Suspect firm advertising via Google found to be specialising in hijacking security brands.
Google
searches for
Avira
and the company’s anti-malware product
Antivir
, a free version of which is available for personal use in the German home market and elsewhere, are producing sponsored links to a subscription-based software download site specialising in providing ‘free’ security products.
The sponsored links in
Google.de
have tricked many would-be
Avira
users into paying cash to the sneaky firm, operating at ‘downloadlink-2007.com’. With the new year the firm changed its name in the
Google
links to ‘downloadlink-2008’, but maintained its sponsored status and devious tactics, including adding the word ‘avira’ or ‘antivir’ to the site title displayed in the
Google
search results.
Clicking on the sponsored link, rather than the direct links to
Avira
further down the page, takes users to a site offering subscriptions to a package of security and system maintenance tools. After unchecking several boxes the system can be bypassed to lead eventually to an
Antivir
page at a separate freeware download site (users of the
Firefox
NoScript
plugin may find this more difficult), but many users have felt tricked into buying the firm’s wares in the belief that payment was necessary to access the
Avira
software.
For non-German speaking users, the same site also provides access to
Symantec
‘s online scanning system, which similarly is available free direct from the source rather than via the subscription system. The security package being pushed to visitors here is dubbed ‘
SpyErazer
‘, an anti-spyware system unknown to many anti-spyware experts, bundled with a selection of system cleaning and back-up tools.
The site is operated by a firm called ‘
Interactive Brands
‘, registered in Quebec, Canada, which runs several sites selling security products as well as PDF readers, web TV and other online services. Other sites operated by the firm include ‘panda-internet-security.com’ and ‘download-panda-antivirus.com’, selling copies of
Panda
products of dubious legitimacy, and ‘Mcafee-antivirus-2007.com’, which defaults to offering sales of
Panda
to users outside the US.
Several of the firm’s sites include an FAQ plundered wholesale from the
Grisoft
website, which includes references to
AVG
. The firm has been operating similar sites since at least spring 2007 and
AVG
,
Alwil
‘s
avast!
and
Lavasoft
‘s
AdAware
are among other free products thought to have been used as lures in the past (see
here
for a first-hand report from one victim).
Staff at
Avira
have reported complaints from several hundred users who felt their trust in them, and in
Google
, had been abused. Their attempts to resolve the issue with
Interactive Brands
and
Google
have had no success and legal proceedings against the scammers are under way.
Panda
has also reported complaints from customers, and is planning legal action to combat the brand hijacking.
Google
has failed to respond to
Virus Bulletin
‘s requests for information on its screening policy for sponsored links, after further complaints were received from our readers.
‘This sort of scam is typical of the wild west nature of the internet at the moment,’ said
John Hawes
, Technical Consultant at Virus Bulletin. ‘Fraud and crime are running rampant, and the effects of this on public confidence are potentially devastating to the online economy.
Google
have built themselves a good reputation for security and probity, but by profiting from scams like this they risk seriously denting that reputation. They need to operate a tougher screening policy for their sponsored links, to ensure the sites they promote in their searches are totally above board. Web users also need to increase their vigilance and ensure all purchases are made from legitimate and traceable sources – this case shows that trust is a valuable commodity and should not be given away too freely.’
Readers who have felt themselves defrauded by online scams are encouraged to report suspect sites to their security provider, to the search engine or other site which led them there, to banks in cases of phishing or financial loss, and in serious cases to law enforcement agencies. Virus Bulletin plans to provide a section of links for reporting online fraud and other crimes, and actively supports all efforts to improve and centralise online law enforcement and cybercrime reporting.
Posted on 21 January 2008 by
Virus Bulletin
Leave a Reply