv1.e-statistic.com
www.Nineteen.com
Host: c39.statcounter.com
Host: scanner.msscanneronline.com
Then BAM…
Sandi blogged about her frustration with ifrance.com July 03, 2008.
Alert: recurring malvertizements at ifrance.com (and isuisse.com)
Do you ever get the feeling that people are not listening?
Yep, I do.
by certifiedbug on August 19, 2008
in Rogue
by certifiedbug on June 11, 2008
in Rogue
The latest rogue installed through the Zlob Trojan.
How to remove AntiSpyCheck
If you have an infected computer and would feel more comfortable being assisted by a trained malware remover helper, please start a topic at one of the forums. Short but trusted list in the right hand column.
Certifiedbug: Fake Security Programs
