Select Page

Shield EC – a rogue security product that tries PR

by | Jul 30, 2010 | Uncategorized | 0 comments

Ok. Just because they put out a news release, doesn’t make them legitimate.

Our good friends over at PhishLabs drew our attention to this one: a rogue security product called Shield EC that is using mainstream public relations techniques to make themselves look legitimate.

The operators behind it apparently are setting up shop in hopes that they’ll be around for a while:

— They’re pushing the rogue to potential victims through earning4u.com (formerly IframeDollars.biz)  – the notorious Russian malware-spreading affiliate network.
— They’re delivering the actual malcode through a fast-flux network (not easy to take down).
— They’ve also put up a “company” web page and published a news release (in order to fool victims into thinking they are a legitimate software company):

Shield EC NR_2

The bogus press release, which tries to describe Shield EC as a legitimate product includes this nugget of dishonest Engrish gobbledygook:

“The major achievements of the company count a joint development with ZeuS Tracker of a unique antivirus Shield EC, targeted at fighting banking Zbot (ZeuS) trojan.” (http://www.free-press-release.com/news-new-antivirus-will-beat-zeus-1277387316.html)

Shield EC logo

Other interesting (read suspicious) aspects of their web site (registered in Cyprus June 25):

“Company Overview

“Martindale Enterprises Limited Company…”

Hmmm. There’s no company with that name on the Web. They also claim “ShieldEC Antivirus is used by more than 400,000 users worldwide on a daily basis.”

“Our team

“Martindale Enterprises Limited employs over 50 professionals of divert (sic) experience…” (http://www.shieldec.com/team.php)

Their “divert” experience apparently doesn’t include writing standard English.

Company spokesperson Kseniya Vasilyeva

We also tried to find some kind of public profile for “Kseniya Vasilyeva, the spokesperson for Martindale Enterprises Limited…”

People with that name that we found are:
— a Russian woman with a Facebook profile that indicates she’s interested in needle crafts and old cars.
— someone whose Linked-In profile says she’s an “LLP for HP” in Kazakhstan. “LLP” usually stands for “Limited Liability Partnership.”
— someone whose Linked-In profile says she’s an account executive at SMART Marketing Ukraine. (That kind of fits.)
— the murdered mother of a vampire who’s been undead since 1797. (Probably not her.)

Thanks Adam and the folks at PhishLabs.

Tom Kelchner

Submit a Comment

Your email address will not be published. Required fields are marked *