BleepingComputer.com: SmitFraudFixTool falls short compared to the real thing

Some say impersonation is the highest form of flattery, Sometimes, though, being impersonated is not such a good thing. An example of this is a new anti-malware program called SmitFraudFixTool that is hoping to get some sales by impersonating the name of a well known non-commercial anti-rogue program called SmitfraudFix.

SmitFraudFix is a non-commercial tool that is used to remove high profile rogue security products and the malware that is typically associated with them. This program, created by S!RI, has had such as good track record on removing these types of malware that there have been over 1,348,000 requests for this tool at BleepingComputer.com alone. It therefore comes as no surprise to see a commercial company attempt to make money off of this tools success with a tool called SmitFraudFixTool.



At first glance there is not much information that we can find about SmitFraudFixTool. Their domain registration is set to private and there is no company name other than AntiSpyware LLC in the software. If you dig around on the SmitFraudFixTool site, though, you can find they made a few mistakes here and there. For example, on their FAQ page you see a green button with the text "Let MalwareRemovalBot scan your hard drive right now for free". When I downloaded MalwareRemovalBot, I was not surprised to see that it looked almost exactly the same as SmitFraudFixTool.




We still do not know who is the developer of these tools are as MalwareRemovalBot states its developer is AntiSpyware LLC as well. So I dug a little deeper into the executables themselves and found a few common urls between all of the programs. The first url was for a domain antispyware.com. When I went to that domain we see they are advertising anti-malware tool called AntiSpyware 2009. They also state that the company is named AntiSpyware LLC and they are located in Mobile, Alabama.




Another url that is common to all of these programs is is geekonline.com. This site is for a remote repair service where they offer a variety of services utilizing a tool that you should now recognize; AntiSpyware 2009. This site is obviously part of the same company as all of these programs. Finally, the last url that I found in each of the executables is for 2squared.com. 2Squared.com is a company located in Mobile, Alabama as well. Coincidence? I doubt it.

The real question now is who is real parent company? It is AntiSpyware LLC or is it 2Squared? Based on when the domains were registered, I am going to have to conclude that 2Squared is the original company as that domain was registered first. You may wonder why a company would put out so many copies of the same program with just different names and skins. My belief is that they are feel that the more products they have out there the better the chances that someone will download and purchase one of them. Regardless of the reasons, the whole practice of trying to pass their tools off as another well-known tool is definitely a shady practice.

What are you thoughts?

Combofix might be next in the line. I'm starting to see URLs in Google trying to make money by selling outdated versions of Combofix.

That or else it could be SDFix if it hasn't been done yet.

i think it might me malware bytes next

tylerisdabest, on Feb 21 2009, 07:39 PM, said:

No, MBAM is already copied. See this Google search then look at the advertisement. DO NOT CLICK ON IT!

then it might be super anti spyware