Just like the creative typosquatting coming up with domain names spoofing the structure of PayPal and Ebay's web applications I covered in a previous post, this most recent example of cybersquatting is yet another example of how impersonating known and trusted brands can not only damage their reputation if the campaign's not taken care of fast enough, but can also result in actual adware infection. Who's getting targeted in this campaign? PandaSecurity, McAfee, Adobe Acrobat, and several other third party applications. It seems that IBSOFTWARE CYPRUS is keeping the entire domains portfolio undercover for the time being, with a great deal of these domains returning 403 forbidden messages. However, there are several domains that are actually serving the fake E-shops. This minimalistic approach on behalf of the malicious parties may have proved valuable if the domains were hosted on different IPs, however, they're all hosted on a single IP. The type of "pay us and we'll point you to the download location" scheme applied here is a bit moronic, in fact the template nature of the E-shop does not know what healthy competition means as you can see in the screenshot above. Here are the domains themselves :
Adobe Acrobat -
Misc Cybersquatted software -
What is Interactive Brands Inc?
"Interactive Brands is a privately held corporation formed by a team of experienced professionals who strive to offer the “ultimate” interactive shopping experience to internet users around the world. In partnership with the best software publishers, Interactive Brands develops unique and high value offers for the benefit of all computer users. In the spirit of giving the best shopping experience possible, Interactive Brands offers their clients access to a customer support center available by toll free number, email and live chat that covers any inquiry including: downloading, installing, using and any other questions regarding our products."
Interactive Brands Inc.
The billing center is located at panda-ib.com which loads b-softwares.com and bundlesmembersarea.com. 90% of the domains are hosted on a single IP - 188.8.131.52, however, the entire netblock is a scammy system by itself with several hundred more such cybersquatted domains.
Don't be cheap, if you're to buy any kind of software, do so through the official site, and cut the fraudulent intermediaries like the ones in this case. Read more about Interactive Brands at the Ripoff Report : Interactive Brands, Adaware-ib.com Rip-off; Report: Interactive Brands; Report: Interactive Brands. Lavasoft's and Avira's comments on the case as well.