X
Business
Home Business Tech Industry

More super rogue anti-spyware

Be on the lookout for another new supposed anti-spyware program that might be hijacking desktops any day now. This one is called PestTrap and it's a clone of SpySheriff. Last week I mentioned ISPs hosting spyware, but where are these CWS related rogue apps being hosted?
Written by Suzi Turner, Contributor

Be on the lookout for another new supposed anti-spyware program that might be hijacking desktops any day now.  This one is called PestTrap and it's a clone of SpySheriff. SpySheriff was one of the top 10 rogue anti-spyware apps of 2005, coming in at number 2.  You can see a screenshot of the PestTrap website at SunbeltBLOG and a screenshot of the app itself, along with the false positives in the scan results here. You'll see that SpySheriff, SpyTrooper, SpyDemolisher, SpywareNo! and Spyware-Stop are almost identical.  If you scroll down the page a bit, you can see the other families of apps like SpyAxe and RazeSpyware that are deemed to be CoolWebSearch related by spyware researchers. 

PestTrap was found being advertised on a new fake security center web page, uptodatesecurity.com (link to whois info).  I don't recommend going to that page in Internet Explorer. Even in Mozilla a fake warning pops up saying "your pc is infected with spyware blah.. blah...".  The domain is showing up in HijackThis logs already.  Example here.

Last week I mentioned ISPs hosting spyware, but where are these CWS related rogue apps being hosted?  Look at the whois info for pesttrap.com. Unlike SpyAxe which is hosted in the Ukraine, the PestTrap site is hosted at IP address 69.50.167.173 which belongs to an ISP in California, InterCage, Inc., formerly known as Atrivo.  Note the nameservers are mail.atrrivo.com and pavel.atrivo.com.

OrgName:    InterCage, Inc.
OrgID:      INTER-359
Address:    1955 Monument Blvd.
Address:    #236
City:       Concord
StateProv:  CA
PostalCode: 94520
Country:    US

The IP address is currently blacklisted by SORBS and Spews. Even the Intercage.com domain has been blacklisted for spam back to September 2005. The Spews record has some interesting info as well.

Not surprisingly, SpySheriff.com (link to whois) is hosted at InterCage, and we have SpyTrooper.com on the same IP address, 69.50.170.82. The other domain on the IP is Spy-Sheriff.com. This IP is also currently blacklisted.

InterCage, Inc. INTERCAGE-NETWORK-GROUP (NET-69-50-160-0-1)
                                  69.50.160.0 - 69.50.191.255
William Lu STANDARDSHELLS (NET-69-50-170-0-1)
                                  69.50.170.0 - 69.50.170.255

The Intercage.com (link to site) home page is white and blank except for "..." in the upper left corner.  Now, that seems odd to me. An ISP with a blank homepage? Google searches for Intercage.com and Intercage, Inc. bring up all kinds of interesting links.  A Google search for Atrivo produces even more  fascinating information like this and this.  More on this one later.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

pxl-20240424-181716738

Facebook's Meta AI is lying when it says you can disable it - but here's what you can do

Placeholder product image alt text

The best AI image generators to try right now