Sign up to our newsletter
[Updated after further investigation.]
For the past few days, I’ve been seeing spam to one of my accounts offering me various bits of software. Nothing unusual about that, of course, but this one was better constructed than usual, and consistent, and I made a mental note to look more closely when I’m a little less busy. Over Easter, perhaps. :-/
Today’s really caught my eye, though: it was linking to a product called Antivirus 2009. Now there’s a familiar name… Sure enough, the link redirects to what looks like a classic fake anti-malware site. Quite carefully done, too.
There’s a page that explains why the product is better than AVG. (Sorry, Larry B., it’s their claim, not mine!) If you try to download it, it asks you to fill in a form with your name and email address. Then it asks you for credit card details, and as my alter ego on this occasion doesn’t have a credit card, I didn’t go any further. That’s a monthly bill I don’t want to explain to Accounting.
There are a couple of interesting features to this though.
As I mentioned earlier, I turned this over to people better-resourced for investigations like this. No, I don’t mean the BBC…
The responses I’ve had back and some further probing on my ownsuggest a group simply trying to make money by selling free software, or access to software that may or not be free. In other words, the scam is the credit card form, rather than an organized attempt to seed malware. Further investigation has turned up links to pages that spoof real antispyware vendors. I guess if you’re happy to make money by pretending to provide software, including security software, you’re not going to be concerned about whether it’s real or fake software you’re spoofing.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET