Friday, October 16, 2009

Secure Shield fake rogue

The previous post: Secure Shield rogue was a test.

Some blog webmasters are regularly using the screenshots I made on their blog post. They just take the pictures, wrote a text about the rogue dangerousness and link to a "Free Scan", "Free Removal" tool (which is NOT free). Without analyzing the rogue itself.

Those blogs are cleaners affiliates. If the downloaded cleaner they link to is installed and registered, they get a retribution. They don't care if the tool can remove or not the infection. They don't analyze the infection. They just make a maximum traffic and try to be ranked on google first page.
Some others blogs webmasters are promoting PUP softwares. Here again, PUP softwares creators don't analyze files. They try to sell their tools with a good google rank.

So I decided to MAKE a picture of a new rogue that does NOT exist: Secure Shield. I post the picture and wait for the "serious" guys.

10 minutes after my blog and my digg post, Loaris posts a modified picture of mine (his digg). Loaris Trojan Remover was classified once as rogue.



Few minutes later, another webmaster blogs about Secure Shield removal: Trojan Killer (a clone of Loaris Trojan Remover).



Then it is PC Tools / Spyware Doctor affiliates turn to promise full removal of the rogue. Those guys are inventing files, folders and keys name.



Another PC Tools / Spyware Doctor Affiliates:









Edit: One day after, it's still going on:







3 days after, there is more posts about the Fake Trojan romover. Spyware Doctor PC Tools affiliates copying others Spyware Doctor PC Tools affiliates posts.



Users should not trust cleaners promoted by affiliates business plan.
Click on the pictures to see the full capture of the blogs pages. The seed has germinate, you can search on google for more. Some of them manage to get removed from google (Loaris Trojan Remover delete his post about SecureShield).