New rogue anti-spyware and SpySheriff clone
Posted by Suzi Turner @ 9:26 pm
(March 9, 2006)
These rogue anti-spyware programs seem to multiply like rabbits. Just 2 days ago I wrote about Spy-Shield, an anti-spware app that installs adware from BestOffersNetwork. Then yesterday SunbeltBLOG featured another new rogue anti-spyware app named BraveSentry. The Sunbelt researchers found a domain running exploits and force installing not just one rogue anti-spyware app but two. Maybe pushers thought two rogues would be more convincing to frighten the user into buying one of them? The domain running the exploits is a known CoolWebSearch domain, Game4all(dot)biz (link to whois) which is hosted in Russia. SunbeltBlOG has screenshots of the hijacked desktops with BraveSentry and AlfaCleaner. The BraveSentry website is hosted at InterCage, formerly Atrivo, which I blogged about previously, and its neighbor on the same IP (22.214.171.124) is anosurfer.com, another site for SpySheriff. (Links are to whois info, not to the sites.)
More info from Suzi: NetSato blog posted about an infection by BraveSentry:
Yesterday my “sandbox” Windows XP computer got hijacked by a seemingly rare anti-spyware software called Bravesentry. (A sandbox PC is one that I use to “play” with. I use it to test configurations and software, but it contains nothing important). I say rare because a quick Google search on “Bravesentry” remarkably found only 2 entries regarding this malicous software that enters your PC without consent and attempts to scare people into buying their product.
NetSato also states the following about the BraveSentry infection on his computer:
Bravesentry is a malicious anti-spyware software that entered my computer via Trojan horse applications manifested in the files “t.inx” and/or “kernels8.exe”.
More in NetSato’s posting including more pictures of what Brave Sentry looks like.
And all this after Suzi had just posted two days prior about a Google AdWords ad (using the words Spy Sweeper) for a new anti-spyware app called Spy-Shield which requires that the user agree to install software from BestOffersNetwork.
Suzi has more links about this at the article:
Anti-spyware program installs adware from BestOffersNetwork
Thanks Suzi, Alex at SunbeltBLOG and NetSato!