Limelight distributes hundreds of Rogue Antispyware products

Posted on December 17th, 2007 by

Looks like Limelight is involved in distributing hundreds of Rogue Antispyware products … the majority of these are from “LocusSoftware” which I have mentioned before. However I found an interesting video produced by Symantec that shows all these clones … and there are hundreds! So let’s take “SpyGuardPro” as an example …


Oops … Google has flagged this as a malicious site …


Ok … let’s go there and see … appears my AV (NOD32 v3) doesn’t like it either …



As you can see the download is attempted from “content.onerated.com” which is running from … you guessed it.
Limelight Networks server. Scanning the download (install_en.exe) at VirusTotal revels the following:



This is the same exact file (install_en.exe) that I’ve mentioned before, and just to leave no doubt, this is the same installer detected by SunBelt which was used by WinFixer. So all LocusSoftware is doing is changing the embedded URLs within the file for each of the hundreds of clones it creates as seem in the Symantec video above …


87.117.252.11  spyguardpro.com (hosted at Eukhost_ltd)
87.117.252.11  sale.spyguardpro.com (hosted at Eukhost_ltd)
204.16.204.56  jsp.spyguardpro.com (hosted at Setupahost)
204.16.204.56  protect.spyguardpro.com (hosted at Setupahost)
85.12.60.13     ykeeper.spyguardpro.com (hosted at Euroaccess)


Although it’s doubtful that (US) officals can do anything about the foreign locations, they can certainly question the unsavory practices of LimeLight since it is a US company …

knock-knock” = “who’s there?” The FTC (we can only hope!)

5 Comments »
Filed under: Uncategorized



5 Responses to “Limelight distributes hundreds of Rogue Antispyware products”

  1.    sandi Said:
    December 17th, 2007 at 7:06 am
       

    Ping me offline Mike….

    Sandi

  2.    Dean Said:
    December 17th, 2007 at 8:38 am
       

    “Although it’s doubtful that (US) officals can do anything about the foreign locations, they can certainly question the unsavory practices of LimeLight since it is a US company”

    True, but I wouldn’t hold my breath. Look at Cernel and Intercage, also domestic companies. Cernel is behind all the “DVD Access” rogue codec web sites along with many others.

  3.    winhelp2002 Said:
    December 17th, 2007 at 3:06 pm
       

    Dean,
    That’s true but those hosting companies do not boast about their “partners” like this:
    http://www.limelightnetworks.com/partners.html

  4.    Mike Nolet Said:
    December 20th, 2007 at 12:56 pm
       

    It’s silly to go after LimeLight, they’re just a CDN — you give them a piece of content, they will deliver it for you around the world. They’re a dumb interface used to decrease latency and increase bandwidth when serving static content.

  5.    winhelp2002 Said:
    December 20th, 2007 at 3:15 pm
       

    Mike,
    While you may think it is silly … I certainly do not. The purpose is to cut off any and all routes possible that apply to the WinFixer gang.

« »