In
July of 2006 we did some searching
for potentially unwanted applications; recycled or
repackaged applications that were of dubious
value. Affiliate marketing is used to promote
sales and unfortunately such systems often provide
economic incentives to cheat.
Those
earlier
search results
contain some links to known rogue antispyware
sites, but in general it's mostly harmless
optimization software. (The real value of which is
unknown to us.) Interestingly, since 2006 there
are now many French, Spanish, Italian, and German
localizations in the results. Everything is
localized except the Privacy Policy text we
searched for.
Now to the present
— being less interested in PUAs and more
interested in known bad Rogues, we tried a few
different searches last week.
Starting
with a new Rogue (VirusHeat, circa Feb. 8th) we
used this text from the affiliate page: Being
associated with one of the most known innovative
software solutions developer whose
mission is to protect the privacy and security
of Windows computer users.
The
Google search results
produced a number of known bad guys. Many of the
search links are blocked by StopBadware.org.
Click
the image below for an example of the recycling
(animated GIF). Attack of the Clones:
This Rogue list included applications
that we've seen elsewhere. Where?
On a
list of applications hosted by the
Russian Business Network.
RBN is
an infamous underground ISP that provides
bulletproof hosting. The site
www.antispyzone.com isn't among the results
and the URL doesn't currently resolve (server not
found). However, using the site's last known IP
address from a list of RBN associated IP
Addresses, we located the page.
It uses
the very same text on its affiliate page. They're
all bad Rogues…