There are some �interesting� similarities between the home page of the DefenceLab rogue and the web pages of some legitimate anti-virus companies.
Our good friends at McAfee alerted us to some of this then Patrick Jordan and Alex Eckelberry took a closer look at the Web site associated with the new DefenceLab rogue that we reported on earlier this week.
DefenceLab was the one that directs the potential victim to a Microsoft Support page, but injects html code into the page in his or her browser to make it appear as though Microsoft is suggesting the purchase of the rogue.
Here�s what we mean by �interesting� similarities:
The �Awards� page was lifted from AVG�s �Awards-References� page right down to a dead link to the ICSA site. (AVG really has ICSA certification and DefenceLab is really malware.)
DefenceLab: http://defencelab.com/about/awards
AVG: http://free.avg.com/ww-en/awards-references
The �License Agreements� also came from AVG:
DefenceLab: http://defencelab.com/about/license
AVG: http://free.avg.com/ww-en/eula
The �Company Profile� was lifted from the Mitnick Security Consulting LLC. site:
DefenceLab: http://defencelab.com/about/profile
Mitnick Security: http://mitnicksecurity.com/company.php
And guess where DefenceLab got its privacy policy:
DefenceLab: http://defencelab.com/about/privacy
Sunbelt: http://www.sunbeltsoftware.com/About/Privacy/
They did leave out one paragraph from Sunbelt�s text though:
�You may send an e-mail or letter to the following e-mail or street address requesting access to or correction of your personally identifiable information:
�Privacy Manager. . �
Tom Kelchner
No comments:
Post a Comment