How a bad keystroke can lead you to SpeedUpKit 'scareware'
- 17 June, 2015 10:08
Dozens of misspelled domain names that spoof major brands are leading unsuspecting PC users to a questionable tune-up application called SpeedUpKit.
Since people are unlikely to seek out the application, its promoters rely partly on people misspelling the domain name for prominent brands to lead them to it. If you try to access the obituary website legacy.com from a Windows PC in the U.S., for instance, but type "legady" by accident, you're likely to end up on a page promoting SpeedUpKit.
The practice, known as typosquatting, can sometimes violate consumer protection laws or constitute trademark infringement. Big brands police the web for such misspellings, and domain name registrars often try to stop the practice, but it still happens.
SpeedUpKit, which costs US$30, claims to clean registry entries and junk files from a user's PC. But a test of the application showed that it finds hundreds of problems even on a brand new computer.
On a fresh installation of Windows 7, the trial version of SpeedUpKit found 645 issues with the computer's registry. And it flagged the computer's "system registry health status" as "danger" in red capital letters.
Security experts often classify such programs as scareware. They're applications that may have some legitimate functionality, but are really intended to scare non-savvy computer users into buying security products they probably don't need.
Microsoft, Adobe, Google, Wikipedia and the New York Daily News are among the companies that have been targeted by SpeedUpKit for typosquatting, according to DomainTools, a company that provides investigative tools for domain name research.
The domain names were registered by Paul Cozzolino of Boynton Beach, Florida, records show. For example, Cozzolino registered ewwgoogle[dot]com, a variation of google.com.
If browsed in the U.S. on a Windows computer, the site redirects from ewwgoogle[dot]com to systemloginfo[dot]com, which was registered by Cozzolino last month, according to DomainTools. A warning that displays there says the computer's antivirus software may be out of date. Another pop-up says "Please repair MSIE security updates."
If users continue to click through the prompts, SpeedUpKit is downloaded. It offers to fix 10 issues for free, but pushes people to buy the full program.
Cozzolino couldn't be reached for comment despite several attempts by email and phone.
According to his LinkedIn profile, Cozzolino moved from Florida to Portland, Oregon, around October last year. He started a company called CallTactics, which specializes in online advertising and managing inbound calls.
CallTactics worked in part with EZ Tech Support, a Portland-based inbound call center that shut down last week, according to a former EZ Tech employee who requested anonymity.
EZ Tech Support fielded calls from a variety of online advertising campaigns that primarily used adware. In some cases, adware baits people by offering a free utility, such as media player or a security scan, but often pushes paid-for software.
People who called EZ Tech were pushed to buy Defender Pro Antivirus for $300 and a one-time computer servicing for $250.
The FTC has taken a dim view of such schemes. Last November, it filed two federal lawsuits alleging a handful of mostly Florida-based telemarketing and software companies conned people out of $120 million.
The lawsuits alleged the companies falsely convinced people their computers had problems in order to sell them ineffective and overpriced software.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk