On CBS.com: Enter For Chance to Tour Set of MEDUM
BNET Business Network:
BNET
TechRepublic
ZDNet

January 18th, 2006

More super rogue anti-spyware

Posted by Suzi Turner @ 11:29 pm

Categories: Spyware/adware warnings

Tags:

Be on the lookout for another new supposed anti-spyware program that might be hijacking desktops any day now.  This one is called PestTrap and it’s a clone of SpySheriff. SpySheriff was one of the top 10 rogue anti-spyware apps of 2005, coming in at number 2.  You can see a screenshot of the PestTrap website at SunbeltBLOG and a screenshot of the app itself, along with the false positives in the scan results here. You’ll see that SpySheriff, SpyTrooper, SpyDemolisher, SpywareNo! and Spyware-Stop are almost identical.  If you scroll down the page a bit, you can see the other families of apps like SpyAxe and RazeSpyware that are deemed to be CoolWebSearch related by spyware researchers. 

PestTrap was found being advertised on a new fake security center web page, uptodatesecurity.com (link to whois info).  I don’t recommend going to that page in Internet Explorer. Even in Mozilla a fake warning pops up saying "your pc is infected with spyware blah.. blah…".  The domain is showing up in HijackThis logs already.  Example here.

Last week I mentioned ISPs hosting spyware, but where are these CWS related rogue apps being hosted?  Look at the whois info for pesttrap.com. Unlike SpyAxe which is hosted in the Ukraine, the PestTrap site is hosted at IP address 69.50.167.173 which belongs to an ISP in California, InterCage, Inc., formerly known as Atrivo.  Note the nameservers are mail.atrrivo.com and pavel.atrivo.com.

OrgName:    InterCage, Inc.
OrgID:      INTER-359
Address:    1955 Monument Blvd.
Address:    #236
City:       Concord
StateProv:  CA
PostalCode: 94520
Country:    US

The IP address is currently blacklisted by SORBS and Spews. Even the Intercage.com domain has been blacklisted for spam back to September 2005. The Spews record has some interesting info as well.

Not surprisingly, SpySheriff.com (link to whois) is hosted at InterCage, and we have SpyTrooper.com on the same IP address, 69.50.170.82. The other domain on the IP is Spy-Sheriff.com. This IP is also currently blacklisted.

InterCage, Inc. INTERCAGE-NETWORK-GROUP (NET-69-50-160-0-1)
                                  69.50.160.0 - 69.50.191.255
William Lu STANDARDSHELLS (NET-69-50-170-0-1)
                                  69.50.170.0 - 69.50.170.255

The Intercage.com (link to site) home page is white and blank except for "…" in the upper left corner.  Now, that seems odd to me. An ISP with a blank homepage? Google searches for Intercage.com and Intercage, Inc. bring up all kinds of interesting links.  A Google search for Atrivo produces even more  fascinating information like this and this.  More on this one later.

  • Talkback
  • Most Recent of 19 Talkback(s)
RE: More super rogue anti-spyware
http://www.analogstereo.com/ferrari_enzo_owners_manual.htm... (Read the rest)
Posted by: gg_forums Posted on: 05/04/08 You are currently: a Guest | | Terms of Use
Had to go there ....  Linux_4u! | 01/19/06
I wonder what if...  JJ_z | 01/19/06
Yes .... I know  Linux_4u! | 01/19/06
the point  my.subscriptions@... | 01/19/06
Whatever, Linux Dork  jpr75_z | 01/19/06
Awwww, that word is so outdated!  Sabz5150 | 01/20/06
If we are wasting your time....  Suzi_z | 01/19/06
It sounds like the popup on their webpage  zmud | 01/20/06
Message I Got  itanalyst | 01/19/06
The oil companies have you by your private parts  Taz_z | 01/19/06
Say What?  gwrigg | 01/19/06
mine was  LazLong | 01/19/06
Other 'Rogue' anti-spyware????  canon_man | 01/19/06
regarding Xoftspy  Suzi_z | 01/19/06
No go with a Mac  Len Rooney | 01/19/06
Can't infect me  Troll Hunter | 01/20/06
Speaking of swiss cheese  Sabz5150 | 01/20/06
Firewalls as "Swiss cheese"  SilverEagle_z | 01/26/06
RE: More super rogue anti-spyware  gg_forums | 05/04/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here