MALWAREREMOVALBOT IS MALICIOUS Rogueware!
Update for July 3, 2010: Malware Removal Bot is currently being promoted by @cbkidsoftware on Twitter.
——————
Malwareremovalbot is a malicious and ROGUE anti-spyware application. Malwareremovalbot is not designed to resolve registry, spyware, or malware woes. Though you can download this malicious Rogueware from what appears to be a legitimate site, it is anything BUT a legitimate site! Once you have downloaded the trial and installed it, this particular rogueware will bombard you with fake pop-ups insisting that you purchase the full version of their product in order to remove myriad security alerts and overzealous pop-ups . The threats detailed in this rogue application are quite dramatic, but entirely false. It is merely social engineering enlisted to prey upon your fears and to rip you off financially. 
You can also find Malwareremovalbot on social networking sites such as Twitter, and in sponsored ads at Google and Bing
@evilfingers (twitter) stated at his blog in Campaign scareware propagation MalwareRemovalBot
“Registering multiple domains on a single IP address, is one of the methodologies used for the propagation of scareware programs because it allows a consistent positioning web unethical by the way, expanding the horizon of possibilities that a desperate user reaches web that promises, through its false product, its magical way of solving problems or implement a so-called security layer to your computer to potential infections.” [Be sure to go to evilfingers blog to read the rest of this article.]
At the List of Known Malicious Sites /Rogue Software, a very hearty warning appears: “These programs and related sites are so dangerous that I have specifically ensured that readers CANNOT click any links and be redirected to them. This has been done for your safety.”
Recent Tweets from Twitter about malwarereovalbot:
@garyscrook hXXp://twitter.com/garyscrook
http://adslurper.malremov…MalwareRemovalBot Malware Removal Tool. Designed Specificlly For Malware Related.
MalwareRemovalBot Malware Removal Tool. hXXp://bit.ly/CAzot
hXXp://www.malwareremovalbot<>com/?hop=cmedaily
IP for malwareremovalbot.com [August 2009]
Canonical name: 2.a9.354a.static.theplanet.com
Addresses:
74.53.169.2
Some other sites hosted on the same server:
adwarefree<>com
affiliates.adwarefree<>com
affiliates.malwareremovalbot<>com
affiliates.registryfox<>com
malwareremovalbot<>com
registryfox<>com
winregpro.com
www.malwareremovalbot<>com
www.registryfox<>com
Look at all the affiliate subdomains!
Lo and behold! An entirely AWESOME press release posted on July 20, 2009. Then we end up at
hXXp://malwareremovalbot<>repairandsecure.com IP: 74.52.151.178
Then wget exposes hXXp://www2.repairandsecure<>com/ and McAfee Site Advisor confirms that the site promotes Rogue Software.
Mcafee siteadvisor has some interesting reviews…
“None of these “companies” offer legitimate products. They are part of an affiliate marketing machine, whose spread has been enabled by the web. Thanks to the web, anyone, anywhere, can promote a scam. These crapware promoters share common characteristics that make it easy to separate them from legitimate developers of software, including:
• Their domain registration is hidden or fabricated
• Unsubstantiated claims like “award-winning”
• A total lack of credible CONTACT information
• Promotion of the same software on numerous clone sites
• The use of bogus testimonials by their affiliates on SiteAdvisor and C|Net
• Encouraging affiliates to relentlessly promote the software, resulting in numerous bogus “review” web sites like this one.” –Dean, McAfee Experienced Reviewer
hXXp://www2.repairandsecure<>com/ claims to be a Microsoft Gold Certified Partner
Repair & Secure endorses: Cyber Security Alliance (CSA) & Stay Safe Online (SSO)
Rogue scareware ENDORSES CSA and SSO – I’m so impressed!
From the malwareremovalbot web site:
Affiliates paid 75%
The Malwareremovalbot FAKE Press Release:
“Malware Removal BOT software provides dynamic protection for any PC. Once installed, it protects a computer by finding and removing Malware on the spot. Then, thanks to Malware Removal BOT’s automatic update feature, user’ computer is protected from future…”
And at the end of they are still:
Is Google & Bing helping Antispyware LLC to push rogueware? Is Microsoft a GOLD partner? Do affiliates really earn 75%?
Would you want this guy to manage your IT department?
Until Next time – Stay Safe!
2 Comments
MalwareRemovalBot is pure and utter crapware that is designed to scare users into purchasing this junk which then leaves the user at risk of ID Theft and Fraud as payment is usually via credit card.
Like many other malicious and scareware programs, the intention is to get user to pay for it and the criminal gangs behind them then have the credit card details, which is a very lucrative business for them.
It is sad that so many users fall for this garbage, all they have to do is google the name and in most cases they will find ‘removal instructions’.
As for the affiliates, they simply jump on the bandwagon to make a few bucks yet many of these rogues are also available on download.com, softpedia and so on which makes them appear to be genuine……they are not!
By using Black Hat SEO the criminals gain good placings in the search engines which only helps them, although moves are being undertaken to resolve this.
As for the IT guy, hell, I wouldn’t want him near any computer as he can guarantee screwing it completely!
Thanks for the information Colin – if only Twitter would take this more seriously! BTW – I appreciate your site – the Malicious Sites Update is especially important and helpful.
Cheers and thanks again!