This post aims to help you guys UNDERSTAND malvertisement & downware, and AVOID bloatware even malware. This page also contains step by step solutions to the B/M badware.
What is A Malvertisement, Really?
The online advertising ecosystem is a dynamic environment made up of many stakeholders with different goals.
A malvertisement (from "malicious advertising") is an infected online ad. The spread of malicious ads on the top commercial websites has recently taken a turn for the worse.
Are there any case studies about malvertisement?
On September 14, 2009 New York Times readers were automatically redirected to a site hosting malmare (Note: it was a fake virus-warning, bogus security software, Rogueware, scareware or simply, FakeAlerts) thanks to an ad containing malicious code. …
Below are THREE NEWLY aggressive ads found legitimate or high-profile websites, download.com and brothersoft.com.
If you (accidentally) hit the highlighted ads, e.g., the download for VLC Media Player, at CNET site above, you then can get the following customized installer.
What does vlc.cc/jump/general-download/?pk=812099&aid=9205&part=s-afdl&tag=aftdl tell us?
Clicking this Download button starts DownloadAdminTM installation manager. … Additional software may be offered via opt-in ads during the installation process.
DownloadAdmin’s free software installations are advertiser supported.ALL OFFERS ARE OPTIONAL and there is absolutely no obligation to accept. All of our advertiser’s software is 100% safe and secure.
So… let’s take a closer, full look at the "General Download | | VLC.CCVLC.CC":
- File name: vlcmediaplayer-setup.exe.
- Here’s the detailed Virustoal analysis.
- MD5: 4006f1b6d73dd79f5c32df27ed0aa364
NOTE: You too can get anther downware sample if you pay a visit to the above site’s home, refresh it. For example, I can get so-called (Free) Windows Media Player from fun-media-player.com (location: fun-media-player.com/media-player/gb/oc/?adnm=46959758281&i=s&grid=&lg=&cc=US&clg=&c=1&d=0&cid=_142029661&kw=hd%20media%20player&mt=&mn=www.vlc.cc&ct=&nt=D&expr=&ap=none&dv=c&&agid=_1299803677&gclid=CP_DsdaAmcECFStgMgodETYAEA)
What to expect if starters run that high-risky modified setup file?
I detected the following junkware, adware, and browser hijacker.
- Sponsored Free Youtube Downloader was found. Sticky www.search.net (Turned out that my Mozilla Firefox and Internet Explorer were hijacked by Tuvaro; Search Module was added to my Search Provider list), iWebar, Object Browser and ShopperPro (aka, Shopper Pro) would be installed, too.
- You will get TidyNetwork, Common Dictionary and OptimizerPro (also, Optimizer Pro) installed.
- "… With Insta Share‘s easy sharing interface, …"
- And then I check out my "Uninstall or change a program" list, then I found YTDownloader and Addon control from the aforementioned iWebar.
For other malware fans, you can use Beyond Compare to learn more tech specs like changes in AppData and registry settings.
The (Beyond Compare) program allows you to compare files or folders on your system, so that you can manage your files appropriately.
Be advised that…
… the resulting interface that loads after that initial selection is much more complex. If you’ve never used a file management program before, Beyond Compare looks overwhelming and complicated at this stage. It is difficult to tell how to get started.
Another FREE Crapware SHOW
Software Updater?! Update what?!
- "Install (Conduit) Search Protect to set my home page and default search…"
- "LookThisUp is a free tool that allows you to immediately learn more about anything that interests you. …"
- "Tube Save software allows users to download videos and audio from their favorite Youtube videos online."
- "Install iSpeedPC – One Click and You Can Fix and Clean Up Your PC!"
- "Install You Tube Downloader … www-search.net, iWebar, Oject Browser and ShopperPro…"
"WARNING! Your Flash Player may be out of date. Please install update to continue."?
- URL: glksoft.com/?dist_id=269&channel=acmnj&cid=11195691071412631029&pubid=298097&v=ico&c=20a4febe59cb94a853d80a5d31ff8739&v_id=e108a4b9f233607f3d7e7e5c89e2bf08
- File name: adobe_flash_setup.exe
- MD5: c2ddbbc6ee4f2fa078ceff22e7d3d715