Fraud on the "installation" and "activation" paid "updates"
Literally less than an hour ago (14:07) I came across a blatant case of fraud.
Designed for computer illiterate user, that is, 90% of Internet users.
1. I searched Google for the text of a rare song and moved from the search results to the webkind.ru website page, where I saw this picture:
2. For my 15 years on the Internet I have never seen such impudence, so I decided to check what it is. In order to make sure that this is a special hoax on the indicated site, and not a random advertisement, I went to the main page of webkind.ru and saw the following advertisement (the inscription “BROWSER UPDATE” is flickering):
')
3. Then I checked what would happen if I click on the ad. The site yourbrowserupdatintoday.info has opened :
4. Regardless of the arrangement of “ticks” by clicking on the “activate” button, flash animation is launched to illustrate a false “scan” and “check” of the computer for a certain “build” of the update. In this case, the names of the paths to the files of standard programs under Windows flash: Outlook, Office, etc .:
5. At the end of the “service” action, the user is pleased that “the assembly of the update package has been completed” and offers to “activate protection” by signing in the corner “the cost is 3 rubles. 41. cop. ":
6. Clicking on the “Activate” button opens a page with the message that “software has been successfully installed” and “mandatory activation required”, and a call to enter your phone number:
Here the scammers acted strangely, apparently deciding to comply with certain requirements of the aggregators of short numbers and gave a link "
cost for subscribers ", which leads to the information about the short number 1121 on the website of the company" A1-Aggregator ".
Most of all, I was outraged even by the fact that people are splitting up on paid SMS (we have already seen this), deceiving by installing the “update”, but outraged by the active use of Mozilla Firefox’s symbols to deceive the user's trust.
If I correctly understood the essence of this site, then it mimics all common browsers and other popular software, suggesting “install and activate an update”:
On the same page, you can appreciate the humor of the scammers who signed the bottom of the page “2011. Everything is protected. All are protected. ”:
Whois data for yourbrowserupdatintoday.info give the following information (which is not necessarily true):
I have no experience in punishing such scammers, I urge the community to acquire and share such experience with each other. It is necessary not only to get the aggregator to stop receiving paid SMS to a short number, but to find the creator of this “service” and demand that our valiant police pursue the fraudster according to the law.
PS: Taking this opportunity, I want to wish the author of this service that he always had monitors with broken pixels, failed RAM, the batteries were discharged quickly, the cellular signal was not caught, the cooler was always clogged with dust, the cat would often walk on the keyboard (when open SSH) so that each new account on Habré would quickly go into a minus, so that the girl would become a lesbian and go to another, so that by the end of reading this message, the squint and trembling in her hands began ...
UPDATE: AlexiusGreen pointed to a question that reported a similar clone site obnovisvoysoftnow.info. The names on which the domains are registered are apparently fake.
UPDATE 2: Search for exact quotes in Google found another clone: ​​a3revision.info
UPDATE 3: Further research has led to two posts on the Internet on the subject of the same fraud: 1 , 2 . The second link lists many domains that apparently no longer work. The scammer is obviously constantly launching his "service" on all new domains.
Also found several similar services with "updates" for Windows: updatewin7.info, winupdate-4.info. And another domain is a complete clone: ​​up993.info
UPDATE 4: More clones from Sklif : winupdate-3.info, latest-update.info
UPDATE 5: Sklif posted in the comments a huge list of clone domains . By hosting you can assume that the fraudster is associated with Ukraine.
UPDATE 6: Rewerson pointed out similar in fact sites of scammers with Opera Mini / Mobile: rmy.biz, myoperamini.net, new-opera-mini6.com
UPDATE 2011-09-11: Someone (probably a UFO) moved the topic to “I resent” and made it closed. This is not true: a topic makes sense only in open form, and certainly it is not a topic of simple indignation. If the Info Security blog is not about the misuse of information systems, then I would ask UFOs to actually create the Fraud blog, as suggested in the comments. The topic is open again moved to InfoSecurity.
Designed for computer illiterate user, that is, 90% of Internet users.
1. I searched Google for the text of a rare song and moved from the search results to the webkind.ru website page, where I saw this picture:
2. For my 15 years on the Internet I have never seen such impudence, so I decided to check what it is. In order to make sure that this is a special hoax on the indicated site, and not a random advertisement, I went to the main page of webkind.ru and saw the following advertisement (the inscription “BROWSER UPDATE” is flickering):
')
3. Then I checked what would happen if I click on the ad. The site yourbrowserupdatintoday.info has opened :
4. Regardless of the arrangement of “ticks” by clicking on the “activate” button, flash animation is launched to illustrate a false “scan” and “check” of the computer for a certain “build” of the update. In this case, the names of the paths to the files of standard programs under Windows flash: Outlook, Office, etc .:
5. At the end of the “service” action, the user is pleased that “the assembly of the update package has been completed” and offers to “activate protection” by signing in the corner “the cost is 3 rubles. 41. cop. ":
6. Clicking on the “Activate” button opens a page with the message that “software has been successfully installed” and “mandatory activation required”, and a call to enter your phone number:
Here the scammers acted strangely, apparently deciding to comply with certain requirements of the aggregators of short numbers and gave a link "
cost for subscribers ", which leads to the information about the short number 1121 on the website of the company" A1-Aggregator ".
Most of all, I was outraged even by the fact that people are splitting up on paid SMS (we have already seen this), deceiving by installing the “update”, but outraged by the active use of Mozilla Firefox’s symbols to deceive the user's trust.
If I correctly understood the essence of this site, then it mimics all common browsers and other popular software, suggesting “install and activate an update”:
On the same page, you can appreciate the humor of the scammers who signed the bottom of the page “2011. Everything is protected. All are protected. ”:
Whois data for yourbrowserupdatintoday.info give the following information (which is not necessarily true):
Registrant Name: Mikhail Lobachev
Registrant Street1: Konstantinogradskaya 6-1-8
Registrant City: Peterburg
Registrant State / Province: St.Peterburg
Registrant Postal Code: 192262
Registrant Country: RU
Registrant Phone: +7.952679890
Registrant Email: millioner24@inbox.ru
I have no experience in punishing such scammers, I urge the community to acquire and share such experience with each other. It is necessary not only to get the aggregator to stop receiving paid SMS to a short number, but to find the creator of this “service” and demand that our valiant police pursue the fraudster according to the law.
PS: Taking this opportunity, I want to wish the author of this service that he always had monitors with broken pixels, failed RAM, the batteries were discharged quickly, the cellular signal was not caught, the cooler was always clogged with dust, the cat would often walk on the keyboard (when open SSH) so that each new account on Habré would quickly go into a minus, so that the girl would become a lesbian and go to another, so that by the end of reading this message, the squint and trembling in her hands began ...
UPDATE: AlexiusGreen pointed to a question that reported a similar clone site obnovisvoysoftnow.info. The names on which the domains are registered are apparently fake.
UPDATE 2: Search for exact quotes in Google found another clone: ​​a3revision.info
UPDATE 3: Further research has led to two posts on the Internet on the subject of the same fraud: 1 , 2 . The second link lists many domains that apparently no longer work. The scammer is obviously constantly launching his "service" on all new domains.
Also found several similar services with "updates" for Windows: updatewin7.info, winupdate-4.info. And another domain is a complete clone: ​​up993.info
UPDATE 4: More clones from Sklif : winupdate-3.info, latest-update.info
UPDATE 5: Sklif posted in the comments a huge list of clone domains . By hosting you can assume that the fraudster is associated with Ukraine.
UPDATE 6: Rewerson pointed out similar in fact sites of scammers with Opera Mini / Mobile: rmy.biz, myoperamini.net, new-opera-mini6.com
UPDATE 2011-09-11: Someone (probably a UFO) moved the topic to “I resent” and made it closed. This is not true: a topic makes sense only in open form, and certainly it is not a topic of simple indignation. If the Info Security blog is not about the misuse of information systems, then I would ask UFOs to actually create the Fraud blog, as suggested in the comments. The topic is open again moved to InfoSecurity.
Source: https://habr.com/ru/post/127653/
All Articles