Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Charlatan protectors

Read: 3079 Comments: 4 Rating: 42

Wednesday, February 22, 2017

In this issue we’ll discuss fake anti-viruses that can't really do anything useful on a PC or a smart phone, but can help fraudsters empty your wallet.

In the US, three men were, charged with large-scale online fraud.

According to investigators, the fraudulent activities were carried out under Innovative Marketing Inc., a company registered offshore in Belize, and its Ukraine-based subsidiary Innovative Marketing Ukraine. The formal head of the company, 40-year-old American national Shailesh Kumar P. Jain went into hiding and presumably took up residency somewhere in Ukraine.

Charges were also brought against Bjorn Daniel Sundin, a 31-year-old Swedish citizen who was the company's chief technology officer. According to investigators, he was located in his native Sweden. Another member of the trio, 26-year-old James Reno of Ohio, USA, was expected to be arraigned in Chicago.

Innovative Marketing misled users by placing fraudulent ads online telling users that their computers were infected and offering them their "anti-virus" software (e.g., DriveCleaner and ErrorSafe) for purchase and download. The prices ranged between 30 USD and 70 USD.

Here is an explanation. Fake anti-viruses are programs that imitate anti-virus protection on computers of gullible victims. Of course, they notify users about purported issues and try to sell them a full version that will solve all their problems.

For example, here is MacDefender (a.k.a. MacSecurity, MacProtector, and MacGuard). As the title clearly indicates, it promises protection for mac OS X.


MacDefender is distributed just like any other rogue security software. When a user visits a certain site, they see a dialogue box that imitates anti-virus scanning and then displays a report about the threats that were detected. Victims are advised to use the "anti-virus" to resolve this problem. After it is installed, the program gets added to the list of user startup applications — Login Items. Therefore, it is activated every time a user logs on or the computer is turned on, and regularly "finds" malware in the system and reminds the victim of the need to "cure" it.

The criminals accept credit card payment for their “licensed version” of MacDefender (the card information is transferred through an unprotected connection). Once the user pays, the program stops detecting malware. It creates the illusion that the money wasn't wasted.

Fake anti-viruses are popular among fraudsters because programs of this kind, which do practically nothing, can be very small. And that means that rogue security software can be installed under any operating system. We won't talk about fake anti-viruses for Windows—there are millions of those. And there is an entire family of rogue security software for Android—Android.Fakealert— in the Dr.Web virus database.


Interestingly, in the story with which we started this issue, the imposters tried to attack those who exposed them.

A bogus news post published at alleged that high-profile security researchers Brian Krebs and Mikko Hypponen sold information about 1.5 million compromised accounts to a third party, thus causing damage in the amount of 75 million dollars. The fabricated story also claimed that the researchers had a romantic relationship. The article also featured Photoshopped forum chat logs that purportedly showed Krebs (BlazinKrabz) and Hypponen (WhiteHippo) discussing how they could sell stolen credit card numbers.

The fabricated news post was indexed by Google, and as a result some users read it.

In truth, the story was a doctored version of a real Kreb's article that he wrote for the Washington Post in 2007. The fake logs were based on a real conversation that took place on the underground forum

Hypponen, who was also mentioned in the article, wrote that authorities had suspended the Swiss bank accounts of Sam Shailesh Kumar and Bjorn Daniel because they were engaged in selling rouge security software. Charges were filed against both criminals, and they were placed on Interpol's Wanted List in connection with the Innovative Marketing Ukraine case. Shailesh Kumar is an American citizen, while Sundin is a Swedish national.

A possible outcome:

In such cases under US law, an accused may face up to 20 years in prison for each count. Jain and Sundin were charged on 24 counts, while Reno was charged on just 12.

Actions of this kind are punishable by law in almost all countries.

#fake_anti-virus #security

The Anti-virus Times recommends

If someone offers to sell you a light-weight and inexpensive anti-virus (often an alternative to a popular application), first install Dr.Web (at least the trial version) and check the solution you are being offered. Something interesting is bound to happen!


Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.