Whether you’re new to surfing the Internet or an old hand, we all know the importance of keeping our systems and software updated to avoid becoming a victim of exploits, malware and other cyber threats. Exploits in particular is one area that are being targeted heavily by criminals and privacy invaders with more and more popups and/or warning screens that hit our web browsers.
One such case was covered back in May 2013, ALERT: ad.yieldmanager.com, tuguu.com, nicdls.com, lastplayerfree.com, Babylon, 50.19.113.192 concerning highly misleading tactics employed by companies to get people to install their software. The tactics used are very devious as shown in the below screen shot and results.
On first glance, it appears to be a recommended Flash Player update, pushed through JavaScript in page advertisement. What’s the harm, I obviously need it, or do I?
Clicking OK takes you to a new Adobe Flash Player page with links to download or install. Let’s grab the download and go from there.
The setup files above were grabbed on three different visits. Note these are not your usual Flash Player file names or icons!
The time is currently 19.30 and starting the install of Setup_v.173953200a.exe. (The small file is just the downloader; it then grabs the necessary files online).
What’s this, Delta Toolbar? No Flash Player update! I will make it easy and choose the express install. During the process you are then presented with further option screens with the ‘next’ button highlighted. Clicking next on each page should take me to what I am being told, I need. This should not take long to complete so will sit back and monitor what happens.
I don’t recall any mention of BrowserDefender or BrowserDefendert in the installer options which is installing in services and startup programs! Also PC Optimizer is now installed and running a system scan which took nearly 2 hours to complete with these results:
It’s odd that a clean machine with just the basic Windows XP install, has so many problems! Clicking ‘Fix Now’ redirects me to the web to register this product. Fine, let’s do that.
Ok I registered but still can’t fix these errors! Why, because I need an activation key and to get this requires me to pay them money! Not so much a trial it seems, but scareware that basically does nothing except mislead you into thinking your PC has major issues. Highly misleading considering there was no mention during the install that the program only alerts you rather than clean anything.
During this time, the PC was getting very slow and virtually useless. The opposite of what I am being told these programs will be able to accomplish.
Looking at the running processes, it’s clear to see what the problem is and why the CPU has hit 100% usage. At the same time, BrowserDefendert now wants to become a scheduled task.
Well, it’s now nearly 22.00 and the setup has still not finished (90% complete) and appears to be hung.
After 2.5 hours I killed the install process as it was obvious it will not complete.
Here is what was installed:
1. Delta Toolbar (adware/spyware) 2. PC Utilities Pro Optimizer Pro (scareware) 3. Strong Vault and SMessaging (adware) 4. Backup Agent (Bugged) 5. Webcake Desktop (adware) 6. BrowserDefender
URL’s responsible:
- hxxp://www14.zippyshare.com/v/96927823/file.html
- hxxp://www.123mplayer.com/mediaplayer/update/?ClickID=35604643811371528617&PubID=125524
- hxxp://cp.tuguu.com/pasarela/affp/1029/&__tc=1370798088.84
- hxxp://cp.tuguu.com/pasarela/download.php?p=1029&_so=1&_bw=2&_sv=5.1&_bv=1.5&_ip=3560464381&_cc=GB&asdd=1&_qs=%26__tc%3D1370798088.84
- hxxp://cp.123mplayer.com/pasarela/doma/dls.123mplayer.com/p/151/Setup/329/439/1029.42.117.0a59ea55
- hxxp://dls.123mplayer.com/p/151/Setup/329/439/V.173664853b
- hxxp://emulatorxboxone.com/xbox-one-emulator-download/
Summary:
Here is the rather funny part, this page popped up during the install!
Trusting you? Now that is a joke, right?
You mislead people into downloading software that is clearly NOT what they believe they are getting! How can anyone trust these services and companies employing such devious and desperate tactics to get people to install and pay for things they really don’t want or need! Shame on you and the quicker you are stopped, the better for all concerned.
Malwarebytes Pro will protect you from this, and other similar threats. If you have not already upgraded, now is the time to re-consider.