I originally published this blog at http://community.ca.com/blogs/securityadvisor
Published Nov 02 2006, 10:31 PM by Benjamin Googins
The CA Security Advisory Team recently identified a site that appeared to mimic the one owned by CA and related to the eTrust® PestPatrol® Anti-Spyware product. The address of the fake site is etrust-spyware.com. For your safety, do not visit this site. Instead, look at a screenshot of the site, below:
This site and many other examples have a number of interesting aspects. First, like many phony security sites, it tries to build user confidence by referencing credible sources like PC Magazine, CNET and others. If you visit any of these sites and look for “eTrust Spyware Remover”, you will not find it. Second, these types of sites use friendly colors and have professional graphics. Third, the name is chosen to sound legitimate. Fourth, the software being sold is usually sold at a price that is as high or higher than legitimate security software. In sum, it is impossible to tell by visual inspection alone if a site is legitimate.
Compare the site above to the real site owned and operated by CA below.
You will see many similarities:
- The basic color scheme
- The green warning sign (white triangle with exclamation mark in middle)
- References to PC Magazine
- References to the CA product name “eTrust”
- The free scan
Tips for our usersSince there is no way to ensure a site or product is legitimate by visually scanning the site, how do you ensure you are visiting a real CA or partner site? Here are some tips for ensuring a CA website or product is legitimate:
1. CA affiliates process sales through the CA shopping cart.
2. If you are not sure if an anti-spyware site is legitimate, your best bet is to visit http://www.ca.com/consumer directly to utilize our online scans.
3. Check the product name you are downloading. Ensure it is certified by an independent testing company such as West Coast Labs.
4. Verify the accolades. Some rogue websites will attempt to look like a legitimate site by posting quotes from industry publications like PC Magazine or CNET. Go directly to these companies’ websites to find out if they actually did say what has been quoted. Even if you don’t find the quoted text, you will at least have a list of software that has been reviewed by these publications.
5. CA uses a digital signature on our product executables. When downloading an executable file, check the properties of the file and view the Digital Signature. Ensure that the digital signature is from CA and that it is verified.
6. Finally, avoid clicking on links sent to you in e-mail or on sites you visit. Hyperlinks can easily be masked as a credible site, but when you click on them, you will be redirected to an all-together unassociated site.
By: Benjamin Googins
Benjamin Googins is a senior engineer working on CA’s Anti-Spyware product. His primary functions include analyzing spyware and privacy breaches, fielding press inquiries, blogging and drafting documents. He has been a significant contributor to the User Permission document , Spyware Scorecard , Threat… Read More..