NEWS FROM THE LAB - Friday, April 9, 2010

Rogue AV Localization Fail Posted by Sean @ 12:59 GMT

Yesterday, while researching some blacklisted domains, we came across five rogue scanning UIs hosted from a single URL.

That's five scams for the price of one and we only needed to refresh our browser. All of our screenshots were taken from a computer running Linux.

The first one called itself AntivirusPlus and wanted its victim to Erase infected.
Antivirus Plus

Next, we refreshed, and there was another version of AntivirusPlus (red & white emblem) asking the victim to Protect now.
Antivirus Plus

Refreshing again, and it became XPert Antivirus (again with red & white emblem).
Antivirus Plus

But then back to AntivirusPlus on the next refresh, this time with a friendly 7 on the left side and an option to Turn on.
Antivirus Plus

And last but not least, the classic Windows XP look and feel.
Antivirus Plus

Before the XP UI was launched, this prompt was displayed:
Antivirus Plus

Hmm… notice anything interesting about the Cancel button? We have just one thing to say to that.

Spasibo, ne nado.