This is most likely something that should be investigated closer by stopbadware.org.
It seems the site offers antivirus tools af various kind, but they might contain more than is accounted for initially. Looking up the site using domain tools also reports that pctools.com is part of this site or suite.
Maybe these tools should be testet by stopbadware and evaluated if they work as intended.
pctools is registered in Australia.
defenza claims canadian – but seems to be hosted in russia … go figure.
Thanks, I also reported it to the “Badware Clearinghouse”.
After that, I followed the links and reported it to econsumer.gov
This program uses false positives to persuade a user to purchase the program. The “threats” cannot be removed without a license.
I would consider this a fraud tool!
I am going to report this to the IC3 (Internet Crime Complaint Center) right away!
This site is in association with at least:
adware.co.nz
fixmyadware.com
adware-pro-live.com
adware-pro-site.com
adwarepro.com
www.defenza.com/v2/en/security.asp
Here is some AV companys take on Defenza:
A-Squared: www.emsisoft.com/en/malware/?Adware.Win32.Defenza
2-Spyware: www.2-spyware.com/review-defenza.html
Bleeping Computer: www.bleepingcomputer.com/uninstall/6451/Defenza.html
I found another site that installs this same program:
www.get-defenza.com/v2/en/security.asp
Here is SpyWare-net’s take on it:
http://www.fbmsoftware.com/spyware-net/Application/Defenza/
SpyWare-Net says that it is a remote access tool, A-Squared said it is a rouge / adware tool. 2-Spyware said that it is a questionable tool, and Bleeping Computer said that it was malware!
Could this be a combined threat?
See also the Mcafee Site Advisor Report:
http://www.siteadvisor.com/sites/defenza.com
Nothing I would trust for anything. However, they (defenza) are not forcing or infecting your machine without your content. This means, that Google will unlikely remove their search results or block the site from the search/link.
Judging from the various reports, it seems that the software is marketed on a false claim that you have virus which you haven’t really got, and that is not a legal method of marketing.
It may be impossible to get the software totally eliminated, but distribution through US/Canadian or other “western/EU” channels may be reduced due to the fraudulent nature of this.
Might not be, somehow they seemed to connect somewhere in the domain tools. Could be a freak incident or just because they seem to have registered the domains with the same registrar, which isn’t uncommon.
Great research you’ve done. – Let’s see if Maxim (Stopbadware) and Beau (Consumer Reports WebWatch) are interested in this one.
After looking at my research, do you think that this is a rouge anti-spyware tool?
It is said to be installed after “Trojan exploits”; no good anti-malware tools would install using an exploit!
According to there sites, they have millions of users! This could be a big outbreak.
Even Mcafee Site Advisor says “Popularity: Lots of users”!
They most likely got there popularity from there association with cashengines.com, another “red” site.
Cashengines.com, has over 600 sites that use “catchy phrases” to lure visitors.
This company definitely is going to have legal problems, after the complaining and publicity were going to do!
This site was reported to Web Sense Security Labs:
http://securitylabs.websense.com/content/reportMalicious.aspx
The download link was reported to MalwarePatrol.net, but came back “clean”.
CashEngines.com is on RipOffReport.com, for rouge anti-malware programs; imagine that!
I also just sent this domain to Web Sense’s Security Labs; hoping that when / if they block it, it will greatly reduce rouge anti-malware infections!
Defenza is not a product of PC Tools, a company that is a member of the Anti-Spyware Coalition (of which StopBadware is also a member).
We’re not spending a lot of time right now testing new badware apps, but I think it’s great that this community is surfacing some on its own. You’ll be glad to know that this conversation thread shows up in the top 10 results in a Google search for “Defenza.”
Just what I thought. It was a little wierd to find both names through the same single search on domaintools.
Now that we do have that important part cleared up, we can make sure to spread the word and let people know to be careful when finding new security tools like defenza they can come here for a discussion of the same as well.
It probably missed being flagged by google because its not a drive-by download or some spammy pop-up/banner ad.
Pctools is part of Australia (go us :D ) and promotes legit software although their ads can be a bit dodgy sometimes.
Anyway it should have been flagged by now.
One more thing I wouldn’t be downloading any AV (Anti-virus programs) that has a Russian/Ukrainian host, very dodgy.
The site will not be flagged by Google as suspicious. Why?
Because the site itself poses no risk at present. The users trusting the site and downloading/accepting the terms wilfully accepts the responsibility of installing the software. – If the terms do mention the adware or whatever is in there, isn’t really at discussion concerning the Google suspicious list, but rather a consumer related issue.
They (defenza) don’t do anything bad without the users consent.
