Monday, April 14, 2008

Localized Fake Security Software

Would you believe that in times when top tier antivirus vendors are feeling the heat from the malware authors' DoS attacks on their honeyfarms, and literally cannot keep up with their releases, someone out there is using an antivirus scanner that doesn't really exist? It's one thing to promote fake security software in a one-to-many communication channel by using a single language in a combination with cybersquatted domains, and entirely another to do the same in different languages. Localization for anything malicious is already taking place, as originally anticipated as an emerging trend back in 2006. The following currently active fake security software scams are promoted in Dutch, French, German, Italian, and you don't get to download them until you hand out your credit card details, and once you do so, you'll end up in the same situation just like many other people did in the past. Some sample fake brands :

SpyGuardPro; PCSecureSystem; AntiWorm2008; WinSecureAv; MenaceRescue; PCVirusless; LifeLongPC; NoChanceForVirus; MenaceMonitor; TrojansFilter; TrojansFilter; LongLifePC; KnowHowProtection; BestsellerAntivirus; PCVirusSweeper; AVSystemCare; AVSecurityPlus; AVSecurityPlus; PCAssertor; PoseidonAntivirus; TrustedAntivirus; PCBoosterPro; DefensiveSystem; GoldenAntiSpy; AntiSpywareSuite; AntiMalwareShield; AntivirusPCSuite; AntivirusForAll; TrustedProtection; NoWayVirus; AntiSpywareConductor; AntiSpywareMaster; TurnkeyAntiVirus; YourSystemGuard;

Portfolio one :

alfaantivirus.com
antivirusalmassimo.com
farrevirus.com
fomputervagt.com
figitalerschutz.com
flmejorcuidado.com
ferramentantivirus.com
filterprogram.com
filtredevirus.com
geeninfectie.com
harddrivefilter.com
keineinfektionen.com
longueviepc.com
maseg.net
nonstopantivirus.com
pcantivirenloesung.com
pcsystemschutz.com
plutoantivirus.com
psbeveiligingssysteem.com
riendevirus.com
securepcguard.com
sekyuritikojo.com
sistemadedefensa.com
sumejorantivirus.com
totaltrygghet.com
viruscontrolleuer.com
viruswacht.com
votremeilleurantivirus.com
zeusantivirus.com

Portfolio two :

advancedcleaner.com
alltiettantivirus.com
antispionage.com
antispionagepro.com
antispypremium.com
antispywarecontrol.com
antispywaresuite.com
antiver2008.com
antivirusaskeladd.com
antivirusfiable.com
antivirusforall.com
antivirusforalla.com
antivirusfueralle.com
antivirusgenial.com
antivirusmagique.com
antivirusordi.com
antivirusparatodos.com
antiviruspcpakke.com
antiviruspcsuite.com
antiviruspertutti.com
antivirusscherm.com
antiworm2008.com
antiwurm2008.com
archivoprotector.com
avsystemcare.com
avsystemshield.com
barrevirus.com
bastioneantivirus.com
bestsellerantivirus.com
bortmedvirus.com
cerovirus.com
debellaworm2008.com
defensaantimalware.com
defensaantivirus.com
drivedefender.com
exterminadordevirus.com
fiksdinpc.com
mijnantivirus.com
mobileantiviruspro.com
norwayvirus.com
nowayvirus.com
pcantivirenloesung.com
plutoantivirus.com
viruscontrolleuer.com
zebraantivirus.com
zeusantivirus.com

Portfolio three :

pcsecuresystem.com
antiworm2008.com
winsecureav.com
menacerescue.com
pcvirusless.com
lifelongpc.com
nochanceforvirus.com
menacemonitor.com
trojansfilter.com
longlifepc.com
knowhowprotection.com
bestsellerantivirus.com
pcvirussweeper.com
antiespiadorado.com
avsecurityplus.com
apolloantivirus.com
pcassertor.com
menacesecure.com
poseidonantivirus.com
trustedantivirus.net
pcboosterpro.com
defensivesystem.com
goldenantispy.com
avsystemcare.com
trustedantivirus.com
antimalwareshield.com
avsystemcare.com
antiviruspcsuite.com
antivirusforall.com
trustedprotection.com
nowayvirus.com
pcantiviruspro.com
antispywareconductor.com
antispywaremaster.com
turnkeyantivirus.com
yoursystemguard.com

Just like a previous proactive incident response where I pointed out that these fake security applications are starting to appear as the final output in malicious campaigns injected
at high profile sites, ensuring that your customers or infrastructure cannot connect to these, will render current and upcoming massive IFRAME injected or embedded attacks pointless at least from the perspective of serving the rogue software.