Windows is plagued by viruses, spyware, and malware of all kinds; one of the most pernicious is the fake security software that exists to trick unwary users into paying for useless crap. Rogue software vendors use fake popups that imitate Windows and bogus reviews to con people into thinking that they have a problem and that this software will solve it.

(Allow me a smug laugh at this point: as a Linux user I get great quality software from validated sources for free, and don’t have a fraction of the problems of the Windows monoculture.)

Anti-Virus-1 is a new example of the genre that seems particularly bad:

The amount of social engineering techniques that Anti-virus-1 uses is the most I have seen so far in a rogue. In this rogue alone, they use fake security alerts, screen savers showing a blue screen crash caused by a spyware and then a fake reboot, Internet Explorer hijacks, and now fake review sites.

It also adds a number of entries to the hosts file to prevent the infectee from visiting legitimate review sites:

O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com
O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 www.reviews.download.com
O1 - Hosts: 217.20.175.74 reviews.download.com
O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk
O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com
O1 - Hosts: 217.20.175.74 reviews.pcmag.com
O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com
O1 - Hosts: 217.20.175.74 reviews.reevoo.com
O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.techradar.com
O1 - Hosts: 217.20.175.74 reviews.techradar.com

It’s gratifying to see Reevoo in there: it’s a measure of success when the evil scammers notice you! Unfortunately for them, they got the wrong domain. Nice try, scumbags, but it’s really www.reevoo.com.

Update: Apparently I misinterpreted their modus operandi: the domains are deliberately wrong. They aren’t trying to prevent people from getting the the real reevoo.com, but to send people to fake reviews on a site that appears to be legitimate. Here’s what the fake site looks like. The design is way out of date, but I expect that most people wouldn’t notice:

Fake reevoo.com