Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Infamous vendor of "AntiVirus XP" badware sued

By Adam O'Donnell | September 30, 2008, 7:29am PDT

Summary

The software purveyor behind AntiVirus XP, a fake anti-virus package, has been sued and will hopefully be put out of business.

There has been plenty of information available on this organization for some time, yet unsuspecting consumers continue to hand over their own money for what amounts to malware. Alex Eckelberry at Sunbelt Software has [...]

Topics

Software, Antivirus, Microsoft Windows XP, Viruses And Worms, Security, Adam O\'Donnell

Blogger Info

Ryan Naraine

Biography

Ryan Naraine

Ryan Naraine
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Dancho Danchev

Biography

Dancho Danchev

Dancho Danchev
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter
Vendor HotSpot
Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

The software purveyor behind AntiVirus XP, a fake anti-virus package, has been sued and will hopefully be put out of business.

There has been plenty of information available on this organization for some time, yet unsuspecting consumers continue to hand over their own money for what amounts to malware. Alex Eckelberry at Sunbelt Software has been tracking the fake software epidemic for some time, documenting some of the unmitigated gall these badware purveyors have displayed. They have even gone so far as to take out Google AdWords to push their malware. A solid breakdown of the legal events is available here.

The important thing to take away is that evaluating the quality of security products is incredibly difficult. Even independent agencies find it challenging to determine the relative effectiveness of different anti-virus products. The sad fact is that the only individuals who stand a chance of acquiring security software based upon merit alone are those of us who are in the security industry. The remainder are forced to rely upon word of mouth and marketing, and that leaves an inherent gap for badware vendors.

For those of you who have either bought AntiVirus XP or know someone who has, I recommend you remove it immediate and install a real anti-virus package from any number of reputable firms, such as Norton (Symantec), McAfee, AVG, Kaspersky, Sunbelt, Panda, and the like. If you are unsure regarding whether or not your software is classified as badware, you should consult groups such as the Berkman Center’s Stop Badware initiative.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000.

Disclosure

Adam O'Donnell

Adam J. O’Donnell currently works for Cloudmark, a messaging security company whose clients include the majority of the Tier 1 customer-facing service providers as well as mobile carriers and social networks. He serves on the advisory committee for the SOURCE Security Conference, as well as several conference technical program committees. Many of his close friends work in the security industry, and he will disclose those relationships as he deems it necessary.

Biography

Adam O'Donnell

Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco.

Adam early on mastered the art of writing in complete sentences, using both hands and one foot. Later, he learned to do so with each individually. After fourteen years of apprenticeship in the mist-covered hills of central Nepal, Dr. O'Donnell emerged an unparalleled digital warrior and in desperate need of a anti-fungal wash.

Approaching both life and enterprise security with the verve of a particular capuchin, he is respected the world over as an observer of all he sees. Adam's dry blade of analysis will sever the hard candy shell surrounding most technical security concepts, and significantly goo-ify the remaining so as to be consumable in small bites with sufficiently large servings of digestive aids. Just what the doctor ordered.

More from “Zero Day”

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion

Talkback Most Recent of 51 Talkback(s)

  • All I can say is...
    Thank goodness for SmitFraudFix ! Otherwise this thing would be a nightmare to remove...
    ZDNet Gravatar
    BitTwiddler
    09/30/2008 07:52 AM
  • Combofix has worked well
    (NT)
    ZDNet Gravatar
    zmud
    09/30/2008 08:09 AM
  • combofix, smitfraudfix, etc
    I used all the usual tools to remove at least one incarnation of this s__tware, and it still kept coming back! Had to run the "uninstaller," then run smitfraudfix, then manually remove the folders and registry keys!
    ZDNet Gravatar
    unclefixer@...
    09/30/2008 08:42 PM
  • Removing it COMPLETELY
    It appears that the newest anti-spyware definitions from Webroot and Lavasoft (Ad-Aware) seem capable to detect and remove the AntiVirus XP badware / fraudware.

    Although, also running smitfraudfix, then manually removing any remaining AntiVirus XP folders and registry keys seems a sound, recommendable idea.
    ZDNet Gravatar
    JoeRJr
    10/01/2008 04:48 AM
  • I went after it with HijackThis!
    and managed to get it off my daughters PC. What a PITA!
    Then I still needed to restore the tabs it dropped off the Display aplet in Control Panel and kill that wallpaper it loaded.
    What a scam!
    ZDNet Gravatar
    pikeman666
    10/01/2008 09:11 AM
  • Oye! No kidding......
    I had to use Hijack this and Killbox and what a PITA is right! Locked me up tighter than a dead man's chest. I hope they are hanged.
    ZDNet Gravatar
    gloamin@...
    10/01/2008 01:00 PM
  • Malwarebytes' Anti-Malware
    I've had to clean this along with Antivirus 2008 and 2009 on 3 PCs for other people. I used Malwarebytes' Anti-Malware and it knocked the majority of it out. Then scans with ESET's NOD32 online scanner. I also used CastleCops Wiki. For CastleCops Wiki search for:

    Malware Removal and Prevention - CastleCops
    ZDNet Gravatar
    PittSteeler
    (Edited: 10/01/2008 02:52 PM)
  • You could also use secunia.com. They have a good
    online scanner and secunia is a pretty well informed site.
    ZDNet Gravatar
    hkommedal
    10/01/2008 06:18 PM
  • i used malywarbytes anti-malware also
    it worked like a charm since ad-aware didn't do the job.
    ZDNet Gravatar
    katrillionaire@...
    10/03/2008 10:16 PM
  • I hope this....
    I hope the "producer" of Antivirus XP gets what he deserves. It took me 3 days to manually get rig of that badware.
    ZDNet Gravatar
    ciobanusebastian
    09/30/2008 11:40 AM
  • Why aren't these people in prison?
    There are more than enough federal statutes covering unauthorized access to computer equipment, hacking, and wire fraud. It should be a simple matter to put these guys in a Federal penitentiary, with minimal preparation by a US Attorney. And given the "new and improved" seizure laws without a trial, they could put these people out of business overnight if nothing else by taking all their computer equipment and never giving it back.

    All I can assume is that the prosecutors aren't interested in anything that doesn't grab headlines like a terrorist or kiddie porn bust ...
    ZDNet Gravatar
    terry flores
    09/30/2008 04:04 PM
  • Why aren't these people in prison?
    >>All I can assume is that the prosecutors aren't interested in anything that doesn't grab headlines like a terrorist or kiddie porn bust ...

    I think that is a big past of it. I also think that most prosecutors are not tech savvy enough to prepare and prosecute cases of this type.

    There are also a lot of judges out there without the technical expertise to preside over trials of this type.
    ZDNet Gravatar
    ShoreLeave
    09/30/2008 04:18 PM
  • Why aren't these people in prison?
    First you have to prove that they did something wrong and what it was. It's not always as straight forward as you my think. Some of these companies hide under cleverly writen EULA's and various other documentations and disclaimers that serve to slow down the legal actions against them. Most of these badware "companies" spend more time and money on their legal departments then programming, and if they survive long enough, they lobby for laws for companies and lawmakers to protect them. Ask any knowledgable person in the IT industry if even some of the major brands sometimes miss specific and very well known malware. You'd be suprised at who's heads can be turned by a truck load of benjamins, though as long as it's been going on I don't see why anyone still is.

    Knowledge is Power.
    Anymore questions?
    ZDNet Gravatar
    ShadowGIATL
    09/30/2008 04:50 PM
  • These companies are big enough to lobby?
    "Some of these companies hide under cleverly writen EULA's and various other documentations and disclaimers that serve to slow down the legal actions against them."

    This might hold water against civil suits, but EULAs aren't worth spit against criminal prosecution. They are prosecuting a woman for violating federal hacking laws just because she used a fake name and address for a myspace account, so the bar for proving unauthorized access is pretty low these days.

    The other thing to consider: Federal prosecutors enjoy a 95% conviction rate, and the judges (almost all of them are former prosecutors) give them wide latitude when presenting and interpreting evidence. While computer crimes may be unfamiliar to the judges, it just means they depend on the prosecutors even more to interpret both the law and the facts.
    ZDNet Gravatar
    terry flores
    10/01/2008 02:40 AM
  • Care to cite that?
    They are prosecuting a woman for violating federal hacking laws just because she used a fake name and address for a myspace account

    I'd like to know what the circumstances were. Is it that case where the girl committed suicide?
    ZDNet Gravatar
    hasta la Vista, bah-bie
    10/01/2008 09:33 AM
View More Comments

Talkback - Tell Us What You Think

advertisement

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
advertisement