September 3, 2011 at 14:53Fraud on the "installation" and "activation" of paid "updates"
Literally less than an hour ago (14:07) I came across a flagrant case of fraud.
Designed for a computer-literate user, that is, 90% of Internet users.
1. I searched in Google text of rare songs and moved from the search results page webkind.ru site where I saw this picture: 2. During its 15 years on the Internet such impudence I have not seen, so I decided to check what it is. In order to make sure that this is a special fraud on the specified site, and not an accidental advertisement, I went to the webkind.ru main page and saw the following advertisement (the inscription “BROWSER UPDATE” flickers): 3. Then I checked what would happen if I click on ad. The website yourbrowserupdatintoday.info has opened :
4. Regardless of the arrangement of “checkmarks”, a flash animation is launched by clicking on the “activate” button, illustrating a false “scan” and “check” of a computer for a certain “build” of an update. At the same time, the names of the paths to the files of standard programs for Windows flash: Outlook, Office, etc.: 5. At the end of the action, the “service” pleases the user that “the update package has been completed” and offers “activate protection” by signing in the corner “cost 3 rub 41. kop. ”: 6. By clicking on the“ Activate ”button, a page opens with a message stating that“ the software has been successfully installed ”and“ mandatory activation is required, ”and calling to enter your phone number: Here the scammers acted strangely, apparently deciding comply with certain requirements of aggregators of short numbers and gave the link "
cost for subscribers ", which leads to information about the short number 1121 on the A1-Aggregator company website.
I was most outraged not only by the fact that people are being bogged down by paid SMS (we have already seen this), deceiving the installation of the" update ", but Outraged by the active use of Mozilla Firefox symbols to deceive the user’s trust,
if I correctly understood the essence of this site, it mimics all popular browsers and other popular software, suggesting “install and activate the update”: On the same page you can appreciate the humor of scammers, signatories at the bottom of the page "2011. Everything is protected. All is protected.": Whois data for the domain yourbrowserupdatintoday.info gives the following information (which is not necessarily true at all):
I have no experience in punishing such scammers, I urge the community to acquire and share such experience. It’s necessary not only to get the aggregator to stop receiving paid SMS to a short number, but to find the creator of this “service” and require our valiant police to prosecute the fraudster by law.
PS: Taking this opportunity, I want to wish the author of this service that he always had monitors with dead pixels, the RAM crashed, the batteries were discharged quickly, the cellular signal wasn’t caught, the cooler was always dusty, so the cat often walked on the keyboard (when SSH is opened), so that every new account on Habré quickly disappears, so that the girl becomes a lesbian and goes to another, so that by the end of reading this message strabismus and trembling in the hands begin ...
UPDATE:AlexiusGreen указал на вопрос, в котором сообщалось о подобном сайте-клоне obnovisvoysoftnow.info. Имена, на которые зарегистрированы домены, видимо фейковые.
UPDATE 2: Поиском точных цитат в Гугле найден ещё один клон: a3revision.info
UPDATE 3: Дальнейшее исследование привело к двум постам в интернете на тему этого же мошенничества: 1, 2. По второй ссылке перечислены множество доменов, которые видимо уже не работают. Мошенник очевидно постоянно запускает свой «сервис» на всё новых доменах.
Также найдено несколько подобных сервисов с «апдейтами» для Windows: updatewin7.info, winupdate-4.info. И ещё один домен — полный клон: up993.info
UPDATE 4: Ещё клоны от Sklif : winupdate-3.info, latest-update.info
UPDATE 5: Sklif posted a huge list of clone domains in a comment . According to the hosting, it can be assumed that the fraudster is connected with Ukraine.
UPDATE 6: Rewerson pointed to essentially similar fraud sites with Opera Mini / Mobile: rmy.biz, myoperamini.net, new-opera-mini6.com
UPDATE 2011-09-11:Someone (probably a UFO) moved the topic to "I resent" and made it closed. This is not true: the topic makes sense only in open form, and certainly it is not a topic of simple indignation. If the Infosafety blog is not about the misuse of information systems, then I ask UFOs to really create a Fraud blog, as suggested in the comments. Topic opened again moved to "Information Security".
Designed for a computer-literate user, that is, 90% of Internet users.
1. I searched in Google text of rare songs and moved from the search results page webkind.ru site where I saw this picture: 2. During its 15 years on the Internet such impudence I have not seen, so I decided to check what it is. In order to make sure that this is a special fraud on the specified site, and not an accidental advertisement, I went to the webkind.ru main page and saw the following advertisement (the inscription “BROWSER UPDATE” flickers): 3. Then I checked what would happen if I click on ad. The website yourbrowserupdatintoday.info has opened :
4. Regardless of the arrangement of “checkmarks”, a flash animation is launched by clicking on the “activate” button, illustrating a false “scan” and “check” of a computer for a certain “build” of an update. At the same time, the names of the paths to the files of standard programs for Windows flash: Outlook, Office, etc.: 5. At the end of the action, the “service” pleases the user that “the update package has been completed” and offers “activate protection” by signing in the corner “cost 3 rub 41. kop. ”: 6. By clicking on the“ Activate ”button, a page opens with a message stating that“ the software has been successfully installed ”and“ mandatory activation is required, ”and calling to enter your phone number: Here the scammers acted strangely, apparently deciding comply with certain requirements of aggregators of short numbers and gave the link "
cost for subscribers ", which leads to information about the short number 1121 on the A1-Aggregator company website.
I was most outraged not only by the fact that people are being bogged down by paid SMS (we have already seen this), deceiving the installation of the" update ", but Outraged by the active use of Mozilla Firefox symbols to deceive the user’s trust,
if I correctly understood the essence of this site, it mimics all popular browsers and other popular software, suggesting “install and activate the update”: On the same page you can appreciate the humor of scammers, signatories at the bottom of the page "2011. Everything is protected. All is protected.": Whois data for the domain yourbrowserupdatintoday.info gives the following information (which is not necessarily true at all):
Registrant Name: Mikhail Lobachev
Registrant Street1: Konstantinogradskaya 6-1-8
Registrant City: Peterburg
Registrant State / Province: St. Petersburg
Registrant Postal Code: 192262
Registrant Country: RU
Registrant Phone: +7.952679890
Registrant Email: millioner24@inbox.ru
I have no experience in punishing such scammers, I urge the community to acquire and share such experience. It’s necessary not only to get the aggregator to stop receiving paid SMS to a short number, but to find the creator of this “service” and require our valiant police to prosecute the fraudster by law.
PS: Taking this opportunity, I want to wish the author of this service that he always had monitors with dead pixels, the RAM crashed, the batteries were discharged quickly, the cellular signal wasn’t caught, the cooler was always dusty, so the cat often walked on the keyboard (when SSH is opened), so that every new account on Habré quickly disappears, so that the girl becomes a lesbian and goes to another, so that by the end of reading this message strabismus and trembling in the hands begin ...
UPDATE:AlexiusGreen указал на вопрос, в котором сообщалось о подобном сайте-клоне obnovisvoysoftnow.info. Имена, на которые зарегистрированы домены, видимо фейковые.
UPDATE 2: Поиском точных цитат в Гугле найден ещё один клон: a3revision.info
UPDATE 3: Дальнейшее исследование привело к двум постам в интернете на тему этого же мошенничества: 1, 2. По второй ссылке перечислены множество доменов, которые видимо уже не работают. Мошенник очевидно постоянно запускает свой «сервис» на всё новых доменах.
Также найдено несколько подобных сервисов с «апдейтами» для Windows: updatewin7.info, winupdate-4.info. И ещё один домен — полный клон: up993.info
UPDATE 4: Ещё клоны от Sklif : winupdate-3.info, latest-update.info
UPDATE 5: Sklif posted a huge list of clone domains in a comment . According to the hosting, it can be assumed that the fraudster is connected with Ukraine.
UPDATE 6: Rewerson pointed to essentially similar fraud sites with Opera Mini / Mobile: rmy.biz, myoperamini.net, new-opera-mini6.com
UPDATE 2011-09-11:Someone (probably a UFO) moved the topic to "I resent" and made it closed. This is not true: the topic makes sense only in open form, and certainly it is not a topic of simple indignation. If the Infosafety blog is not about the misuse of information systems, then I ask UFOs to really create a Fraud blog, as suggested in the comments. Topic opened again moved to "Information Security".