Update: a quick tip of the hat to Steven, who sent us a URL for a somewhat related blog about problematic premium text services.

Speaking of the 2008 report, here's another extract, this time about fake antimalware.

"We expect to see increasing volume and sophistication in criminal attempts to extort money from end users in return for fake anti-malware although users are often conned out of their money currently in exchange for fake antivirus which performs no useful function at all. In the near future we expect more extortionists will add to the range of ways in which they exploit their victims. Even now, when these gangs find an opportunity to install fake security software, it’s possible and even likely that spyware and adware are installed at the same time. When a victim is tricked into giving out confidential information such as credit card details, the information may be subsequently misused in many different ways, apart from the original “sting.” Make no mistake: there are many conmen out there trying to pass themselves off as legitimate security vendors, and using any means they can to blur the distinction between what they do and what we do."

[...]

"Others are claiming falsely to have industry standard certifications for their “products,” introducing rudimentary “real” detection into the product, slandering vendor reputations in public forums, and threatening legal action against real security vendors and others who might expose them for what they are. In many respects, this is as much an attack on the security community as it is on end users."

Why am I mentioning this again? Well, of course, the issue hasn't gone away: fake anti-malware products are being spotted all the time, though the fact that they come in all shapes and sizes means that individual variants aren't spotted in the sort of quantity that keeps grabbing media attention. But it so happens that a couple of related issues have cropped up in the past few hours. One is in line with the extract above: another vendor has reported a sponsored link, apparently to one of their products, which actually offers a copy of a antispyware program with a somewhat dubious reputation. Not an uncommon type of scam, but not a good thing.

The second issue is a little different. We've noticed a site registered with a name that suggests it belongs to ESET, offering downloads of what are claimed to be downloads of not only our products, but those of a number of other major antimalware companies. In fact, the binary turns out to be an NSIS script that instructs the recipient to send a short code to a premium-rate texting service.  (Nullsoft Scriptable Install System (NSIS) is a freely-available script-driven Windows installation system.) We see frequent complaints about such services apparently charging randomly for unrequested downloads such as ring tones, screensavers and so on.

Yet another type of scam you might want to watch out for.

David Harley
Director of Malware Intelligence.