More Free Software Repackaged For Money

novembre 15, 2011 - 2 Minuti di lettura

Contenuto

Article
Altri blog

In previous posts, I've shown how popular free software programs are repackaged and sold by scammers, while containing spyware, or are outright replaced by malware. The number of web sites offering such repackaged software has been on the rise in the past weeks [LINK TO PREVIOUS POST]. The most popular repackaged software used to be Flash, antivirus programs and VLC (video player). The list has broadened to contain less-know software such as 7zip (free alternative to Winzip), WinSCP (SCP client for Windows), Filezilla (FTP client), GOM (media player), Notepad++ (powerful text editor), etc.

Here are some of the websites:

Filezilla on http://filezilladownload.net/

VLC on http://downloadflashplayer.org/ advertised a s stand-alone Flash player

WinSCP on http://winscpdownload.com/

7zip on http://7zip-download.org/

Here is a list of 9 similar websites responsible for distributing such malware:

hxxp://filezilladownload.net/
hxxp://downloadflashplayer.org/
hxxp://avi-player.net/
hxxp://flv-player.org/
hxxp://gom-player.org/
hxxp://photoshopfreedownload.net/
http://winscpdownload.com/
hxxp://7zip-download.org/
hxxp://notepaddownload.net/

The files that are downloaded use a similar naming convention - software-setup-win32.exe or software-setup-win32_us.exe: aviplayer-setup-win32.exe, winscp-setup-win32_us.exe, flashplayer-setup-win32,exe, filezilla-setup-win32_us.exe, etc. Their size is always about 1.7MB.

The detection rate amongst AV vendors is very low: only NOD32 was able to find the spyware in the 3 samples I submitted to Virus Total: 1 2 3.

Software repackaged by Conversionads

The software actually makes three changes: it installs the StartNow Toolbar (from Zugo, a company associated with Spyware/Adware), sets MSN as the home page and then sets Bing as the default search engine. All steps are completed by default.

Microsoft packages installed by default

I've found most of these sites through spam comments in forums such as this one on carepages.com:

Links to repackaged software

They are also well referenced by Google. For example, filezilladownload.net shows up at #5 for filezilla download, just after the four search result links to the official filezilla-project.org website

-- Julien

Grazie per aver letto

Questo post è stato utile?

Sì, molto utile!

Non proprio

Esclusione di responsabilità: questo articolo del blog è stato creato da Zscaler esclusivamente a scopo informativo ed è fornito "così com'è", senza alcuna garanzia circa l'accuratezza, la completezza o l'affidabilità dei contenuti. Zscaler declina ogni responsabilità per eventuali errori o omissioni, così come per le eventuali azioni intraprese sulla base delle informazioni fornite. Eventuali link a siti web o risorse di terze parti sono offerti unicamente per praticità, e Zscaler non è responsabile del relativo contenuto, né delle pratiche adottate. Tutti i contenuti sono soggetti a modifiche senza preavviso. Accedendo a questo blog, l'utente accetta le presenti condizioni e riconosce di essere l'unico responsabile della verifica e dell'uso delle informazioni secondo quanto appropriato per rispondere alle proprie esigenze.