One of the big issues here is that these sites are quite easy to find. Google searches for “cheap” or “discount” software reveal it’s very easy to come across these sites. Searches for all kinds of popular software from MS Office, to Adobe CS will bring up dangerous results.
Even searches like ‘Microsoft Windows 7’ which should be filled with Microsoft related sites and articles instead include fraudulent OEM sites in the top results. Today, the eSoft Threat Prevention Team is warning users to be especially wary of unreleased software. A major target of these scams is Adobe, who recently released their Creative Suite 5 (CS5) software. However, searches for CS7, a product not yet announced and two versions premature, result in a solid wall of bogus search results leading to scams and malware.
Aside from poisoning search results, the criminal enterprises behind these scams are increasingly using Spam to increase their reach. The criminal rings associated with these sites also control infected machines capable of sending millions of Spam messages per day, making it very easy to draw users to these sites. Spam messages are sent offering “instant” downloads and huge savings, only leading the user to a full blown fraud operation.
Rightly suspicious users who are wary of entering their personal information on these sites, or don’t want to pay for the software at all (aka stealing), may try to find cracks or keygens to allow them to activate trial versions of the software.
Take the example of the site below, keygenguru.com. The keygen download on this page is malware that attempts to call home and download more malicious software. The other links on this page lead the user right back to the same OEM software scams.
Each week eSoft finds hundreds of sites and domains related to these OEM Scams. It’s important for users to realize that these sites are fraudulent and could potentially be very dangerous. If you are purchasing new software, make sure it is from the vendor itself or a reputable distributor.