Rogue Anti-Spyware List Update [July 2]

wawadave · **Posted:** Sat Feb 09, 2008 2:17 pm

boy have i been out of the loop!!
i d/led that will give it a run through!!

TeMerc · **Posted:** Sat Feb 09, 2008 7:45 pm

wawadave wrote:

boy have i been out of the loop!!
i d/led that will give it a run through!!

Dave, Eric hasn't updated his rogues list since May of '07, making it nearly useless IMHO.

Marcin updates his RogueRemover very frequently and you can view his RogueNET forum and see what's being tested for inclusion to the db.

wawadave · **Posted:** Sat Feb 09, 2008 8:41 pm

well thats to long not to up date i will be recomending this app now!1
thx temerc

TeMerc · **Posted:** Tue Feb 26, 2008 4:24 pm

Bakasoftware Expanding their List
Tuesday, February 26, 2008

Quote:

A month ago a new group called Bakasoftware (Bakasoftware.com) aka Pandora-Software released three Rogue security applications. The list of applications is as follows:

EasySpywareCleaner -.com
Spy-Rid -.com
InfeStop -.com
WinIFixer -.com

Tobesoftware.com and On-linelist.com but these two sites are not functional yet

More w\Screen Shots @ Bharath's Security Blog

TeMerc · **Posted:** Sat Mar 01, 2008 2:37 pm

Version 166 (2/19/08)

[Added]
EliteProtector, MalwareCore, SpyBurner, SpywareSolver, SysCleaner, WinReanimator, WinSpyKiller, WinXDefender, XPDefender

[Updated]
Rogue.Infector, VirusHeat

TeMerc · **Posted:** Sat Mar 01, 2008 2:38 pm

Version 167 (3/1/08)

[Added]
Bug Doctor, DoctorVaccine, SpyWarp, VirusRanger, VsSpy

TeMerc · **Posted:** Fri Mar 07, 2008 4:29 pm

A Crooked Review, or Creative Marketing?
Posted by John Park on March 7, 2008

Quote:

If you search for the word "antivirus" on major search engines like Google, Yahoo, or MSN there is a possibility you will end up with "6StarReview.com" or "StarReviews.com" with a link name like "Top 10 Antivirus for 2008" as one of top sponsored ads. The Star Reviews is basically a Web-only review site that covers everything from blog services to online banking. Perhaps the site is a bit heavy on affiliate links, but nothing out of the ordinary. No pop-ups. No browser exploits. All in all, it looks legit.

However, while reading the rankings of "2008 Antivirus Review," I felt somewhat uncomfortable, to a similar degree as when I watched the episode of "Will It Blend: iPhone." The rankings show "The Shield Deluxe" as the best AV product. A product that I have never heard of before, beating all other major vendors like CA, BitDefender, Norton, Kaspersky, NOD32, Panda, McAfee, and TrendMicro. This was disturbing to me in two different ways at the same time:

More Details @ Symantec Security Response Blog

TeMerc · **Posted:** Fri Mar 07, 2008 4:32 pm

The info below is all related to the site in question on the Symantec blog, except I've not blocked out the public information and included other IPs and domains associated.

TeMerc wrote:

Registrant:
Star Advertising, Inc.
150 West 25th Street
New York, New York 10001
United States

Registered through: GoDaddy.com, Inc. (godaddy.com)
Domain Name: STARREVIEWS.COM
Created on: 15-Jan-05
Expires on: 15-Jan-12
Last Updated on: 30-Oct-07

Administrative Contact:
frischman, arthur arthur[AT]6starreviews.com
Star Advertising, Inc.
150 West 25th Street
New York, New York 10001
United States
5612517198

Technical Contact:
frischman, arthur arthur[AT]6starreviews.com
Star Advertising, Inc.
150 West 25th Street
New York, New York 10001
United States
5612517198

Domain servers in listed order:
NS1.GEODNS.NET
NS2.GEODNS.NET

Other sites on same IP, listed in hpHOSTS:

hxxp://www.6starreviews.com

hpHOSTSOnline

MysteryFCM · **Posted:** Fri Mar 07, 2008 4:52 pm

It actually gets alot worse

http://hosts-file.net/pest.asp?show=63.246.20.

TeMerc · **Posted:** Fri Mar 07, 2008 6:09 pm

MysteryFCM wrote:

It actually gets alot worse

http://hosts-file.net/pest.asp?show=63.246.20.

rofl

TeMerc · **Posted:** Mon Mar 17, 2008 7:53 pm

Version 169 (3/17/08)
[Added]
SpyCatchE

[Updated]
SpywareIsolator

[Removed]
PCSleek Error Cleaner
====================================
Version 168 (3/16/08)
[Added]
SearchAndDestroy, SpyKillerPro, TheSpyBot, Unigray Antivirus, WinIFixer
No other updates, removals or notes
=======================
Version 167 (3/1/08)
[Added]
Bug Doctor, DoctorVaccine, SpyWarp, VirusRanger, VsSpy
No other updates, removals or notes

TeMerc · **Posted:** Mon Mar 31, 2008 2:12 pm

Version 170 (3/31/08)
[Added]
ProAntispy, ProtectingTool, XPCleaner

[Updated]
No applications were updated.

[Removed]
No applications were delisted.

[Notes]
No further comments.

TeMerc · **Posted:** Tue Apr 08, 2008 4:48 pm

Version 171 (4/5/08)

[Added]
AdwareAlert, WinXProtector

[Updated]
No applications were updated.

[Removed]
No applications were delisted.

[Notes]
No further comments.

TeMerc · **Posted:** Mon Apr 14, 2008 7:47 am

Localized Fake Security Software
Monday, April 14, 2008

Would you believe that in times when top tier antivirus vendors are feeling the heat from the malware authors' DoS attacks on their honeyfarms, and literally cannot keep up with their releases, someone out there is using an antivirus scanner that doesn't really exist? It's one thing to promote fake security software in a one-to-many communication channel by using a single language in a combination with cybersquatted domains, and entirely another to do the same in different languages. Localization for anything malicious is already taking place, as originally anticipated as an emerging trend back in 2006. The following currently active fake security software scams are promoted in Dutch, French, German, Italian, and you don't get to download them until you hand out your credit card details, and once you do so, you'll end up in the same situation just like many other people did in the past.

Some sample fake brands:

SpyGuardPro
PCSecureSystem
AntiWorm2008
WinSecureAv
MenaceRescue
PCVirusless
LifeLongPC
NoChanceForVirus
MenaceMonitor
TrojansFilter
TrojansFilter
LongLifePC
KnowHowProtection
BestsellerAntivirus
PCVirusSweeper
AVSystemCare
AVSecurityPlus
AVSecurityPlus
PCAssertor
PoseidonAntivirus
TrustedAntivirus
PCBoosterPro
DefensiveSystem
GoldenAntiSpy
AntiSpywareSuite
AntiMalwareShield
AntivirusPCSuite
AntivirusForAll
TrustedProtection
NoWayVirus
AntiSpywareConductor
AntiSpywareMaster
TurnkeyAntiVirus
YourSystemGuard

Portfolio one:

alfaantivirus.com
antivirusalmassimo.com
farrevirus.com
fomputervagt.com
figitalerschutz.com
flmejorcuidado.com
ferramentantivirus.com
filterprogram.com
filtredevirus.com
geeninfectie.com
harddrivefilter.com
keineinfektionen.com
longueviepc.com
maseg.net
nonstopantivirus.com
pcantivirenloesung.com
pcsystemschutz.com
plutoantivirus.com
psbeveiligingssysteem.com
riendevirus.com
securepcguard.com
sekyuritikojo.com
sistemadedefensa.com
sumejorantivirus.com
totaltrygghet.com
viruscontrolleuer.com
viruswacht.com
votremeilleurantivirus.com
zeusantivirus.com

Portfolio two:

advancedcleaner.com
alltiettantivirus.com
antispionage.com
antispionagepro.com
antispypremium.com
antispywarecontrol.com
antispywaresuite.com
antiver2008.com
antivirusaskeladd.com
antivirusfiable.com
antivirusforall.com
antivirusforalla.com
antivirusfueralle.com
antivirusgenial.com
antivirusmagique.com
antivirusordi.com
antivirusparatodos.com
antiviruspcpakke.com
antiviruspcsuite.com
antiviruspertutti.com
antivirusscherm.com
antiworm2008.com
antiwurm2008.com
archivoprotector.com
avsystemcare.com
avsystemshield.com
barrevirus.com
bastioneantivirus.com
bestsellerantivirus.com
bortmedvirus.com
cerovirus.com
debellaworm2008.com
defensaantimalware.com
defensaantivirus.com
drivedefender.com
exterminadordevirus.com
fiksdinpc.com
mijnantivirus.com
mobileantiviruspro.com
norwayvirus.com
nowayvirus.com
pcantivirenloesung.com
plutoantivirus.com
viruscontrolleuer.com
zebraantivirus.com
zeusantivirus.com

Portfolio three:

pcsecuresystem.com
antiworm2008.com
winsecureav.com
menacerescue.com
pcvirusless.com
lifelongpc.com
nochanceforvirus.com
menacemonitor.com
trojansfilter.com
longlifepc.com
knowhowprotection.com
bestsellerantivirus.com
pcvirussweeper.com
antiespiadorado.com
avsecurityplus.com
apolloantivirus.com
pcassertor.com
menacesecure.com
poseidonantivirus.com
trustedantivirus.net
pcboosterpro.com
defensivesystem.com
goldenantispy.com
avsystemcare.com
trustedantivirus.com
antimalwareshield.com
avsystemcare.com
antiviruspcsuite.com
antivirusforall.com
trustedprotection.com
nowayvirus.com
pcantiviruspro.com
antispywareconductor.com
antispywaremaster.com
turnkeyantivirus.com
yoursystemguard.com

Continued @ DDanchev Blog

TeMerc · **Posted:** Thu May 15, 2008 9:56 am

Bakasoftware’s saga continues
Thursday, May 15, 2008

Quote:

Bakasoftware (Bakasoftware.com) aka Pandora-Software is again busy releasing new rogue applications.

Advanced XP Defender is the new rogue from this group.

Site Name: Advancedxpdefender.com
IP Address: 216.240.138.207

Advanced XP Defender is a clone of WinIFixer application the scammers are so lazy that they even have left the traces of WinIFixer name in Advanced XP Defender application.

The group also uses many sites to push WinIFixer another rogue from the same group. Following are the different sites that are used for advertising WinIFixer.

Site Name: Winifixer.net
Site Name: Winifixer.org
Site Name: Winqfixer.com
IP Address: 216.240.138.207

The following is the affiliate program site

Site Name: Bakasoftware.net
IP Address: 216.240.138.206

Stay away from these sites.

See Screenshots @ Bharath's Security Blog

TeMerc · **Posted:** Thu May 22, 2008 8:19 am

Advanced XP Fixer

Quote:

Advanced XP Fixer is yet another Rogue from Bakasoftware (Bakasoftware.com) aka Pandora-Software. The application is a clone of WinIFixer application.

Site Name: Advancedxpfixer.com
IP Address: 216.240.139.169

Screenshots @ Bharath's Security Blog

=======================================================

SpyGuarder

Quote:

SpyGuarder is a new Rogue security application currently advertised/pushed by Trojan horse.

Site Name: SpyGuarder.com
IP Address: 208.85.178.132

SpyGuarder uses Software-payment.com site for payment processing. Beware that this site is also used by many other rogue security applications for payment processing.

Screenshots @ Bharath's Securty Blog

TeMerc · **Posted:** Mon May 26, 2008 9:55 am

Recent Rogue Applications advertised by MediaTubeCodec Trojans
Monday May 26, 2008

Quote:

Here is a list of new rogue Security applications that was advertised by MediaTubeCodec Trojans on infected systems.

Site Name: Antispywareexpert.com
IP Address: 92.62.100.64

Site Name: Antimalwareguard.com
Site Name: Antispywareexpertpro.com
IP Address: 195.5.117.248

The above mentioned sites distribute similar rogue security application. These applications are from AntiSpywareSolutionPro Inc. group (aka Winfixer).

Site Name: Pcprivacycleaner.com
IP Address: 92.62.100.64

Pcprivacycleaner is bogus/rogue privacy protection application by MediaTubeCodec Trojans.

Antivirus-2008-pro is a new rogue security application. Its an clone of Kvmsecure rogue application.

More @ Bhrath's Security Blog

TeMerc · **Posted:** Fri May 30, 2008 10:21 am

Quote:

MalwarePatrolPro is a new rogue security application from WinIFixer family of Rogue security applications. As usual this rogue is pushed by Fake codecs.

Site Name: Malwarepatrolpro.com
IP address: 216.240.139.169

Screenshots @ Bharath's Security Blog

TeMerc · **Posted:** Fri May 30, 2008 10:40 am

Another rogue: PCPrivacy Cleaner @ Malwarebytes Blog

MBAM targets this infection

TeMerc · **Posted:** Tue Jul 01, 2008 4:43 pm

Malwarebytes Anti-Malware Version 175 (7/1/08)

[Added]
AdvancedAntivirus, Antivirus2008, MalwarePatrolPro, MalwareProtector2008, SpyGuarder, System Antivirus, Ultimate Antivirus, Windows Antivirus, XPSecurityCenter

[Updated]
WinSpywareProtect

[Removed]
No applications were delisted.

[Notes]
No further comments.

secur3d · **Posted:** Wed Jul 02, 2008 7:29 pm

Thanks for the info TeMerc.

-eXaByTe

Rogue Anti-Spyware List Update [July 2]

Who is online

Who is online

Who is online
	In total there are 0 users online :: 0 registered, 0 hidden and 0 guests (based on users active over the past 5 minutes) Most users ever online was 282 on Tue Sep 25, 2012 11:30 am Users browsing this forum: No registered users and 0 guests