John Doe is a Criminal Mastermind

Newsfeed

Nachrichtenbote
WinDefender 2008 was the subject of yesterday's post. It's a rogue security application, and part of an ever increasing consumer scam.

A search for "Really Legal Stuff" ties WinDefender 2008 to Antivirus XP 2008, another persistent and very nasty rogue.

Rogue_WinDefender2008_AntivirusXP_454x312.png


Here's another *really* related rogue, Spyware Guard 2008.

Rogue_SpywareGuard2008_RLS_500x345.png


Spyware Guard 2008's legal page makes references to Pandora Software.

Other websites that refer to Pandora Software claim it to be located in Dortmund, Germany with a support contact of Oleg Dvorezky. Right… sure.

Whois records list the registrant of Pandora as Trans Eurogroup S A with a physical address of Victoria, SC. Where the heck is SC? It's the Republic of Seychelles, an archipelago nation that's located in the Indian Ocean.

On sites that refer to Pandora Software, you'll also find many cross-references to Innovagest2000.

The Innovagest2000.com website lists their contact address as Madrid, Spain. They claim to provide "simply the best entertainment online". And just what kind of entertainment do they provide?

Entertainment such as SystemDefender, yet another rogue. More scareware.

Rogue_SystemDefenderScan_544x408.gif


Oh no, 324 threats! Is the animation is supposed to be fun… ?

It isn't that much fun if you click on the Free Scan Now button. Do that and you'll get a file that we detect as Trojan-Downloader.Win32.Adload.ma.

Rogue_SystemDefender_TrojanDownloaderWin32AdloadMA.png


Trojan-downloaders are kind of a killjoy when it comes to entertainment.

SysCleaner's website is also one of Innovagest2000's efforts from the looks of it.

Rogue_SysCleanerScan_544x408.gif


Huh. SysCleaner also detects 324 things to fix, just like SystemDefender does. Guess that's part of the entertainment.

Using a selection of text from SysCleaner's privacy policy page, we located another batch of rogues.

AntiMalware 2009

Rogue_AntiMalware2009_360x240.png


Total Eliminator

Rogue_TotalEliminator_PP_400x280.png


eKerberos

Rogue_eKerberos_400x360.png


FileShredder 2008

Rogue_FileShredder2008_400x275.png


Andromeda AntiVirus

Rogue_AndromedaAntiVirus_485x175.png


Real Antivirus

Rogue_RealAntivirus_500x300.png


PC Antispy

Rogue_PCAntispy_499x320.png


Another selection of text from these sites yields many search results that are definitely not safe for work, i.e. pornography. Really obscene stuff. Morally upright citizens of the world, these guys — not.

The company that provides this so called entertainment is urbangestdesarrollos.com. The Urbangestdesarrollos site, which also claims a contact address of Madrid, Spain, is a carbon copy of Innovagest2000. Both Urban and Innova state that credit card statements may show New Concept Business SL.

New Concept Business S.L. claims to be from Barcelona, Spain. Hmm, Spain again.

Whois records list the location as Barcelona but the contact person is located in Amsterdam, ES and has a phone number starting with
+1.800.

ES as in Spain? Amsterdam, Spain? With a US toll-free phone number? Right, that's probably accurate, you think?

These creeps are really anonymous.

Which brings us to this bit of news: Microsoft and Washington state are suing scareware purveyors.

And just who is the target of their lawsuit? Texas-based Branch Software and its owner James Reed McCreary. RegistryCleanerXP is the name of his scareware application. The Whois information for registrycleanerxp.com, which is still online by the way, actually seems to have legitimate contact details.

Why isn't McCreary more anonymous? It's probably because he isn't the worst of the scareware that's out there. Yeah, he's guilty of deceptive and misleading advertising, and we're happy to see something being attempted, but there's lots worse out there.

The lawsuit against McCreary could very likely devolve into a First Amendment speech case attempting to define deceptive practices, and then eventually he'll walk. Just like spam king Jeremy Jaynes, who had his spam conviction overturned a few weeks ago. Jaynes was incredibly guilty, and yet the Virginia law just wasn't good enough. Too broad.

We can always hope that Washington has better laws, and a judge that understands the all the technical details, but we aren't holding our breath while waiting for the results.

What about the worst of the purveyors?

The guys pushing stuff such as "Antivirus 2009, Malwarecore, WinDefender, WinSpywareProtect and XPDefender"?

Brian Kreb's has the key details, as he very often does, in this Security Fix post.

In a separate action, Microsoft filed five "John Doe" lawsuits to learn the identities of individuals responsible for marketing other scareware products.

Oh, John Doe lawsuits. That will take care of the problem, no? Once we learn the identities of the individuals, we'll just have to track them down in Dortmund/Madrid/Barcelona/Victoria/Amsterdam in Germany/Spain/Seychelles… and that's just the supposed locations for the John Does involved with the WinDefender chain of apps.

The Antivirus 2009 gang… is located in an entirely different set of European countries.

We applaud the effort, but we think it's going to take more than the Attorney General of Washington to fix this problem. The Internet has no borders. Perhaps the effort would be better spent to create an international agency with the enforcement power to shut down rogue sites, many of which are hosted in the US?

Here's some final screenshots for you. Do see the tiny little red asterisk above the "y" in the word "Utility"?

Rogue_WinDefender2008_OnlineScanningUtility_730x320.png


That's a disclaimer.

Rogue_WinDefender2008_Disclaimer_535x20.png


Is the text to small to read?

It says Typical system scan that shows how the real WinDefender product will be scanning your computer. Advertising purposes only.

John Doe truly has no shame. On 01/10/08 At 06:54 PM



Weiterlesen...
 
Zurück
Oben