From: http://www.bluecoat.com/blog/look-russian-fake-av-scam
I am not sure whether this is the same as you already have seen, but anyway...while reading my Google Reader, I got a popup opening av-scann.com (still not sure where it came from) and got all the usual rogue AV "scans", except that this time it was completely in Russian.
(C.L.: The screenshot he sent is almost identical to this one, so I won't reproduce it here. As to where it came from: probably a "malvertisement" -- we've seen a lot of Fake Scanner pages piggybacking on ad networks lately, so they can pop up on almost any legitimate web site.)
The Russian looks a little bit strange. There are no grammatical errors, but the chosen vocabulary looks a little bit odd.
A funny thing (haven`t noticed this before, so I guess it appeared only in this "version") - if you scroll down a little, you`ll see: Эмуляция работы программы ("program emulation") and Пользовательское соглашение ("user agreement"). The user agreement is shown when the user clicks Вылечить всё ("cure all"), and explains the payment system.
When the user clicks it again, the usual "send SMS to this short number" window is shown. (BTW, they have Latvia, Lithuania, Estonia, Russia, Finland, etc. in the list of supported countries.)
First interesting thing in the agreement - it is for the site net-virusam.com ("no to viruses" in Russian), not for the opened av-scann.com.
(C.L.: When I checked, net-virusam.com didn't exist. av-scann.com was trying to hide behind a page that said Сайт заблокирован! -- "site blocked!" -- but was still serving pages. Nice try.)
User Agreement 5th paragraph - to get access to the site`s resources, the user needs to send them 3 SMSs. Cost of one SMS is 300 RUR (~10$) without Value Added Tax (which is usually around 20-25% in European countries), that is, the user pays around 12$ for one SMS, which gives us 36$ for the access to the site, which is comparable to 40-100$ for English rogue AVs. The agreement says the user is paying for downloads from their sites - 15 RUR for each. 3x300 means that user can order a block of 60 downloads at once. From the same agreement: "...After activation, user gets access to FREE version of Avira antivirus. The user interface of the downloaded program can be extremely different from the one you`ve seen in emulation...". So I guess that is why they are charging for downloads - selling free software is clearly illegal, but selling their bandwidth, on the other hand...
User Agreement 6th paragraph - "...Our service does not provide any guarantees of quality of our services or compliance with user expectations... We do not have money-back guarantees... We will not refund any losses you could experience..."
(C.L.: So, no malware, just a scam -- unless, of course, that Avira download you get isn't a clean version!)
Tuesday, May 25, 2010
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment