New campaign abuses legit press release distribution service

Jul 31, 2010 12:00 GMT  ·  By

Security researchers warn that a gang of cyber crooks is abusing legit press release distribution services in order to increase the credibility of the rogue antivirus program they distribute. The scam also capitalizes on people’s awareness of the ZeuS banking trojan.

According to a report from antivirus vendor Sunbelt Software, the rogueware pushed by the unusual campaign is called Shield EC Antivirus. The fake press release was posted on Free-Press-Release.com (FPR), a popular press release distribution service that’s been around since 2001.

In order to make the rogue product look even more legitimate, its authors also try to leverage the notoriety of the ZeuS banking trojan. “The new software provides efficient protection against banking trojans and viruses, including the notorious ZeuS,” the press release reads.

Furthermore, it is claimed that Shield EC Antivirus is the result of two years of research between a company called Martindale Enterprises and the ZeuS Tracker, an otherwise legit project that tracks ZeuS C&C servers and associated botnet activity. Other false claims surrounding this piece of scareware include a 400,000-strong user base.

The press release contains a statement from an alleged company spokesperson named Kseniya Vasilyeva, which as the company name, is most likely made up. Security researchers from Sunbelt note that the website distributing this threat was registered in Cyprus on June 25th.

For years, scareware distribution has been one of the most profitable cyber criminal activities. However, with more and more gangs adopting the model and the security industry raising awareness about it, the illegal profits generated by such scams have significantly decreased.

Scareware pushers are now forced to find new ways of gaining an edge over the competition and such efforts have led to more aggressive approaches like locking down computers and asking for money to release them (ransomware) or offering live technical support.

You can follow the editor on Twitter @lconstantin