rogue

rogue

Stay away from fake StopBadware site

They say that imitation is the sincerest form of flattery. Consider us flattered, then, that a rogue anti-malware distributor set up shop at stopbadware2008.com. Microsoft should be flattered, too, as the home page is designed to imitate an Internet Explorer malware warning screen:

!http://blogs.stopbadware.org/files/fakestopbadware.jpg!

It should go without saying, but I'll say it anyway, that this site is in no way affiliated with StopBadware.org, and we do not recommend installing their deceptively advertised product.

Thanks to Donna for "her post":http://www.dozleng.com/updates/index.php?showtopic=18799 at Dozleng.com that brought this to our attention.

Rogue Anti-Spyware

Posted on September 28, 2007 - 17:43 by jcallina

So, Grandpa Albert thinks he might have badware on his computer. It’s just not running the way it used to. Everything is slow. He doesn’t see any pop-up ads like last time but these days it feels like he’s always waiting for something to finish processing.

Grandpa Albert is too cheap to hire any “Nerd Herd†techies to come over so he calls his tech savvy niece, Aimee. She suspects that his computer may be part of a bot network. Millions of computers on the internet today are part of bot networks and there’s a high likelihood that Grandpa innocently visited a hacked site which downloaded infected software without his knowledge.

“Darn criminals,†Grandpa mutters on the phone. “No one’s controlling my hard earned CPU cycles without MY consent!â€

Aimee doesn’t have the time to stop by because she’s working on a presentation for the She’s Geeky Un-conference in Mountain View this October. In the meantime, she tells him to try downloading some anti-spyware and she’ll troubleshoot when she can visit later.

Grandpa Albert surfs the net searching for the products Aimee suggested. Seems like there are tons of anti-spyware products out there making lots of promises. He tries typing in ‘spy bot’ into his search engine. Hmmmm. Which one is the right one? Should he download www.Spy-Bot.net, www.SpyWareBot.com, www.SpyBot-SD.net, www.Spybot.com or one of the others?

Grandpa Albert shakes his head. He remembers the scolding Aimee gave him that last time he downloaded a random application from the internet. He didn’t know back then that the screensaver had installed trojans, dialers and all kinds of bad things onto his computer. This time he’d be more careful. Best to stick to the applications Aimee suggested.

He tries typing in ‘ad aware’ into his search engine. Hmmmm. There’s www.AdwareAlert.com and Noadware.net. They both have adware in the title but what about the one from www.LavaSoft.com? They all look good. They all have professional websites. How can he be sure?

Grandpa scratches his head. He types in ‘anti-spyware’ into his search engine and starts surfing around to learn more. He stumbles across Spyware Warrior’s List of Rogue/Suspect Anti-Spyware Products & Web Sites.

Ha! This site says that spy-bot.net is associated with AlertSpy which is on Spyware Warrior’s list as a rogue and suspect application. Spywarebot.com is on the Spyware Warrior list too.

Spyware Warrior says that some of the products listed on this Rogue Anti-Spyware site don’t really provide anti-spyware protection at all and some of them even install spyware/adware themselves!

“Darn criminals,†Grandpa Albert mutters to himself. “These folks are deliberately playing upon name recognition to get their sleazy software installed on my system!â€

Yep.

Fake Tor application delivers badware punch

Posted on September 7, 2007 - 16:54 by egeorge

You may have received an email over the past few days with a message about online privacy - a common subject line being "You are being watched online." The messages urge the reader to download Tor, a distributed anonymity program popular as a tool to circumvent censorship. Unfortunately, the links in these messages don't lead to the actual Tor download, but to a dangerous rogue application and pages that attempt to install badware on the user's machine.

The real Tor website is located at tor.eff.org, and the real Tor software can be downloaded there. Legitimate copies of Tor are verifiable through instructions on the Tor website.

Rogue applications attempting to hijack the popularity of legitimate programs are unfortunately all too common. For example, many rogue applications purport to be anti-spyware tools but are in fact themselves damaging. It's always a good idea to check out the reputation of any software you're considering installing, and to verify that the version you're considering comes from a reputable source. Similarly, be wary when following links in emails from sources you don't know. An unsolicited link could lead to a page hosting drive-by badware downloads.

You can read more about the Tor spoof in BoingBoing and PC World.