Fake antivirus under the cover of Comodo CA
Rogue Antivirus (fake antivirus) is a program that simulates the actions of an antivirus product, detects pseudoviruses in the system and requires or pays money for their treatment or download updates that are already real spyware. Despite the obviousness of such a “divorce”, many users are unaware that they have been subject to fraud. Especially those who believe in protected certificates issued by trusted testers.
One of the users in the blog writes about how he, at one of the offsites of the next Rogue antivirus (guardlab2009.com), faced the fact that the certificate was issued by none other than the company Comodo CA, which produces the same name of the Internet Security class, previously known like a nice free firewall. Checking the sites on the same IP, the author noted that Comodo CA issued certificates and other similar "fakes", some of which are really spyware. For example, secure.a5bill.com distributes Win32 / Adware.CoreguardAntivirus for this brand.
')
The most interesting thing is that certificates that expire are still renewed by Comodo. Thus, rapid- antivir-2009.com, rapid- antivir2009.com, rapid- antivirus2009.com, redirected to secure.xsoftstore.com had a certificate issued before April 28, 2009. However, now there is used an updated certificate until the end of July.
The official reaction from the company Comodo CA to the treatment of the blogger has not yet followed.
Supplement: a list of the most famous sites with fake antivirus
One of the users in the blog writes about how he, at one of the offsites of the next Rogue antivirus (guardlab2009.com), faced the fact that the certificate was issued by none other than the company Comodo CA, which produces the same name of the Internet Security class, previously known like a nice free firewall. Checking the sites on the same IP, the author noted that Comodo CA issued certificates and other similar "fakes", some of which are really spyware. For example, secure.a5bill.com distributes Win32 / Adware.CoreguardAntivirus for this brand.
')
The most interesting thing is that certificates that expire are still renewed by Comodo. Thus, rapid- antivir-2009.com, rapid- antivir2009.com, rapid- antivirus2009.com, redirected to secure.xsoftstore.com had a certificate issued before April 28, 2009. However, now there is used an updated certificate until the end of July.
The official reaction from the company Comodo CA to the treatment of the blogger has not yet followed.
Supplement: a list of the most famous sites with fake antivirus
Source: https://habr.com/ru/post/59824/
All Articles