How a bad keystroke can lead you to SpeedUpKit 'scareware'

SpeedUpKit flags non-threatening issues on a computer to get consumers to fork over $30

Dozens of misspelled domain names that spoof major brands are leading unsuspecting PC users to a questionable tune-up application called SpeedUpKit.

Since people are unlikely to seek out the application, its promoters rely partly on people misspelling the domain name for prominent brands to lead them to it. If you try to access the obituary website from a Windows PC in the U.S., for instance, but type "legady" by accident, you're likely to end up on a page promoting SpeedUpKit.

The practice, known as typosquatting, can sometimes violate consumer protection laws or constitute trademark infringement. Big brands police the web for such misspellings, and domain name registrars often try to stop the practice, but it still happens.

SpeedUpKit, which costs US$30, claims to clean registry entries and junk files from a user's PC. But a test of the application showed that it finds hundreds of problems even on a brand new computer.

On a fresh installation of Windows 7, the trial version of SpeedUpKit found 645 issues with the computer's registry. And it flagged the computer's "system registry health status" as "danger" in red capital letters.

Security experts often classify such programs as scareware. They're applications that may have some legitimate functionality, but are really intended to scare non-savvy computer users into buying security products they probably don't need.

Microsoft, Adobe, Google, Wikipedia and the New York Daily News are among the companies that have been targeted by SpeedUpKit for typosquatting, according to DomainTools, a company that provides investigative tools for domain name research.

The domain names were registered by Paul Cozzolino of Boynton Beach, Florida, records show. For example, Cozzolino registered ewwgoogle[dot]com, a variation of

If browsed in the U.S. on a Windows computer, the site redirects from ewwgoogle[dot]com to systemloginfo[dot]com, which was registered by Cozzolino last month, according to DomainTools. A warning that displays there says the computer's antivirus software may be out of date. Another pop-up says "Please repair MSIE security updates."

If users continue to click through the prompts, SpeedUpKit is downloaded. It offers to fix 10 issues for free, but pushes people to buy the full program.

Cozzolino couldn't be reached for comment despite several attempts by email and phone.

According to his LinkedIn profile, Cozzolino moved from Florida to Portland, Oregon, around October last year. He started a company called CallTactics, which specializes in online advertising and managing inbound calls.

CallTactics worked in part with EZ Tech Support, a Portland-based inbound call center that shut down last week, according to a former EZ Tech employee who requested anonymity.

EZ Tech Support fielded calls from a variety of online advertising campaigns that primarily used adware. In some cases, adware baits people by offering a free utility, such as media player or a security scan, but often pushes paid-for software.

People who called EZ Tech were pushed to buy Defender Pro Antivirus for $300 and a one-time computer servicing for $250.

The FTC has taken a dim view of such schemes. Last November, it filed two federal lawsuits alleging a handful of mostly Florida-based telemarketing and software companies conned people out of $120 million.

The lawsuits alleged the companies falsely convinced people their computers had problems in order to sell them ineffective and overpriced software.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags DomainToolsEZ Tech SupportsecurityCallTactics

More about FTCGoogleMicrosoftNewsTwitterWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts