Driver Phishing II, Or Who Is Trentin Lagrange?

I’m fully awake now, and doing some digging on who is behind the Driver Robot “driver phish.” The digging has introduced me to a whole level to the software scam industry.

The company that sells it is Victoria, BC, Canada-based Blitware (“or Blitware Technology Inc.,  to be precise,” as its website urges us). Nothing gives on its Who Is page, nor on the driverrobot.com website the software is hosted at. But a clue to the possibility that this isn’t just some cute little software developer is back on the LogitechDriversCenter website, which carries some named testimonials, among them this:

“I got a new graphics card but the framerate was terrible, and the manufacturer’s website didn’t help at all. It turns out that the driver that came with the card was 6 months out of date! Driver Robot got me the latest driver automatically, and now my whole system is more responsive, especially the games.”

Trentin Lagrange, CA

The good thing about a name like Trentin Lagrange is that it’s not that common. Not like the other two testimonials, which come from one Tim Whiteman and one Susan Peterson (not that they aren’t helpful. But nothing like Trentin.)

Who is Trentin?

A Google search of Trentin Lagrange indicates that either he’s a huge fan of driver update software, or that it’s not just about Logitech drivers or one small Canadian company anymore.

Trentin Lagrange, it turns out, has left glowing testimonials for driver update software, not just on the dodgy Logitech website (and a sister one at logitechdriverdownloads.com) but on websites like Realtekdriver.net, which also carries the company’s logo and calls itself “Realtek Drivers Download Center”:

image

As with the Logitech website, it’s only if you scroll down to the bottom of the page and click on a link “About us”

image

do you get to the truth of whether it’s a company website:

REALTEK is registered Trademarks of Realtek Semiconductor Corp.
All other trademarks are properties of their respective owners.
This website is not owned by or related to Realtek Semiconductor Corp.
We are not associated with Realtek Semiconductor Corp. in any way.
We are just running a site to help users who have trouble to getting hardware device drivers,
This web site is not associated with Realtek Semiconductor Corp. in any way.

Trentin has also left testimonials on websites that impersonate Dell-–delldriverscenter.com—complete with Dell logo

image

and favicon

image

And SIS at sisdrivers.org:

image

and MSI at msidrivers.org

image

and Intel at inteldriverscenter.com

image

and Asus at asusdriverscenter.com

image

and Acer at acerdriverscenter.com

image

and canon at canondriverscenter.com

image

as well as HP – hpdriverscenter.com

image

and driverforhp.com, with this HP-looking banner atop:

image 

No denials of being associated with HP on their about page, so I’m guessing HP’s lawyers haven’t been in touch yet.

Another website, atidriverscenter.com, seems to have closed. It was active in July, when this person fell for the scam and complained on a forum.  At least some companies seem to be watching.

Well, maybe not. This website, atidrivercare.com, is still working:

image

You get the picture.

Google’s Role

All of these websites appeared as sponsored ads above the search results in Google when looking for that manufacturer’s drivers (hp drivers etc) which throw up links to, for example, “official HPs [sic] Drivers & Updates”:

image

(For many users these sponsored ads are either normal search results, or sponsored in the sense of vetted, so they’d be forgiven for thinking that they’re clicking on something official.)

It seems that either Trentin, Tim and Susan are just really generous with their comments and share software tips on a regular basis, or this software schmoozefest is linked to Swishsoft the company that sells Swift Optimizer, software that compresses Flash files. All three put glowing reviews on the software website, althought it seems Susan has moved from the U.S. to Australia in the meantime. Must be the taxes.

And no, I couldn’t find any reference to Trentin Lagrange apart from glowing software testimonials. Either the guy just lives to write software reviews or he is not really living.

So, we’re clear that whoever is behind DriverRobot is also behind a number of websites that basically impersonate the websites of popular hardware vendors, either within the boundaries of the law or outside the knowledge of these companies’ lawyers.

Sponsored Run

But it’s also energetically fending off accusations that it’s all a scam. Do a Google search for driver robot and you get these sponsored ads above the results:

Similarly, the ads on the side of the results:

  • DriverRobot This Is The Real Deal?
    The Truth Will Shock You! reviewblogs.info
  • “DriverRobot” Report We Bought It And Tried It.
    The Truth Will Shock You! www.todaysreview.info/DriverRobot
  • Driver Robot Exposed Buying Driver Robot?
    Get The Facts! RealityChek.net

    The top one is a straight link to the download site. The others sound like links to stories exposing the scammery, right? But they’re not: They all take you straight to driverobot.com. No reviews, or even pretence at reviews.

    Clever, huh? Outwit your detractors who accuse you of impersonating official company websites by impersonating your detractors. There’s a twist I hadn’t thought of.

    Where are the Reviewers?

    But what about those logos from respected software reviewers, like PC Magazine, Softpedia (five stars!), Geek Files ((5/5 stars, Exceptional Product!) and Chip on the LogitechDriversCenter.com website and elsewhere?

    image

    I could find no reference to Driver Robot on the PC Magazine website. On Softpedia’s website I could find no “editor’s review” but found one user review—giving it two stars out of five but saying it used “borderline means to promote its service.” GeekFiles.com contained only discussions, no reviews.

    Depressing

    All of this is faintly depressing, because all the usual checks and balances we look to on today’s web seem to have gone out of the window:

    • a website address can contain a company’s name, with no apparent action from the company itself to protect either its name or its customers;
    • Googling a product doesn’t seem to work: sponsored ads mislead with words like “official” and what look to be review sites are actually redirects owned by the product’s owner
    • Badges from third party download and software websites don’t seem to be a guide, because they are either out of date or fake.

    The fact is that many people are going to be taken in by this kind of thing. Everyone needs drivers, and everyone searches for drivers by googling the manufacturer’s name and the word driver. As many people search for hp drivers as search for kenya on Google:

    So what I want to know is:

  • What are the companies involved doing to protect their brands, their products and their customers from misleading and potentially damaging products sold in their name?

  • What are software reviews sites doing to protect their brands, and their consumers from fraudulent badges?

  • What is Google doing about sponsored ads that mislead the public? 

7 thoughts on “Driver Phishing II, Or Who Is Trentin Lagrange?

  1. DriverRobot has an affiliate program (see ClickBank for details), and I think you’re seeing the result of it (unscrupulous promotion of a borderline program by financially-motivated affiliates).

  2. Hey Jeremy,

    It looks like the DriverRobot scammers are just proliferating across the Internet. They are now tied with the program “FileExtensionFinder.exe”, which is also a scam program which hijacks your browswer, ridirecting it to a “bing.zugo.com”

    The File Exension Finder program is found at http://www.fileextensionarchive.com, and contains a fraudulent “McAfee Secure” badge (if you click on the badge, it takes you to a fraudluent McAfee site that claims the File Extension Finder is “secure” — https://www.mcafeesecure.com/RatingVerify?ref=fileextensionarchive.com&lang=EN)

    Furthermore, when you install File Exension Finder, it *also* installs DriverRobot, transparently, without the user’s knowledge or consent.

    File Extension Finder has many similar features in its promotion to DriverRobot, including it being an advertised solution to computer problems. In this particular instance, my mother was up on her computer at 6:30 in the morning, and she couldn’t open a Microsoft Works file (extension .wps), and came across the standard Windows message saying that .wps isn’t associated with any files (http://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=wps). Choosing the option to “Search the Web” for more info about the .wps file, the top result (http://www.fileinfo.com/extension/wps) has an ad which links to FileExtensionArchive.com. Looking to duplicate the results for this post, I couldn’t get the exact same ad to show up on that page — however, in its place I got an ad for another “File Helper” program, this one from, you guessed it, Blitware (http://blitware.com/adpages/filehelper/specific-extension/?extension=wps&gclid=CKiAyovDm6ECFQUhDQodcXcOzA).

    So — these guys are everywhere. The publisher name when running the File Extension Finder installer is Zugo Ltd, which is also the domain which the browser gets hijacked to. Doing a little research on Zugo (http://www.zugo.com/), it appears to state right on their homepage that they create means for browser homepage hijacking (although in a very nice, PR-way of saying it). Zugo has a valid digital signature, which is provided by Comodo (http://www.comodo.com/about/comodo-agreements.php), so, another option would be to complain to Comodo to get them to remove digital signatures from such companies as Zugo, which is also in bed with these guys and further empowers their moneymaking schemes (Zugo.com has a estimated net value of over $100k — http://www.sitelogr.com/s/zugo.com).

    Good work on the articles.

  3. Hey Jeremy,

    It looks like the DriverRobot scammers are just proliferating across the Internet. They are now tied with the program “FileExtensionFinder.exe”, which is also a scam program which hijacks your browswer, ridirecting it to a “bing.zugo.com”

    The File Exension Finder program is found at http://www.fileextensionarchive.com, and contains a fraudulent “McAfee Secure” badge (if you click on the badge, it takes you to a fraudluent McAfee site that claims the File Extension Finder is “secure” — https://www.mcafeesecure.com/RatingVerify?ref=fileextensionarchive.com&lang=EN)

    Furthermore, when you install File Exension Finder, it *also* installs DriverRobot, transparently, without the user’s knowledge or consent.

    (continued below)…

Comments are closed.