Beware: Imitation CA security products and websites

I originally published this blog at http://community.ca.com/blogs/securityadvisor

 Published     Nov 02 2006, 10:31 PM by     Benjamin Googins

The CA Security Advisory Team recently identified a site that appeared to mimic the one owned by CA and related to the eTrust® PestPatrol® Anti-Spyware product. The address of the fake site is etrust-spyware.com. For your safety, do not visit this site. Instead, look at a screenshot of the site, below:

Fake eTrust Anti-Spyware site

This site and many other examples have a number of interesting aspects. First, like many phony security sites, it tries to build user confidence by referencing credible sources like PC Magazine, CNET and others. If you visit any of these sites and look for “eTrust Spyware Remover”, you will not find it. Second, these types of sites use friendly colors and have professional graphics. Third, the name is chosen to sound legitimate. Fourth, the software being sold is usually sold at a price that is as high or higher than legitimate security software. In sum, it is impossible to tell by visual inspection alone if a site is legitimate.

Compare the site above to the real site owned and operated by CA below.

Official eTrust PestPatrol site

You will see many similarities:

  • The basic color scheme
  • The green warning sign (white triangle with exclamation mark in middle)
  • References to PC Magazine
  • References to the CA product name “eTrust”
  • The free scan

Tips for our usersSince there is no way to ensure a site or product is legitimate by visually scanning the site, how do you ensure you are visiting a real CA or partner site? Here are some tips for ensuring a CA website or product is legitimate:

1. CA affiliates process sales through the CA shopping cart.

2. If you are not sure if an anti-spyware site is legitimate, your best bet is to visit http://www.ca.com/consumer directly to utilize our online scans.

3. Check the product name you are downloading. Ensure it is certified by an independent testing company such as West Coast Labs.

4. Verify the accolades. Some rogue websites will attempt to look like a legitimate site by posting quotes from industry publications like PC Magazine or CNET. Go directly to these companies’ websites to find out if they actually did say what has been quoted. Even if you don’t find the quoted text, you will at least have a list of software that has been reviewed by these publications.

5. CA uses a digital signature on our product executables. When downloading an executable file, check the properties of the file and view the Digital Signature. Ensure that the digital signature is from CA and that it is verified.

6. Finally, avoid clicking on links sent to you in e-mail or on sites you visit. Hyperlinks can easily be masked as a credible site, but when you click on them, you will be redirected to an all-together unassociated site.

By: Benjamin Googins

avatar

Benjamin Googins is a senior engineer working on CA’s Anti-Spyware product. His primary functions include analyzing spyware and privacy breaches, fielding press inquiries, blogging and drafting documents. He has been a significant contributor to the User Permission document , Spyware Scorecard , Threat… Read More..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s