<<<
NEWS FROM THE LAB - Friday, April 9, 2010
>>>
 

 
Rogue AV Localization Fail Posted by Sean @ 12:59 GMT

Yesterday, while researching some blacklisted domains, we came across five rogue scanning UIs hosted from a single URL.

That's five scams for the price of one and we only needed to refresh our browser. All of our screenshots were taken from a computer running Linux.

The first one called itself AntivirusPlus and wanted its victim to Erase infected.
Antivirus Plus


Next, we refreshed, and there was another version of AntivirusPlus (red & white emblem) asking the victim to Protect now.
Antivirus Plus


Refreshing again, and it became XPert Antivirus (again with red & white emblem).
Antivirus Plus


But then back to AntivirusPlus on the next refresh, this time with a friendly 7 on the left side and an option to Turn on.
Antivirus Plus


And last but not least, the classic Windows XP look and feel.
Antivirus Plus


Before the XP UI was launched, this prompt was displayed:
Antivirus Plus


Hmm… notice anything interesting about the Cancel button? We have just one thing to say to that.

Spasibo, ne nado.