Select Page

There are some “interesting” similarities between the home page of the DefenceLab rogue and the web pages of some legitimate anti-virus companies.

Our good friends at McAfee alerted us to some of this then Patrick Jordan and Alex Eckelberry took a closer look at the Web site associated with the new DefenceLab rogue that we reported on earlier this week.

DefenceLab was the one that directs the potential victim to a Microsoft Support page, but injects html code into the page in his or her browser to make it appear as though Microsoft is suggesting the purchase of the rogue.

Here’s what we mean by “interesting” similarities:

The “Awards” page was lifted from AVG’s “Awards-References” page right down to a dead link to the ICSA site. (AVG really has ICSA certification and DefenceLab is really malware.)

Fake awards

DefenceLab: http://defencelab.com/about/awards
AVG: http://free.avg.com/ww-en/awards-references

The “License Agreements” also came from AVG:

DefenceLab: http://defencelab.com/about/license
AVG: http://free.avg.com/ww-en/eula

The “Company Profile” was lifted from the Mitnick Security Consulting LLC. site:

DefenceLab: http://defencelab.com/about/profile
Mitnick Security: http://mitnicksecurity.com/company.php

And guess where DefenceLab got its privacy policy:

DefenceLab: http://defencelab.com/about/privacy
Sunbelt: http://www.sunbeltsoftware.com/About/Privacy/

They did leave out one paragraph from Sunbelt’s text though:

“You may send an e-mail or letter to the following e-mail or street address requesting access to or correction of your personally identifiable information:

“Privacy Manager. . “

Tom Kelchner


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34