Limelight distributes hundreds of Rogue Antispyware products

Looks like Limelight is involved in distributing hundreds of Rogue Antispyware products ... the majority of these are from "LocusSoftware" which I have mentioned before. However I found an interesting video produced by Symantec that shows all these clones ... and there are hundreds! So let's take "SpyGuardPro" as an example ...

Oops ... Google has flagged this as a malicious site ...

Ok ... let's go there and see ... appears my AV (NOD32 v3) doesn't like it either ...

As you can see the download is attempted from "content.onerated.com" which is running from ... you guessed it.
Limelight Networks server. Scanning the download (install_en.exe) at VirusTotal revels the following:

This is the same exact file (install_en.exe) that I've mentioned before, and just to leave no doubt, this is the same installer detected by SunBelt which was used by WinFixer. So all LocusSoftware is doing is changing the embedded URLs within the file for each of the hundreds of clones it creates as seem in the Symantec video above ...

87.117.252.11  spyguardpro.com (hosted at Eukhost_ltd)
87.117.252.11  sale.spyguardpro.com (hosted at Eukhost_ltd)
204.16.204.56  jsp.spyguardpro.com (hosted at Setupahost)
204.16.204.56  protect.spyguardpro.com (hosted at Setupahost)
85.12.60.13     ykeeper.spyguardpro.com (hosted at Euroaccess)

Although it's doubtful that (US) officals can do anything about the foreign locations, they can certainly question the unsavory practices of LimeLight since it is a US company ...

"knock-knock" = "who's there?" The FTC (we can only hope!)

Published Mon, Dec 17 2007 4:45 by winhelp2002
Filed under:

Comments

# re: Limelight distributes hundreds of Rogue Antispyware products

Monday, December 17, 2007 7:06 AM by sandi

Ping me offline Mike....

Sandi

# re: Limelight distributes hundreds of Rogue Antispyware products

Monday, December 17, 2007 8:38 AM by Dean

"Although it's doubtful that (US) officals can do anything about the foreign locations, they can certainly question the unsavory practices of LimeLight since it is a US company"

True, but I wouldn't hold my breath. Look at Cernel and Intercage, also domestic companies. Cernel is behind all the "DVD Access" rogue codec web sites along with many others.

# re: Limelight distributes hundreds of Rogue Antispyware products

Monday, December 17, 2007 3:06 PM by winhelp2002

Dean,

That's true but those hosting companies do not boast about their "partners" like this:

www.limelightnetworks.com/partners.html

# re: Limelight distributes hundreds of Rogue Antispyware products

Thursday, December 20, 2007 12:56 PM by Mike Nolet

It's silly to go after LimeLight, they're just a CDN -- you give them a piece of content, they will deliver it for you around the world. They're a dumb interface used to decrease latency and increase bandwidth when serving static content.

# re: Limelight distributes hundreds of Rogue Antispyware products

Thursday, December 20, 2007 3:15 PM by winhelp2002

Mike,

While you may think it is silly ... I certainly do not. The purpose is to cut off any and all routes possible that apply to the WinFixer gang.

# AntiSpywareControl yet another Rogue/Suspect Anti-Spyware Product

Sunday, December 23, 2007 5:44 AM by Hosts News

Landing on the following site the viewer is presented with not only a "IFrame.Exploit" and