Orbasoft Comment Spam

Comment spam is one of those nuisances that career bloggers see a lot of: at least, we would if we didn’t use filters to control most of it before it gets to us. In general, these either overtly advertize something which has nothing whatsoever to do with the blog topic, or say something that add nothing to the topic but include a link that is selling something or giving away something you really wouldn’t want. Of course, we don’t approve them.

Once or twice recently, I’ve seen comments that not only have nothing to do with the topic, but appear to recommend other security products. We don’t think our employers would be very pleased if we allowed those through, even if they were legitimate. Some are clearly not legitimate, and we’re certainly not going to allow those through either.

Today I saw something a little different: comment spams to 14 of our blogs, all extolling the virtues of an anti-spyware product. The spam appears to come from someone called Christine, though her email address suggests that her name is David Miller. This is irrelevant, of course: it turns out that other bloggers, including some security bloggers, are seeing the same messages but with different ostensible senders such as Cheryl or Beatrice.

It seems to use a variety of boilerplate text, but it always includes a recommendation for a company called Orbasoft, so Jeff and I have been checking it out. The company claims to be a legitimate security company based in Denmark. However, it uses Domains by Proxy so there’s no useful whois information. Certainly this mode of marketing invites deep suspicion, though we can’t say at the moment whether Orbasoft’s antispyware product is legitimate. We can’t even say whether they’re the source of the spam. If you come across the same spam on other sites, though, we suggest that you don’t take anything on trust.

Director of Malware Intelligence

Author David Harley, ESET

  • Jens

    Orbasoft is a real company, situated in Denmark. But they hired an Indian company to spam blogs with comments on their products (“search engine optimization”). The Indian company wrote 300 positive comments – for the price of $900.
    The manager of Orbasoft says: “It sounded smart, but now it seems horrific to me”. Honestly….

    For those who speak Danish, here’s a link to an interview with the manager.


    • http://www.smallblue-greenworld.co.uk David Harley

      Thanks for that. Interesting article (I don’t speak Danish, but I know enough German to get the gist). I may have some further thoughts on this for another blog.

  • Sean

    These people are still not telling the truth. This software has been tested several times in the last few days and has been verified as a Rogue. It is on average detecting around 300 valid registry entries as threats, then telling user they need to purchase the full program to repair these errors.Total scam on top of the deceit already admitted to.
    Do not try this software!

    • http://www.smallblue-greenworld.co.uk David Harley

      Thanks for that information. Are you referring to http://certifiedbug.com/blog/2009/06/14/orbasoftcom-spammer/?

      • http://www.smallblue-greenworld.co.uk David Harley

        Ah. Looking back at the certifiedbug.com link, you’re obviously looking at different sources. I’d be more than a little interested in any links you have to people who’ve actually tried it. I do, of course, intend to try some other approaches to checking…

  • Sean
  • sean
  • http://thepcsecurity.com Silki Garg

    Yes, there are lots of references that it is a rogue applications.
    Colin has a decent first hand experience with it. And he had documented it well on his blog.

    • http://www.smallblue-greenworld.co.uk David Harley

      Thank you (and thank you Sean).

  • Paul

    orbasoft.com is a scam website selling a rogue antispyware! BEWARE!!!!

    • Randy Abrams

      I haven’t tested the product, but they also are not tested or certified by any major and respected organization I am aware of. There appear to be other people who agree with your assessment. That said, I submitted their executable to VirusTotal and none of the scanners detect it as malicious.

Follow us

Copyright © 2016 ESET, All Rights Reserved.