Prevx and Trend Micro targeted by spammers.
Posted by: Jacques Erasmus
So today we saw something rather funny. One of the guys in the office was browsing Download.com looking at the software we have listed on there, and found something interesting. There appeared to be a version of our software that we didnt produce listed on the site. Hmm, interesting.
One posters comment in the thread said "Beware: TROJAN". Seeing as we are in the Anti malware business, this was more rather interesting to say the least. So we downloaded the file and this is what we saw.
From further investigation all this is doing is trying to trick people into submitting their email address into the form that pops up. What would the use of this be? Well, this ofcourse... :=)
Quite a creative way to gather email addresses? We'll we can see that 558 people have downloaded this from download.com.
However, this raises a different question alltogether. How could CNET/download.com allow this software to be submitted and still remain active on their website. Surely there needs to be more stringent tests to protect users and their identities.
It seems from further checking that we are not the only people to be targeted. Trend Micro has the same issue with their Rootkit Buster Application.
Here we can see the Ethereal Trace of the post. We can see that the data is being sent to Emailaces - with a registered business address in Florida. All attempts to contact Email Aces have been, shall I say "fruitless".
I'm sure we will be seeing more of these attempts at riding the popularity wave of Prevx CSI, with over 1.2Million downloads now in the first 3 months it seems good and bad are taking note.
