Hosts News : ipsCAhttp://msmvps.com/blogs/hostsnews/archive/tags/ipsCA/default.aspxTags: ipsCAenCommunityServer 2008.5 SP2 (Build: 40407.4157)Another Rogue product from LocusSoftwarehttp://msmvps.com/blogs/hostsnews/archive/2008/04/11/1582513.aspxFri, 11 Apr 2008 09:58:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1582513winhelp20021http://msmvps.com/blogs/hostsnews/archive/2008/04/11/1582513.aspx#comments<p>Following up on a <a class="" href="http://msmvps.com/blogs/spywaresucks/archive/2008/04/10/1580976.aspx" target="_blank">post from Sandi</a> who is reporting yet another malicious advertisement (.swf) that redirects several times until you land on one of many rogue Antispyware products from <a class="" title="Whois Info" href="http://whois.domaintools.com/antispywaremaster.com" target="_blank">LocusSoftware</a> ...</p> <p><img height="379" alt="" src="http://mvps.org/winhelp2002/blog/antispywaremaster3.gif" width="515" border="1" /></p> <p>When you click the Download button you are routed to a &quot;secure&quot; page where you are prompted to purchase their (bogus) product ... as I <a class="" href="http://msmvps.com/blogs/hostsnews/archive/2008/03/19/1547210.aspx">predicted</a> before once Comodo revoked their certificated from the WinFixer/SetUpAHost (LocusSoftware) group ...</p> <p><em>&quot;Good news gang ... I was informed by Comodo that they have revoked all certificates issues to the WinFixer/SetUpAHost ... I know it&#39;s only a small victory but it causes them to look elsewhere, and I&#39;m sure it won&#39;t take them long to establish another bogus setup ...&quot;</em></p> <p>Looks like they switched to &quot;<a class="" href="http://certs.ipsca.com/" target="_blank">ipsCA</a>&quot; for their certificates ... (highlighted in blue)</p> <p><img height="320" alt="" src="http://mvps.org/winhelp2002/blog/antispywaremaster.gif" width="433" border="1" /></p> <p>What&#39;s scary about this connection is ipsCA is a certificate issuer via Microsoft ... from the info on their site ...</p> <p><img height="201" alt="" src="http://mvps.org/winhelp2002/blog/antispywaremaster2.gif" width="354" border="1" />&nbsp;Image edited for display purposes.</p> <p>I&#39;ll be contacting the involved parties to see if they will revoke these certificates as well ...</p><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1582513" width="1" height="1">ipsCA