Scams get all sorts of clever and sometimes just lazy, repeating the same task over and over is quite ridiculous. Thing is that someone tried to use the GoblinByte comment section today as a path to doing just that, scamming our readers into an unknown path of bad. As a result we pulled out our domain checker skills and we are going to use this post to get revenge and point out what, and where this company went wrong.
To start I would like to say, we care about security, we do amateur hacking, and tons of security protocol implementations in our daily lives. We would like to pass that onto our readers, and any attempt at breaching our security, or that of our readers, we take seriously, and will not have either compromised.
We are going to discuss a deceptively good looking, bad site, to those not paying attention, this site looks fine, but don't be fooled, they were exceptionally lazy in some very key points, and have TONS of holes in what they claim. Today we are going after RemovalBits.
The Look
Lets first look at the site as a whole, what does it have to offer us, it does honestly look like it offers very similar content to us over here at GoblinByte, but potentially more focused on malware or virus news. Things we cover, but not our only focus, so yeah, its not a bad site just on the cover right? It is broken up into very sensible sections, popular news, news stories, malware, files, and even a testimonial portion. At face value this looks like a relatively tasteful and appropriate site. But as I stated out saying, your security is just as important as my own, so where does it all take a look at their claims first.
Claims
Press Mentions, one of the first things claimed on the right hand side, they claim to be mentioned in The Wall Street Journal, USA Today, IC, Info Security, PCWorld, Forbes, ZDNet, Investors, CNET News, CNN, and infoworld. I will save you the time and tell you this, that's simply not true, not a single one of these sites makes any mentioning of this site what so ever. If you feel compelled, google search RemovalBits and any one of those press organizations, you will come to find a lack luster representation of RemovalBits, just googling RemovalBits itself doesn't even show up on the top of the list. It's the fourth or fifth mention on the list.
Fake Testimonials
The testimonials are obviously fake, if you're looking for some good information about a company, testimonials are lovely, but these randomly generated testimonials are without a doubt the owner looking to inflate his own ego, things like "Thank you for detailed information about Moxghjabg.exe" or "I never thought that removing Moxghjabg.exe would be that easy". Ok, lets discuss something about people who give testimonials for technical oriented products, they will not discuss the product in such a ego boosting manner, one even said "I'm sending you $50 for helping me" and "wow I thought that Moxghfjabg.exe is related with google. Thank you for telling me the truth."
People do NOT talk like that, if you're in a a rush and not paying attention, you MIGHT be fooled by this, but... at the end of the day... something should feel funky, these testimonials are beyond fake, they feel phony, and they feel like an egotistical maniac trying to look awesome. I'm not going to doubt one bit that these same testimonials float between every page with variables put into them to save him time and money.
Removal Tool for what? False advertising
There is a removal tool for all these wonky viruses, for Moxgfjabg.exe, for Omigaplussvc.exe, and for Genericasktoolbar.dll, and that is what the removal tool says, "removal tool for [Fill in virus name here]." This information in and of itself is fine, a removal tool for a particularly viscous virus is a lovely thing to have out on the market... but... The removal tool Downloads are the same for EVERY page... because the file is called "Spy Hunter 4" which is made and distributed by Enigma software.
The software seems to be branded as their own, yet it isn't, its one single software marketed as multiple unique softwares opposed to just one. The real problems arise when you go to download the software, being rerouted to the original vendor would be fine, the download link is http://www.enigmasoftware.com/downloader/rw/SpyHunter-Installer.exe all looks perfectly fine on enigmas end. The download link on RemovalBits on the other hand reroutes to
downloads.enigmasoftwaregroup.com.
False link is bad
The link that RemovalBits reroutes to is a known adware domain. What sort of adware? We don't know here at GoblinByte, but we will eventually wager to find out on a test system at some point and do some reverse engineering on the file, but as a whole its a bit disgusting and deceptive.
How we found them.
RemovalBits fell in our lap, in a fashion that was outright pathetic to say the least, it appeared in our comment section on our Antivirus Reviews article saying "Nice review! Visit [No more backlinks for them] if you're interested in more alti-virus reviews and if you really enjoy reading some news about security software!" in a clear attempt to reroute any readers towards a less than reputable source. If you're going to try to scam someone, at least spell "anti-virus" correct, no clue what alti-virus is.
We police comments here, and we get emailed every time a new comment is posted, giving us the opportunity to weed out any of those who have nothing but non-reputable things to say or do. Don't use a comment section as a cheap way to get victims, it's lazy.
Conclusion
As social engineering dictates, people will try their hardest to manipulate people by using commonly and readily available mediums. Being vigilant is half of the battle, very well laid out and descriptive attempts are hard to notice right away. Outright horrible attempts, grammatical inaccuracies, and very obvious trails of over-hyped hogwash are very obvious. We applaud good attempts, but will still out you if you come on our radar.
If you have any comments, questions, or concerns, leave a comment in the section below. And as always, be safe my fellow goblins.
Home / featured /
scam /
social engineering /
virus
/ Spotting a scam website Edition 1: RemovalBits
- Blogger Comment
- Facebook Comment
Subscribe to:
Post Comments
(
Atom
)
0 comments:
Post a Comment