Tuesday, July 07, 2009

Legitimate Software Typosquatted in SMS Micro-Payment Scam

Operating since 2008, the fraudulent tactics applied by Soletto Group, S.A also known as Netlink Network Corp, greatly remind of those applied by Interactive Brands also known as IBSOFTWARE CYPRUS; IB Softwares and most recently Euclid Networks Ltd -- you have to appreciate the irony here since they too multitask on multiple fronts through their official phone number since 2007 -- in particular their massive typosquatted domain farms where they'd would change and repeatedly charge without permission once someone falls victim into the fraudulent practice.

What Soletto Group, S.A or Netlink Network Corp (phone (0) 2071939823) does differently is the use of micro sms payment scam having operated the SMS numbers 78881 and 81039 in the past in order to offer a download service for legitimate software in the following way:

"WARNING: ACCESS TO THE PREMIUM SERVICE SHALL REQUIRE SENDING ONE SMS PER DOWNLOAD, AND YOU WILL RECEIVE TWO SMS. THE PRICE OF EACH SMS IS THREE POUNDS EACH. TOTAL COST OF SERVICE SIX POUNDS."

Who's typosquatted anyway? Pretty much each and every popular piece of software there is. From Kaspersky, NOD32, Malware Bytes, Avira, AVAST, BitDefender, to Firefox, BitTorrent, Microsoft Office, Winzip, Winrar, and Internet Explorer - for starters.

Here's a complete list of their domains farm, with hosting services courtesy of Rapidswitch Ltd:

nod32soft .info
malware-bytes .info
www-avasthome .com
www.www-avasthome .com
kaspersky-full .info
www-kaspersky .info
malware-bytes .info
www.avira-antivir .info
bitdefender-plus .info
office2007-full .info
sopcast-full .info
lphant-plus .info


adobeacrobat-plus .info
bitcomet-plus .info
bitdefender-plus .info
bittorrent-plus .info
elisoft-plus .info
mediaplayer-plus .info
messenger-msn-9 .com
messenger-msn-9 .info
messenger-msn-9 .org
messenger-msn .org
messenger-plus .net
moviemaker-plus .info
msn-messenger-9 .com
msn-messenger-9 .info
msn-messenger-9 .net
msn-messenger-9 .org
openoffice-plus .info
photoscape-plus .info
sopcast-plus .info
utorrent-plus .info
3gpconverter-plus .info
3gpconvertersoft .info
ares-2008 .org
ares-2009 .com


ares-2009 .net
ares-net .org
avira-net .info
bitcomet-plus .info
bitorrent .cc
bittorrent-net .info
bittorrent-plus .info
direct-x .cc
divx-player-plus .info
e-mule .nu
elisoft-plus .info
emule-2008 .net
emule-proyect .info
emulenet .net
iexplorer-full .info
iphonefull .com
javaruntime .net
lyrics2 .me
malware-bytes .info
mediaplayer-full .info
mediaplayer-plus .info
mesengerplus .org
messenger-9 .net
messenger-plus .net
messenger-soft .info


moviemaker-plus .info
msn-messenger-9 .net
msn-messenger-9 .org
nero-2008 .com
nerohome .net
nod-32 .net
nod32-net .info
office2007-ful l.info
openoffice-plus .info
photoscape-plus .info
photoscapesoft .info
pspvideo9 .info
sorpresor .com
spybotsearch-full .info
utorrent-net .info
virtualdj-soft .info
vlc-full .info
vvinrar .com


vvinrar .info
winamp-2009 .net
winamp .ws
windows-movie-maker .info
winrar-2008 .com
wiinzip .info
cdburnerxpsoft .info
www-emule .us
ultradefrag .us
bearflix .us
guitar-pro .us
messenger-2009 .us
emule-telecharger .us
aresnet .us
emulenet .us
emulepro .us
nerohome .us
vvinrar .us
aresfull .us
avastt .us
biaze .us
e-bitdefender .us


e-bitorrent .us
e-mule .us
flrefox .us
messengerhome .us
utorent .us
utorren .us
winzipp .us
cccpcodecs .org
ares-2008 .org
pdf-creator .org
limevvire .org
mesengerplus .org
w-ares .org
w-emule .org
www-3gpconverter .org
www-advanced .org
www-emule .org
www-messenger .org
www-realplayer .org
www-windowsmediaplayer .org
ares-3 .org
ares-net .org
chroome .org
emule-pro .org
messenger-msn-9 .org


A similar fraudulent Google AdWords scheme was exposed and taken care of in January. The fraudster back then was using a legitimate third-party revenue sharing toolbar installation program which was bundled within the legitimate software. In Soletto Group, S.A's case they aim to cut any intermediaries on their way to generate profit.

Rapidswitch Ltd has been informed of Soletto Group, S.A's brandjacking activities.

This post has been reproduced from Dancho Danchev's blog.