Thursday, March 20, 2008

Cybersquatting Security Vendors for Fraudulent Purposes

Just like the creative typosquatting coming up with domain names spoofing the structure of PayPal and Ebay's web applications I covered in a previous post, this most recent example of cybersquatting is yet another example of how impersonating known and trusted brands can not only damage their reputation if the campaign's not taken care of fast enough, but can also result in actual adware infection. Who's getting targeted in this campaign? PandaSecurity, McAfee, Adobe Acrobat, and several other third party applications. It seems that IBSOFTWARE CYPRUS is keeping the entire domains portfolio undercover for the time being, with a great deal of these domains returning 403 forbidden messages. However, there are several domains that are actually serving the fake E-shops. This minimalistic approach on behalf of the malicious parties may have proved valuable if the domains were hosted on different IPs, however, they're all hosted on a single IP. The type of "pay us and we'll point you to the download location" scheme applied here is a bit moronic, in fact the template nature of the E-shop does not know what healthy competition means as you can see in the screenshot above. Here are the domains themselves :


PandaSecurity -
pandaantivirus2008.com
panda-antivirus-2008.com
pandasecurity2008.com
pandaantivirus-2008.com
panda-anti-virus.com
panda-2008.com
antivirus-panda-suite.com
panda-ib.com
panda-2008.com
panda-anti-virus.com
panda-antivirus-2007.com
panda-antivirus-2008.net
panda-bdl.com
panda-ib.com
panda-suite.com
pandaantivirus-2007.com
pandaantivirus-2008.com
pandaantivirus-ib.com
pandaantivirus2008.com
pandasecurity2008.com
pandashield.com
pandasuite2007.com
panda-bundle.com
pandabundle.com
pandasecuritysoftware.com
pandasecuritysoftware.net

McAfee -
mcafeepack.com
download-mcafee.com
mcafeebundle.com
mcafee-antivirus-2007.com
mcafee-internetsecurity.com
mcafee-suite.com
mcafee-suite2007.com
mcafeeantivirus2007.com
mcafeesuite-2007.com
mcafeesuite2007.com

Adobe Acrobat -
adobeacrobatreader-8.com
adobe-reader-it.com
acrobatdownload-ib.com
adobeacrobatpack.com
acrobat8download.com

Misc Cybersquatted software -
virusscan2007.com
virusscan2k7.com
virusscan2k8.com
virusscanxp.com
xp-secure.com
netdetectiveservices.info
download-ad-aware.com
antispyware-2007.com
antivirus-2007.com
netspyprotector.com
adwarepro.com
antispyware007.com
anti-virus-free.net
antivirus2k7.com
antivirus2k8.com
avastantivirus-pro.com
avg-antivirus-ib.com

What is Interactive Brands Inc?

"Interactive Brands is a privately held corporation formed by a team of experienced professionals who strive to offer the “ultimate” interactive shopping experience to internet users around the world. In partnership with the best software publishers, Interactive Brands develops unique and high value offers for the benefit of all computer users. In the spirit of giving the best shopping experience possible, Interactive Brands offers their clients access to a customer support center available by toll free number, email and live chat that covers any inquiry including: downloading, installing, using and any other questions regarding our products."

Interactive Brands Inc.
PO Box 178, St-Laurent, Quebec
H4L 4V5, Canada
Phone: : +1 (514) 733-2549
Fax: +1 514 733 2533

The billing center is located at panda-ib.com which loads b-softwares.com and bundlesmembersarea.com. 90% of the domains are hosted on a single IP - 63.243.188.82, however, the entire netblock is a scammy system by itself with several hundred more such cybersquatted domains.

Don't be cheap, if you're to buy any kind of software, do so through the official site, and cut the fraudulent intermediaries like the ones in this case. Read more about Interactive Brands at the Ripoff Report : Interactive Brands, Adaware-ib.com Rip-off; Report: Interactive Brands; Report: Interactive Brands. Lavasoft's and Avira's comments on the case as well.