ESET Threat Blog
David Harley

Orbasoft Comment Spam

by David Harley Senior Research Fellow
June 16, 2009 at 10:26 am

Comment spam is one of those nuisances that career bloggers see a lot of: at least, we would if we didn’t use filters to control most of it before it gets to us. In general, these either overtly advertize something which has nothing whatsoever to do with the blog topic, or say something that add nothing to the topic but include a link that is selling something or giving away something you really wouldn’t want. Of course, we don’t approve them.

Once or twice recently, I’ve seen comments that not only have nothing to do with the topic, but appear to recommend other security products. We don’t think our employers would be very pleased if we allowed those through, even if they were legitimate. Some are clearly not legitimate, and we’re certainly not going to allow those through either.

Today I saw something a little different: comment spams to 14 of our blogs, all extolling the virtues of an anti-spyware product. The spam appears to come from someone called Christine, though her email address suggests that her name is David Miller. This is irrelevant, of course: it turns out that other bloggers, including some security bloggers, are seeing the same messages but with different ostensible senders such as Cheryl or Beatrice.

It seems to use a variety of boilerplate text, but it always includes a recommendation for a company called Orbasoft, so Jeff and I have been checking it out. The company claims to be a legitimate security company based in Denmark. However, it uses Domains by Proxy so there’s no useful whois information. Certainly this mode of marketing invites deep suspicion, though we can’t say at the moment whether Orbasoft’s antispyware product is legitimate. We can’t even say whether they’re the source of the spam. If you come across the same spam on other sites, though, we suggest that you don’t take anything on trust.

David Harley CISSP FBCS CITP
Director of Malware Intelligence

.

This entry was posted on Tuesday, June 16th, 2009 at 10:23 am and is filed under comment spam, David Harley, Orbasoft. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

11 Responses to “Orbasoft Comment Spam”

  1. Jens Says:
    June 19th, 2009 at 12:19 am

    Orbasoft is a real company, situated in Denmark. But they hired an Indian company to spam blogs with comments on their products (“search engine optimization”). The Indian company wrote 300 positive comments – for the price of $900.
    The manager of Orbasoft says: “It sounded smart, but now it seems horrific to me”. Honestly….

    For those who speak Danish, here’s a link to an interview with the manager.

    http://www.version2.dk/artikel/11270-dansk-it-firma-betalte-indere-for-at-spamme-blogs

  2. David Harley Says:
    June 19th, 2009 at 12:35 am

    Thanks for that. Interesting article (I don’t speak Danish, but I know enough German to get the gist). I may have some further thoughts on this for another blog.

  3. Sean Says:
    June 20th, 2009 at 4:39 pm

    These people are still not telling the truth. This software has been tested several times in the last few days and has been verified as a Rogue. It is on average detecting around 300 valid registry entries as threats, then telling user they need to purchase the full program to repair these errors.Total scam on top of the deceit already admitted to.
    Do not try this software!

  4. David Harley Says:
    June 21st, 2009 at 12:22 am

    Thanks for that information. Are you referring to http://certifiedbug.com/blog/2009/06/14/orbasoftcom-spammer/?

  5. Sean Says:
    June 21st, 2009 at 9:30 am

    No it’s been tested again see
    http://www.siteadvisor.com/sites/orbasoft.com?version=2&core_ver=1.0&pip=true&premium=false&client_ver=2.9.258&client_type=IEPlugin&suite=true&aff_id=0&locale=en-gb&os_ver=5.1.3.0

    http://www.mywot.com/en/scorecard/orbasoft.com/comment#comment

    http://www.mywot.com/en/forum/3765-orbasoft-revisited

    You will find plenty of proof here.

  6. David Harley Says:
    June 21st, 2009 at 10:52 am

    Ah. Looking back at the certifiedbug.com link, you’re obviously looking at different sources. I’d be more than a little interested in any links you have to people who’ve actually tried it. I do, of course, intend to try some other approaches to checking…

  7. sean Says:
    June 21st, 2009 at 1:02 pm

    Try this one
    http://freepcsecurity.co.uk/2009/06/19/orbasoft/

  8. Silki Garg Says:
    June 21st, 2009 at 5:38 pm

    Yes, there are lots of references that it is a rogue applications.
    Colin has a decent first hand experience with it. And he had documented it well on his blog.
    http://freepcsecurity.co.uk/2009/06/19/orbasoft/

  9. David Harley Says:
    June 22nd, 2009 at 2:07 am

    Thank you (and thank you Sean).

  10. Paul Says:
    February 8th, 2010 at 4:55 pm

    orbasoft.com is a scam website selling a rogue antispyware! BEWARE!!!!

  11. Randy Abrams Says:
    February 10th, 2010 at 12:29 pm

    I haven’t tested the product, but they also are not tested or certified by any major and respected organization I am aware of. There appear to be other people who agree with your assessment. That said, I submitted their executable to VirusTotal and none of the scanners detect it as malicious.

Leave a Reply

Share |
Subscribe by Email
To receive new posts automatically through email, enter your email address:

Delivered by FeedBurner

Blog Search
Categories
Authors
Tags
Adobe autorun Botnet Conficker Cybercrime Facebook google Malware Microsoft patch Phishing privacy SC Magazine Security Social Engineering Spam Stuxnet The Register Twitter Virus Bulletin
Archives

Switch to our mobile site