Tag Archives: British Columbia

Driver Phishing II, Or Who Is Trentin Lagrange?

I’m fully awake now, and doing some digging on who is behind the Driver Robot “driver phish.” The digging has introduced me to a whole level to the software scam industry.

The company that sells it is Victoria, BC, Canada-based Blitware (“or Blitware Technology Inc.,  to be precise,” as its website urges us). Nothing gives on its Who Is page, nor on the driverrobot.com website the software is hosted at. But a clue to the possibility that this isn’t just some cute little software developer is back on the LogitechDriversCenter website, which carries some named testimonials, among them this:

“I got a new graphics card but the framerate was terrible, and the manufacturer’s website didn’t help at all. It turns out that the driver that came with the card was 6 months out of date! Driver Robot got me the latest driver automatically, and now my whole system is more responsive, especially the games.”

Trentin Lagrange, CA

The good thing about a name like Trentin Lagrange is that it’s not that common. Not like the other two testimonials, which come from one Tim Whiteman and one Susan Peterson (not that they aren’t helpful. But nothing like Trentin.)

Who is Trentin?

A Google search of Trentin Lagrange indicates that either he’s a huge fan of driver update software, or that it’s not just about Logitech drivers or one small Canadian company anymore.

Trentin Lagrange, it turns out, has left glowing testimonials for driver update software, not just on the dodgy Logitech website (and a sister one at logitechdriverdownloads.com) but on websites like Realtekdriver.net, which also carries the company’s logo and calls itself “Realtek Drivers Download Center”:

image

As with the Logitech website, it’s only if you scroll down to the bottom of the page and click on a link “About us”

image

do you get to the truth of whether it’s a company website:

REALTEK is registered Trademarks of Realtek Semiconductor Corp.
All other trademarks are properties of their respective owners.
This website is not owned by or related to Realtek Semiconductor Corp.
We are not associated with Realtek Semiconductor Corp. in any way.
We are just running a site to help users who have trouble to getting hardware device drivers,
This web site is not associated with Realtek Semiconductor Corp. in any way.

Trentin has also left testimonials on websites that impersonate Dell-–delldriverscenter.com—complete with Dell logo

image

and favicon

image

And SIS at sisdrivers.org:

image

and MSI at msidrivers.org

image

and Intel at inteldriverscenter.com

image

and Asus at asusdriverscenter.com

image

and Acer at acerdriverscenter.com

image

and canon at canondriverscenter.com

image

as well as HP – hpdriverscenter.com

image

and driverforhp.com, with this HP-looking banner atop:

image 

No denials of being associated with HP on their about page, so I’m guessing HP’s lawyers haven’t been in touch yet.

Another website, atidriverscenter.com, seems to have closed. It was active in July, when this person fell for the scam and complained on a forum.  At least some companies seem to be watching.

Well, maybe not. This website, atidrivercare.com, is still working:

image

You get the picture.

Google’s Role

All of these websites appeared as sponsored ads above the search results in Google when looking for that manufacturer’s drivers (hp drivers etc) which throw up links to, for example, “official HPs [sic] Drivers & Updates”:

image

(For many users these sponsored ads are either normal search results, or sponsored in the sense of vetted, so they’d be forgiven for thinking that they’re clicking on something official.)

It seems that either Trentin, Tim and Susan are just really generous with their comments and share software tips on a regular basis, or this software schmoozefest is linked to Swishsoft the company that sells Swift Optimizer, software that compresses Flash files. All three put glowing reviews on the software website, althought it seems Susan has moved from the U.S. to Australia in the meantime. Must be the taxes.

And no, I couldn’t find any reference to Trentin Lagrange apart from glowing software testimonials. Either the guy just lives to write software reviews or he is not really living.

So, we’re clear that whoever is behind DriverRobot is also behind a number of websites that basically impersonate the websites of popular hardware vendors, either within the boundaries of the law or outside the knowledge of these companies’ lawyers.

Sponsored Run

But it’s also energetically fending off accusations that it’s all a scam. Do a Google search for driver robot and you get these sponsored ads above the results:

Similarly, the ads on the side of the results:

  • DriverRobot This Is The Real Deal?
    The Truth Will Shock You! reviewblogs.info
  • “DriverRobot” Report We Bought It And Tried It.
    The Truth Will Shock You! www.todaysreview.info/DriverRobot
  • Driver Robot Exposed Buying Driver Robot?
    Get The Facts! RealityChek.net

    The top one is a straight link to the download site. The others sound like links to stories exposing the scammery, right? But they’re not: They all take you straight to driverobot.com. No reviews, or even pretence at reviews.

    Clever, huh? Outwit your detractors who accuse you of impersonating official company websites by impersonating your detractors. There’s a twist I hadn’t thought of.

    Where are the Reviewers?

    But what about those logos from respected software reviewers, like PC Magazine, Softpedia (five stars!), Geek Files ((5/5 stars, Exceptional Product!) and Chip on the LogitechDriversCenter.com website and elsewhere?

    image

    I could find no reference to Driver Robot on the PC Magazine website. On Softpedia’s website I could find no “editor’s review” but found one user review—giving it two stars out of five but saying it used “borderline means to promote its service.” GeekFiles.com contained only discussions, no reviews.

    Depressing

    All of this is faintly depressing, because all the usual checks and balances we look to on today’s web seem to have gone out of the window:

    • a website address can contain a company’s name, with no apparent action from the company itself to protect either its name or its customers;
    • Googling a product doesn’t seem to work: sponsored ads mislead with words like “official” and what look to be review sites are actually redirects owned by the product’s owner
    • Badges from third party download and software websites don’t seem to be a guide, because they are either out of date or fake.

    The fact is that many people are going to be taken in by this kind of thing. Everyone needs drivers, and everyone searches for drivers by googling the manufacturer’s name and the word driver. As many people search for hp drivers as search for kenya on Google:

    So what I want to know is:

  • What are the companies involved doing to protect their brands, their products and their customers from misleading and potentially damaging products sold in their name?

  • What are software reviews sites doing to protect their brands, and their consumers from fraudulent badges?

  • What is Google doing about sponsored ads that mislead the public? 

Driver Phishing

Maybe because it’s early in the morning, but I fell for this little scam pretty easily. I’m going to call it “driver phishing” because it has all the hallmarks of a phishing attack, although it’s probably legal.

I’m looking for the latest drivers for my Logitech webcam, so I type in Logitech QuickCam driver in Google.

An ad above the results looks promising: a website called LogitechDriversCenter.com:

image

So I click on it.

It takes me to a site with a Logitech logo, lots of shareware and PC Magazine stars, Logitech product photos and three options for getting the right driver:

image

DriverRobot, the first one, sounds promising. Maybe, I think, Logitech have consolidated all their driver downloads into one program. Good idea, given I’ve got quite a few of their products hanging around the computer. So I download and install it.

Looks OK so far. A window appears prompting you to start scanning your computer. Lots of green arrows and ticks to reassure you:

image

Once the scan is done you’re told how many drivers you need, with another green arrowed button indicating what you should do to get them (“Get drivers”):

image

(I should have been forewarned at this point. Plenty of warnings, but one key one: None of the drivers it suggested were Logitech ones. Certainly nothing to help me with my webcam.)

Click on that and you’re told you’ve got to “Register” which is “quick and easy”.

Notice there’s no other option, unless you can see the little Close Window X in the top right corner of the window:

image

Try to click on the other radio button (“Allow 11 drivers to remain out of date (not recommended). Critical updates for your computer will not be installed. Your computer may be vulnerable to crashes, performance problems, freezes and “blue screens.””) and then click Continue and the window disappears, but nothing else. It’s like those supermarkets where you can’t get out unless you buy something.

Click on the Continue button and your browser fires up with page requesting your Name and Email to register:

image

Notice all the seals, locks, starts and 100% guaranteed things going on. Reassuring, eh? Except there’s no link on the page, nothing for the casual user (or a slow-witted guy who got up too early) to click on to get more information.

So the slow-witted guy enters his name and email address, thinking that’s going to get him registered. Of course not. Instead he’s asked to shell out cash–$30—for the software:

image

Once again, no links to explain who is behind this, or what other options there may be.

As far as the casual user knows, this is either a Logitech product or one approved by them.

But it’s not. The software comes from a company called Blitware. The Complaints Board website has several complaints about the company and software:

The Driver Robot software does not work and the company tricks consumers in to believing that it is freeware. Am trying to get a refund of my purchase price now.

And worse: For some of those who do buy the software and follow its driver updates, it only makes things worse:

My computer completely crashed after using driver robot when it installed a generic mouse driver every time I touched my mouse I had a blue screen crash with a driver check sum error … It has also installed an elan touch tablet driver which is now in the toolbar. I dont have this device on my machine. This software is completely useless and will be going for a refund.

Others found they had no way of getting support:

Useless garbage–no contact info given. I attempted use and could see it doing nothing. What now, am I really out $39.90?

So who is Blitware? Its website says

Blitware (or Blitware Technology Inc., to be precise) is a small Canadian software vendor from Victoria, BC, Canada. Blitware’s mission is to take great software products to market and bend over backwards for our partners who help promote them.

(Notice how the company doesn’t say it’s a developer, and stresses the marketing, rather than the consumer, in its literature. That should probably tell you all you need to know, if you hadn’t gotten up too early.)

There is an encouraging link on the home page inviting you to click for Support (“Need support for a Blitware product? Our expert technical support staff is standing by to help you”) —

 image

— but far from take you to that helpful support staff, the link takes you to a Frequently Asked Questions page, and only at the bottom to a link for contacting technical support.

That in turn takes you to a link demanding you register at Blitware first, and then, when that is done, to a page for you to file your question.

Do that and you’re told:

We will reply to this message soon! You will receive an email when we do.

OK, so, what’s wrong with all this, and why call it phishing?

Well, phishing is the art of using social engineering tricks to lull a victim into thinking s/he is interacting with a legitimate site/product and to get him/her into coughing up passwords or cash.

Usually with banks, or emails, or accounts etc.

To me this Driver Robot is no different.

From the Google search—where a website with the word Logitech in it—everything is designed to make you think you’re dealing, if not with Logitech, then at least with a company/product that Logitech has endorsed.

The website’s title—the bit that appears in the browser’s top-most bar indicates it’s a Logitech site:

image

Even the website’s favicon—the little log before the web address—is Logitech’s:

image

To me this is no different to a scammer putting “Citibank” or “Paypal” somewhere in a web address to fool the user into thinking they’re dealing with someone kosher.

Anything the tricks the user, either into thinking they’re dealing with the real thing, or thinking they have no other option, is, in my view, a scam.

That the software doesn’t seem to work—it found no Logitech drivers or updates, and seems to crash computers—only makes matters worse.

I’m going to find out what Logitech make of their logos and name being used for dodgy purposes.

(more on Driver Phishing here.)

Google Earth as Harbinger of Doom

Researchers are using Google Earth, the New York Times/IHT reports, to look for evidence of giant tsunamis, signs that the Earth has been hit by comets or asteroids more regularly, and more recently, than people thought:

This year the group started using Google Earth, a free source of satellite images, to search around the globe for chevrons, which they interpret as evidence of past giant tsunamis. Scores of such sites have turned up in Australia, Africa, Europe and the United States, including the Hudson River Valley and Long Island.

Chevrons are huge deposits of sediment that were once on the bottom of the ocean; they are as big as tower blocks and shaped like chevrons, the tip indicating the direction from which the tsunami came. 

I love the idea that academics use a tool like Google Earth to — possibly — puncture one of the greatest myths of the human era: that comets only come along once every 500,000 years.

Scientists in the working group say the evidence for such impacts during the last 10,000 years, known as the Holocene epoch, is strong enough to overturn current estimates of how often the Earth suffers a violent impact on the order of a 10-megaton explosion. Instead of once in 500,000 to one million years, as astronomers now calculate, catastrophic impacts could happen every few thousand years.

There are a couple of other quirks to this story. The working group of misfits is cross-disciplinary — there’s a specialist on the structural analysis of myth in there — but only formed when they bumped into each other at a conference. How more efficient it would have been had they been blogging; they might have found each other earlier. (Perhaps they met before the blogging age; there’s a piece on the subject here from 2000.) 

The second quirk for me is that the mythologist (actually Bruce Masse calls himself an enviromental archaeologist) reckons he can pinpoint the exact date of the comet which created the Burckle Crater between Madagascar and Australia using local legends: 

Masse analyzed 175 flood myths from around the world, and tried to relate them to known and accurately dated natural events like solar eclipses and volcanic eruptions. Among other evidence, he said, 14 flood myths specifically mention a full solar eclipse, which could have been the one that occurred in May 2807 B.C.

I love the idea of myths; I see them as a kind of early Internet, a way of dispersing knowledge using the most efficient tools (in those days, this meant stories and word of mouth.) We tend to think of myths as superstition and scare mongering, but in fact in many cases they are the few grains of wisdom that get passed on from generation to generation.  They often get contorted in the telling, the original purpose — to warn — sometimes getting lost. 

Like the Moken sea gypsies of the Andaman Sea, most of whom were spared the 2004 tsunami because they “knew from their tribal lore that this was a warning sign to flee to higher ground”, according to Reuters. On the Acehnese island of Simeulue, similar lore, dating back to the 1907 tsunami, tells islanders that “if the land is shaking and shoreline is drained abnormally, they have to go to very high land.” Only seven people out of 80,000 islanders died. 

Based on this, the idea of trying to pin down the comets, the craters and the chevrons by exploring local myth makes a lot of sense. I like the idea that is being done alongside using something as modern, and as freely available, as Google Earth. I guess I’m just not happy about the implications for us current planet dwellers. 

Source: Ancient crash, epic wave – Health & Science – International Herald Tribune (graphic here)

What Early Groomers Used For Hair Gel

I don’t use hair gel anymore — no, really — but I do remember wandering around war-torn Kabul trying to find some when my stash ran out during an unexpectedly long stint there shortly after the Taleban takeover. Needless to say I felt somewhat superficial about it, given all the suffering around me, and was worried it was frowned upon by the puritanical Taleban. I shouldn’t have worried: most of them wore eyeliner, took way too much interest in my babyish features and in any case, there’s a long history of wearing hair gel, as National Geographic News reports:

Male grooming has an ancient history in Ireland, if the savagely murdered bodies of two ancient “bog men” are anything to go by. One shows the first known example of Iron Age hair gel, experts say. The other wore manicured nails and stood 6 feet 6 inches tall.

Disappointingly, you have to look elsewhere to find out what kind of hair gel. I personally like Slick from Body Shop, but it might not have been available then, namely between about 400 BC and 200 BC. Another piece from National Geographic, suitably titled ‘Iron Age “Bog Man” Used Imported Hair Gel’ details the product he was using:

The man’s hair contains a substance made from vegetable oil mixed with resin from pine trees found in Spain and southwest France. The man might have used the product, researchers say, to make himself appear taller.

Sounds like my friend John.

Yahoo buys Flickr

Flickr is now part of Yahoo! As CNET reports, Yahoo has bought photo-sharing site Flickr :

Yahoo has purchased online photo-sharing service Flickr, less than a week after the Internet giant launched a beta test of a new blogging tool.

Vancouver, British Columbia-based Flickr lets users upload digital photos from computers and camera phones, put together photo albums, and post photos to blogs, among other things.

It’ll be interesting to see what happens to Flickr. According to a Yahoo spokesperson, Flickr will remain a standalone site for now. The company’s employees, however, will relocate to Sunnyvale later this year.