(The quickest way to register)

Forum

  1. User picture
    • shazza on Fri 29 Jan 2010
    • 06:40:41 PM UTC

    maxpcsecure.com attack on mywot

    I've just received a pm telling me of lies being posted on Site Advisor about
    mywot by the owner of maxpcsecure.com.

    "Mywot.com is a hoax site having fake reviewers. We also found another website linking to mywot.com, which seems to be the host of all such reviewers http://www.ti-continium.com/ and myhosts.com. When we tried to contact mywot and ti-continium.com to explain about our products bad reviews, they disabled our registered userids and blocked our ip address. I would like our users to be beware of such sites who are perhaps paid by some competitor to defame our company and products and really have no business looking after consumers online security. They are nothing more than fake security products who have been simply paid to post bad automated reviews and reviewers are given special grade based on how many they can post in a day !! When we wrote to them, their reply was that they are too busy to look into this issue, obviously mass posting similar to spamming is a full time business and why would you do anything if you are paid to do it."
    Submitted by Rachnap at 2010-01-20 05:13:52

    Please see the owner's comment Site Advisor
    They are also using fake reviewers to post green reviews for all their sites.

Comments:

  2. User picture
    • CDA230 on Fri 29 Jan 2010
    • 07:10:13 PM UTC

    They have fake reviews on SA

    They have fake reviews on SA from different people all saying "My experience with it had been all good." Not clever.

    BBB rating is D, http://sanjose.bbb.org/Business-Report/MaxSecure-I...

    Some mention at ROR, http://www.ripoffreport.com/Search/Company/Spyware...

    But Norton Safeweb shows no problems, SiteAdvisor is only "bad shopping" experience. Vague.

    Despite their silly claims against WOT, there seem to be some customer service issues and that is all, or am I missing something?
  3. User picture
    • Sami on Fri 29 Jan 2010
    • 07:34:32 PM UTC

    Re: maxpcsecure.com attack on mywot

    That's interesting. Here's what really happened:

    1. They contacted us in September 2009 asking if we were interested in advertising their products. We declined. They then proceeded to complain about their site's reputation and we explained them how the system works.
    2. A month later someone from maxpcsecure.com contacted us again and accused you and g7w of spamming. Around the same time another user had posted a comment on g7w's board asking him to review ti-continium.com and apparently this meant g7w owned the site and was promoting it. They also posted the same nonsense to the forum.
    3. We weren't too busy to look into the issue. In fact, here's the exact response we sent to the guy who contacted us: "As I already replied to you on the forum, none of these users are spamming. They are graciously spending their time rating websites, so others can surf safely."
    4. We never heard back from them. Curiously, soon after the last exchange there was a ridiculous attempt to manipulate maxpcsecure.com's reputation using tens of fake accounts originating from India. Where was this company located again...? Anyway, I suppose they finally figured out that strategy wasn't going to work and thought lying might work better.
  4. User picture
    • g7w on Sat 30 Jan 2010
    • 09:44:55 PM UTC

    re: MaxPCsecure / MaxAntiSpyware

    I "bumped" my post on the related thread: MaxPCsecure / MaxAntiSpyware

    Rarely do I offer someone a "bitch slap."

    As for ti-continium.com - whois
    I have never rated this site or it's parent site: ti-systems.ru - whois
    They are Russian websites and I am not Russian; both of these websites appear to be legitimate businesses and both have fairly good reputation ratings in WOT.

    Site Advisor appears slow in removing spammed user entries

    @ Sharon

    Thanks for bringing this topic to the forum
    It's time to reevaluate the MaxPCsecure domains - there are many new ones out now. It's a new year, and I think I'll re-rate for my comments to reflect the 2010 date.
    note - some sites are new with no content, but are max secure domains ie; sixcube.com - whois
    Registrant:
    Max Secure Software
    10 Windsor Terrace
    Clover Village
    Pune, MH 411040
    India

    I consider this to be classified as Phish / Scam
    They do not phish but their software are SCAMS.

    DNS references courtesy of robtex.com

    74.205.126.96
    122717-db2.maxpcsecure.com
    72.32.187.16
    105675-db1.maxpcsecure.com
    74.205.126.125
    105674-fw1.maxpcsecure.com
    facebookprotector.com
    facebookprotector.net
    maxfileshredder.com
    maxfoldersecure.com
    maxfoldersecure.net
    maxpcbooster.com
    maxpcprivacy.com
    maxpcprivacy.net
    maxpcsafe.com
    maxpcsafe.net
    maxpcsecure.com
    maxpcsecure.net
    maxregistrycleaner.us
    maxregistryoptimizer.com
    maxspywaredetector.com
    maxspywaredetector.net
    myantispywarepro.com
    newspywaredetector.com
    sixcube.com
    spywaredetector.biz
    spywaredetector.net
    tech.maxpcsecure.com

    Also, maxpcsecure.com - robtex
    LISTED IN BLACKLIST!
    black.uribl.com
    multi.uribl.com

    [edit]
    Removed from list: registrycleanernew.com
    Domain name was not renewed, has been "deleted" and is available for acquisition.

    -------
    WOT Services Ltd. - gives us safety through Web of Trust.
    WOT Community - gives us security through unity.
    Thank you all
    - G7W
  5. User picture
    • phantazm on Tue 02 Feb 2010
    • 09:36:07 AM UTC

    BOGUS REVIEWERS (Updated)

    These sock puppets all have this in common:

    1. They promote rogue software from MAX SECURE SOFTWARE
    3. They all registered very recently.
    4. They have rated very few sites.
    5. They only review the same list of sites (although not in the same order,
    but sometimes with identical comments).
    6. They mix wellknown sites (like Kapersky, AVG, McAfee) with rogue sites,
    in order to look more credible and trick the average user.

    WOT
    stevepl - www.mywot.com/en/user/1057796 (Banned)

    SITEADVISOR
    aaronflts - http://user.siteadvisor.com/forums/member.php?u=31...
    Harmonyty - http://user.siteadvisor.com/forums/member.php?u=31...
    john1969 - http://user.siteadvisor.com/forums/member.php?u=32...
    rget - http://user.siteadvisor.com/forums/member.php?u=32...
    lifrank - http://user.siteadvisor.com/forums/member.php?u=32...
    shawnmic - http://user.siteadvisor.com/forums/member.php?u=32...
    tyjack - http://user.siteadvisor.com/forums/member.php?u=32...
    devonthegreat - http://user.siteadvisor.com/forums/member.php?u=32...
    vsands - http://user.siteadvisor.com/forums/member.php?u=32...
    dsmith1986 - http://user.siteadvisor.com/forums/member.php?u=34...
    ddea - http://user.siteadvisor.com/forums/member.php?u=34...
    dlopes - http://user.siteadvisor.com/forums/member.php?u=34...
    dleith - http://user.siteadvisor.com/forums/member.php?u=34...
    msherman - http://user.siteadvisor.com/forums/member.php?u=34...
    haroldu - http://user.siteadvisor.com/forums/member.php?u=34...
    stevepla - http://user.siteadvisor.com/forums/member.php?u=34...
    devinam - http://user.siteadvisor.com/forums/member.php?u=34...
    mascaria - http://user.siteadvisor.com/forums/member.php?u=35...

    CNET:
    krider16 - http://www.cnet.com/profile/krider16/
    eithelandjack - http://www.cnet.com/profile/eithelandjack/
    ashylynn23 - http://www.cnet.com/profile/ashylynn23/
    gavsmith - http://www.cnet.com/profile/gavsmith/
    ijack23 - http://www.cnet.com/profile/ijack23/

    PS: Again, thanks to shazza...

    PPS: Just reported the bogus profiles to cnet...
  6. User picture
    • BobJam (not verified) on Sat 30 Jan 2010
    • 04:18:56 PM UTC

    Scans

    This sort of stuff by the maxpcsecure mor . . . person . . . really makes me angry. (This is my "bitch slap", Dave). So angry that I've spent a considerable amount of time on it.

    I ran a few "scans" from this maxpcsecure, and as a result I would put them in the category of "Rogue" (as g7w said), though the scorecard doesn't have that comment category, so I guess the comment category would be "Phishing or other scams".

    In any case, here are my results/screenshots and my remarks on them. (Some of them are similar to the Wilders stuff here that g7w cited here, but the Wilders stuff was from about 6 months ago and maxpcsecure has changed their GUI now).

    I ran these scans in my VM on my Ubuntu box, and used Sandboxie to boot.

    This first one is a screen in the setup/installation process. While it may not be unusual to see something like this in a setup/installation process, this being the rogue that it is it's probably an effort to get PII:

    Image and video hosting by TinyPic

    This next one is a paragraph in the Privacy Policy. The part about disclosing PII to law enforcement doesn't really bother me, but it's the next sentence (highlighted in my screenshot) that alarms me. If a sale is consumated, then ownership of the PII would naturally transfer. However, what I'm wondering is if there is an acquisition effort . . . is the PII disclosed to a "potential" buyer that backs out of the deal? It looks that way:

    Image and video hosting by TinyPic

    This one has me confused a little bit. It looks like their "Spyware Detector" is also a registry cleaner. But from the "Spyware Detector" results it doesn't (screenshot below). But I chose to install the registry cleaner. And there is a separate "Max Registry Cleaner" scan link on their main page (which I also ran). Very confusing, but that may be because of the language barrier (India?):

    Image and video hosting by TinyPic

    These next two show mid-scan results, and then the pop up to "order". The language barrier strikes again? On the one hand it says there are 40 but down at the bottom it says there are 3 "with 40 associated threats". This becomes more clear when the scan completes. There are actually three, but when they're expanded there are 40 "sub" detections. Notice also the offer to purchase a license, and there's also a pop up (partial in lower right corner . . . full screenshot following), so that a user sees the offer to purchase twice AT THE SAME TIME:

    Image and video hosting by TinyPic

    Image and video hosting by TinyPic

    The following two screenshots display the completed scan. Here's where the 40 versus 3 is clarified. The three major categories are "Tracking Cookie", "Trojan.WebSearch", and "Trojan.scar.pcp". At this point it sounds like I'm saying these are valid detections. THEY ARE NOT. I ran SuperAntiSpyware, MalwareBytes, and Spybot S&D. Other than tracking cookies, THE RESULTS OF THOSE SCANS DID NOT SHOW ANY TROJAN SPYWARE.

    Image and video hosting by TinyPic

    Image and video hosting by TinyPic

    My sense is that noobs would be terrified by the use of the word "Trojan", and consequently make the purchase. Notice also the descriptive paragraph on the left (it's the same for both "Trojan.WebSearch", and "Trojan.scar.pcp".) It begins with "A destructive program" . . .

    While that's generally true of Trojans, if a noob reads that in conjunction with these bogus detections, they would likely get more terrified. At this point I became convinced this was indeed a Rogue, but I went further.

    The next screenshot is of the "Awards" shown on their main page:

    Image and video hosting by TinyPic

    The "Microsoft Certified Partner" thing has nothing to do with the trustworthiness of the program. All that means is that the program developers have access to a Microsoft database if they have trouble coding. It doesn't do a single thing for the end user. It is meaningless for a user, but to a noob it looks like Microsoft is saying that Microsoft thinks the program is good . . . NOT SO.

    The "ExeFiles" thing is definitely bogus.

    Here is the ExeFiles top rated:

    Image and video hosting by TinyPic

    Finally, I did a "Max Registry Cleaner" scan. Here are the results:

    Image and video hosting by TinyPic

    If I had 1431 "invalid entries", most of them shown as "high risk", the machine wouldn't even boot. Granted, there can be a high number of TRIVIAL "invalid entries", but this beast shows most of them as high risk. This is the classic registry cleaner rogue.

    Probably didn't need to do any of this, but it helped me to vent . . . and also to get my shorts untwisted.

    So, Rachnap, how is it that this is a "fake review" . . . did I fabricate these screenshots? Neat trick if I had the time, but I've already spent too much time on your nonsense. BTW, are you the same as msecure or zongwe?

    If you want to go around challenging the integrity of WOT (as you did on SA . . . and I definitely can't see how they rated you green, though SA doesn't detect rogues with their bots I don't think), then be prepared to be exposed by the WOT community (as you have been) . . . and security blogs. I think you picked the wrong group to tangle with here.
    • User picture
      • CDA230 on Sat 30 Jan 2010
      • 02:45:26 PM UTC

      Excellent work BobJam! At

      Excellent work BobJam!

      At the best it is giving false positives to get sales, at the worst it is just fraudulent.
    • User picture
      • BobJam (not verified) on Sat 30 Jan 2010
      • 04:32:39 PM UTC

      Why I was unable to hold my tongue

      If the accusation against WOT had just been on this forum alone, I might have been able to hold my tongue on the notion that it's not good to feed trolls/sockpuppets. We get our fair share of these trolls/sockpuppets here, and ignoring them generally makes them go away.

      But since the accusation was made on another site, SA, it was not merely trolls/sockpuppets, it was downright malicious,

      Plus, in case somebody not in the know reads the SA remark and comes here and searches on "maxpcsecure", this thread will show up . . . and this Rachnap person will be exposed.

      BTW, CDA230, thanks for the kind words.
    • User picture
      • g7w on Sat 30 Jan 2010
      • 09:38:24 PM UTC

      Kudos!

      Interesting...
      How SpyWare Detector 2010 identifies :
      Trojan.WebSearch
      Trojan.scar.xxx

      IF you had these, you would not be able to load *anything* because you are annoyed with many pop-ups requiring you to "purchase" to "resolve."
      Ransomware uses this type of action... such as AntiVirus 2010

      This is why MaxPCsecure software - all of it - is ROGUE and could be termed as Scareware.
      It misinforms users to threats that do not exist for the sole purpose of gaining a paid subscription to "unlock" the software...

      Definition of Rogue
      Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing
      Definition of Scareware
      Scareware comprises several classes of scam software, often with limited or no benefit, sold to consumers via certain unethical marketing practices. The selling approach is designed to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics.

      As for the filename extensions...
      Notice it identified many that you do use, they're just not "Microsoft extensions" such as those used with Apache/PHP/MySQL/etc - for example, file used in creating Joomla websites. You certainly wouldn't want to remove them since they serve a purpose (beside, they would be re-added the next time you work with those files...).

      This would make a nice article for TechJaws, especially now that you've taken the time to snag screen captures.

      *smiles*
      • User picture
        • BobJam (not verified) on Sun 31 Jan 2010
        • 01:56:03 AM UTC

        Thanks

        Thanks for the Kudos (is especially gratifying coming from the "master" . . . said seriously, not sarcastically).

        As far as TechJaws, am composing as we speak . . . reason it's taking me so long is that a TechJaws piece will be from a slightly different perspective.
  7. User picture
    • phantazm on Sat 30 Jan 2010
    • 05:35:43 PM UTC

    MAX SECURE SOFTWARE SITES - The Complete List

    facebookprotector.com
    facebookprotector.net

    maxanonysurf.com

    maxantispyware.com

    maxfileshredder.com

    maxfoldersecure.com
    maxfoldersecure.net

    maxpcbooster.com

    maxpcprivacy.com
    maxpcprivacy.net

    maxpcsafe.com
    maxpcsafe.net

    maxpcsecure.biz
    maxpcsecure.com
    maxpcsecure.net

    maxsecuresoftware.com

    maxregistrycleaner.com
    maxregistrycleaner.net
    maxregistrycleaner.us

    maxregistryoptimizer.com

    maxspywaredetector.com
    maxspywaredetector.net
    maxspywaredetector.us

    maxspywareremover.com

    myantispywarepro.com

    newspywaredetector.com

    registrycleanernew.com (deleted and available again)

    sixcube.com

    spywaredetector.biz
    spywaredetector.net
    spywaredetector.org

    spywaredetectornew.com

    thespywaredetector.com

    (Sorted alphabetically, with variants grouped)

    This list is as complete as I could make it; I combined
    the sites recommended by the bogus reviewers + g7w's list.
    Should I have missed some, let me know so they can be included...
  8. User picture
    • BobJam (not verified) on Sun 31 Jan 2010
    • 08:17:48 AM UTC

    Thanks phantazm for the comments on SA

    I see you have made rebuttal reviews on SA. Glad somebody on SA spoke up against this mor . . . person . . . "Rachnap", and exposed all the sockpuppets (as you have on your post here), and also linked back to this thread.

    Rachnap on SA: "we invite our critics to prove us wrong and we will give a free copy of our product"

    I would claim my "free copy", but I don't want any crapware/scareware/rogue on my machine.
    • User picture
      • phantazm on Sun 31 Jan 2010
      • 09:28:26 AM UTC

      Thanks to shazza, I'd rather say

      Thanks to shazza, I'd rather say, cause if she hadn't created the original post, then I and many other people would have remained ignorant of this scam. I only tried to spread the knowledge we gained, because sharing experiences is a major part of both SA and WOT, imo.

      When I read SAs review of maxpcsecure.com, I also noticed a lot of green ratings and comments. I didn't call all these raters bogus, just because I disagreed; in stead I checked all of them - and couldn't help noticing an obvious pattern.
      However it was only obvious if you read all of it - and how many would normally bother (=have the necessary time)? Much too many would only see two things: that SA still marked most of these sites as green. Digging deeper they would only see one or two red reviews, insignificant when compared to a lot of green recommendations from 'satisfied users'. So, people relying on SAs 'green light' would be fooled most of the times. Even if they went a step further, they would still be fooled.

      It was a systematic scam, so I thought that the response should be equally systematic. It certainly took some time, but I think the effort was well worth it;
      now everybody have a better chance discarding the bogus.

      But I also wonder when McAfee will ban the false reviewers;
      normally they are not so fast as one could wish... ;-(

      In any case, thanks to shazza for the OP!

      PS: Let us not forget that these false reviewers are here as well...!
  9. User picture
    • shazza on Sun 31 Jan 2010
    • 01:38:37 PM UTC

    Thanks everyone,

    for your help & the great research you've done on this.
  10. User picture
    • Frank J on Sun 31 Jan 2010
    • 05:20:31 PM UTC

    Post Published on TechJaws.com

    Bob J,

    You certainly did your homework and I just wanted to say thank you! I have posted the blog you wrote on TechJaws.com. Please visit the link below.

    http://www.techjaws.com/trophy-in-the-rogue-hall-o...

    Frank J
    TechJaws.com