Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SmitFraudFixTool falls short compared to the real thing


  • Please log in to reply
5 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:21 AM

Posted 20 February 2009 - 07:16 PM

Some say impersonation is the highest form of flattery, Sometimes, though, being impersonated is not such a good thing. An example of this is a new anti-malware program called SmitFraudFixTool that is hoping to get some sales by impersonating the name of a well known non-commercial anti-rogue program called SmitfraudFix.

SmitFraudFix is a non-commercial tool that is used to remove high profile rogue security products and the malware that is typically associated with them. This program, created by S!RI, has had such as good track record on removing these types of malware that there have been over 1,348,000 requests for this tool at BleepingComputer.com alone. It therefore comes as no surprise to see a commercial company attempt to make money off of this tools success with a tool called SmitFraudFixTool.



SmitFraudFixTool
SmitFraudFixTool

At first glance there is not much information that we can find about SmitFraudFixTool. Their domain registration is set to private and there is no company name other than AntiSpyware LLC in the software. If you dig around on the SmitFraudFixTool site, though, you can find they made a few mistakes here and there. For example, on their FAQ page you see a green button with the text "Let MalwareRemovalBot scan your hard drive right now for free". When I downloaded MalwareRemovalBot, I was not surprised to see that it looked almost exactly the same as SmitFraudFixTool.




MalwareRemoval Bot
MalwareRemovalBot

We still do not know who is the developer of these tools are as MalwareRemovalBot states its developer is AntiSpyware LLC as well. So I dug a little deeper into the executables themselves and found a few common urls between all of the programs. The first url was for a domain antispyware.com. When I went to that domain we see they are advertising anti-malware tool called AntiSpyware 2009. They also state that the company is named AntiSpyware LLC and they are located in Mobile, Alabama.




AntiSpyware 2009
AntiSpyware 2009

Another url that is common to all of these programs is is geekonline.com. This site is for a remote repair service where they offer a variety of services utilizing a tool that you should now recognize; AntiSpyware 2009. This site is obviously part of the same company as all of these programs. Finally, the last url that I found in each of the executables is for 2squared.com. 2Squared.com is a company located in Mobile, Alabama as well. Coincidence? I doubt it.

The real question now is who is real parent company? It is AntiSpyware LLC or is it 2Squared? Based on when the domains were registered, I am going to have to conclude that 2Squared is the original company as that domain was registered first. You may wonder why a company would put out so many copies of the same program with just different names and skins. My belief is that they are feel that the more products they have out there the better the chances that someone will download and purchase one of them. Regardless of the reasons, the whole practice of trying to pass their tools off as another well-known tool is definitely a shady practice.

What are you thoughts?




BC AdBot (Login to Remove)

 


#2 Lloyd T

Lloyd T

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:21 AM

Posted 20 February 2009 - 08:16 PM

Combofix might be next in the line. I'm starting to see URLs in Google trying to make money by selling outdated versions of Combofix.

#3 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:06:21 AM

Posted 21 February 2009 - 02:08 AM

That or else it could be SDFix if it hasn't been done yet.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#4 Guest_tylerisdabest_*

Guest_tylerisdabest_*

  • Guests
  • OFFLINE
  •  

Posted 21 February 2009 - 07:39 PM

i think it might me malware bytes next

#5 Lloyd T

Lloyd T

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada

Posted 21 February 2009 - 09:58 PM

i think it might me malware bytes next


No, MBAM is already copied. See this Google search then look at the advertisement. DO NOT CLICK ON IT!

#6 Guest_tylerisdabest_*

Guest_tylerisdabest_*

  • Guests
  • OFFLINE
  •  

Posted 23 February 2009 - 03:27 PM

then it might be super anti spyware




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users