There are some “interesting” similarities between the home page of the DefenceLab rogue and the web pages of some legitimate anti-virus companies.
Our good friends at McAfee alerted us to some of this then Patrick Jordan and Alex Eckelberry took a closer look at the Web site associated with the new DefenceLab rogue that we reported on earlier this week.
DefenceLab was the one that directs the potential victim to a Microsoft Support page, but injects html code into the page in his or her browser to make it appear as though Microsoft is suggesting the purchase of the rogue.
Here’s what we mean by “interesting” similarities:
The “Awards” page was lifted from AVG’s “Awards-References” page right down to a dead link to the ICSA site. (AVG really has ICSA certification and DefenceLab is really malware.)
DefenceLab: http://defencelab.com/about/awards
AVG: http://free.avg.com/ww-en/awards-references
The “License Agreements” also came from AVG:
DefenceLab: http://defencelab.com/about/license
AVG: http://free.avg.com/ww-en/eula
The “Company Profile” was lifted from the Mitnick Security Consulting LLC. site:
DefenceLab: http://defencelab.com/about/profile
Mitnick Security: http://mitnicksecurity.com/company.php
And guess where DefenceLab got its privacy policy:
DefenceLab: http://defencelab.com/about/privacy
Sunbelt: http://www.sunbeltsoftware.com/About/Privacy/
They did leave out one paragraph from Sunbelt’s text though:
“You may send an e-mail or letter to the following e-mail or street address requesting access to or correction of your personally identifiable information:
“Privacy Manager. . “
Tom Kelchner