Many thanks to Jens in Denmark, who commented on my previous blog about Orbasoft comment spam. Jens says:

"Orbasoft is a real company, situated in Denmark. But they hired an Indian company to spam blogs with comments on their products ("search engine optimization")...[they] wrote 300 positive comments - for the price of $900. "

Well, it worked up to a point, I guess. Googling Orbasoft comes up with hit after hit. Some of them are freeware distribution sites, nearly all using Orbasoft's own description of their product. Others simply pick up on pages where the comment spam has been approved, or there is no comment filtering.

According to Jens, who also forwarded a link to a Danish article, Orbasoft director Thomas Jaskov says: "It sounded smart, but now it seems horrific to me".

Why's that, Thomas? Because you've realized that flooding the blogs and support forums of other security companies with spam, presumably in the hope of poaching their customers, is ethically challenged, or because there's been a backlash that's damaged your marketing prospects? Perhaps you feel that now a good many people are assuming that you're marketing rogue anti-spyware/scareware, and you've been criticized in other security blogs, you've been punished enough. Unfortunately, I'm not sure it works like that: you have a lot of ground to make up. 

It's not uncommon for legitimate security companies to allow marketing considerations to override common sense and/or ethical practice. Some of those companies have survived a great deal of unfavourable comment, mended their ways and earned respect (and cooperation) from their peers, and impressed potential customers. But marketing practices that resemble those of the purveyors of fake security software don't just injure the companies that indulge in them, or the security industry/community in general (as when we all get tarred with the same brush). Worst of all, like financial institutions that send out phish-like emails, dubious marketing practices make it harder for the customer to distinguish between the fake and the real, and the only people who benefit from that are the cybercrooks. It might take you a while to live that down.

David Harley
Director of Malware Intelligence