Tweet to antivirus companies about connectwise

https://twitter.com/ConnectWise

Just inform them their software is being used as malware by scammers. And demand that they do something about it.

https://twitter.com/getxcitium Formerly comodo, they have connectwise whitelisted

https://twitter.com/Bitdefender

https://twitter.com/kaspersky has their software blacklisted, but it never hurts to encourage them to keep their software blacklisted.

https://twitter.com/Avast doesn’t have it blacklisted as far as I’m aware, Avast also owns AVG for anyone who didn’t know

https://twitter.com/avira owned by norton, but you could still tweet to them to tell them to blacklist connectwise

https://twitter.com/Norton tweet to these guys too

https://twitter.com/Malwarebytes

https://twitter.com/SecureAge

https://twitter.com/emsisoft

1 Like

DM’d ConnectWise about their software being abused for criminal purposes. Here’s their reply - seems to be pretty ‘pro forma’
***ConnectWise takes the security of our products and our partners very seriously. Unfortunately, software products intended for good use, including remote control tools, can be frequently used by bad actors for malicious purposes. As a company, we strive to be proactive and work diligently to prevent this from happening through training and education as well as the use of comprehensive security tools to detect harmful behavior. We remain closely aligned with our partners, and regularly reiterate cybersecurity best practices. Phishing campaigns, particularly email phishing attacks, continue to get more sophisticated, mirroring legitimate email and web content. More sophisticated attempts may not include some of the standard phishing attack indicators like misplaced graphics or spelling inconsistencies. We encourage everyone to stay vigilant in looking for clues, particularly, in email domains and links, to avoid mistakenly clicking on nefarious content. When alerted of this behavior, ConnectWise regularly issues take-down requests to remove malicious sites and domains. We are reaching out to the impacted federal agencies for additional information that can help us take further steps to educate and support partners. ***
Preventing Phishing: 7 Tips for Stopping Phishing Attacks | ConnectWise
Take a look at how to spot and prevent phishing with ConnectWise today, and see how successful phishing attacks can impact your clients.

did you tweet to every antivirus company you know of as well?

I use Sophos, here’s their reply
***Thank you for highlighting a possible malicious app to Sophos. Any legitimate tool can be put to malicious use by bad actors, however, we have a process to review apps and files to be flagged as potentially unwanted applications or malware.

All files can be submitted to SophosLabs for review using the process found in this article:

How to submit samples of suspicious files/ false positives to Sophos:***

As much as you’d like a personal army for this, they’re right. Legitimate software is used for malicious purposes all the time, and it is not their fault that this happens. They can remind customers (repeatedly even) to make sure they trust who they’re allowing in, and that they know what permissions the remote viewer will have, but thats about it.

Kaspersky has a setting on it to blacklist “legitimate applications that can be used by intruders to damage your computer or personal data” And I’ve seen Leo from TPSC talk about how Kaspersky has connectwise blacklisted.

As far as I’m aware it’s also available for the free version

EDIT! I was mistaken! Only the paid versions of Kaspersky protect from malicious use of remote desktop apps.