Blog for hpHosts, and whatever else I feel like writing about ....

Friday, 17 July 2009

Paretologic vs MalwareURL

It seems, instead of Paretologic picking on those that have had them blacklisted for years, they've decided to go after the new guy, which in this case, is my friend Anthony at MalwareURL.

Dear Paretologic, allow me to give you a hint as to why people blacklist you;

1. Your programs have been known to detect "threats" that are not present, on more than one occasion

2. Your RegCure program claims "problems" have been found that are actually not problems at all, and in some cases, will kill the system if the user removes them

3. You do not provide fully functional trials, just scanners that the user then has to pay for, to remove whatever is found - this is a major black mark, especially when you require the user pay for it using a system that YOUR PROGRAM HAS TOLD THEM IS INFECTED! (which amongst other things, then leaves them open to ID theft and having their credit card details stolen)

4. You do not monitor your affiliates, allowing them instead, to spam, scam and otherwise mislead users, in order to peddle your programs (and yes, many of us have tried till we were blue in the face, to notify you of this and get you to take action, you've seemingly ignored all reports I sent, which is why I ended up not bothering to send them anymore).

5. On the vast majority of your "affiliates" sites, there is no mention made, that the download is a SCANNER ONLY (and no "Free Download" does not make it acceptable), in some of the cases I came across, it was listed as a free removal tool, something it quite clearly is NOT.

There is also no mention made, that they are affiliates getting paid to peddle the program, instead they opt to try and make it look like a legit review (whilst we may not be fooled by that and can easily tell the difference, regular users are fooled quite easily by this).

These are just 4 issues that off of the top of my head. Enigma Software Group got listed due to similar behaviour, so we'll be damned if we'll allow other companies to get away with it. Stop your affiliates spamming/scamming and otherwise misleading users, STOP requiring users pay for something from a machine YOU have told them is infected, and perhaps we can talk.

I consider your company rogue - and because of the the issues listed above, amongst others, have had your sites listed in hpHosts for aslong as I can remember.


Unknown said...

Your friend Anthony states:

"WARNING: All domains/IPs listed on this website must be treated with extreme caution.
Visiting them will automatically infect your computer."

Strangely enough, I browsed to and my computer was NOT infected. Hmm...

This is an incorrect statement, do you agree?

MysteryFCM said...

In this particular case, yes. However, most of the sites in his database, will result in your being infected with one thing or another.

I've already suggested he re-word it to prevent any further confusion.

Unknown said...

As a matter of fact is a very good site for malware researchers. (guess how we found out that we were listed!)

I consult it daily along with

As a security researcher, I am all for sharing information with other companies / researchers.

We contribute with an FTP server where we share on average 1000 new samples a day. If you want to get access, feel free to drop me a line.

I blog on MalwareDiaries whenever I find something interesting or new that other people may not detect yet. I've had a fair amount of criticism lately, but I am taking it positively and will improve the content's accuracy and level of detail.

I am not in charge of marketing, so I can't and will not discuss those things.

Otherwise, security wise I am very eager to collaborate and fight the malware battle (which includes real "rogue companies") ;-)


Anonymous said...

Paretologic has forced to remove their listings, but my Antivirus still reports the file: Pareto_AV_Setup_RW.exe as being a Trojan "TR/FraudPack.oyl" as does VirusTotal

Unknown said...

Read Without Prejudice: