Has MacUpdate fallen to the adware plague?

Outbrowse and Other Bundlers

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at some interesting and quite notable potentially unwanted programs (PUPs). Expect to see this type of content pushed out twice a month at the end of a work week.


This post is written with the intention to show you how the Outbrowse bundler and many others like it, go about their business to deliver adware and other (potentially unwanted) programs to your computer.

It all starts when we hear about this nifty little piece of software that will solve all of our problems and is exactly what we need to play, work, learn or whatever we use our computer for, better.

So, we start on a journey to download this coded miracle, preferably for free. First, we end up on confusing sites that have more “Download” buttons then explanations on them.

But, we have fought these battles before and find the one that promises to deliver the goal of our quest.

In this example, I have used the raw bundler which can be “wrapped” around any download. This was done to avoid giving the above mentioned object of our desire a bad name. So where the bundle shows “NonProduct” you can fill out the name of the software that the victim was looking for.

main

Obviously not until after careful deliberation and reading the Terms of Service and Privacy Policy we gladly hit the “Accept” button. At this point some bundlers will offer you an option to do a default installation that will include a couple of “recommended offers”. Most likely the ones that bring them the most revenue.

Express

If you use the “Custom Install” option the Outbrowse bundler shows you a couple of offers as shown below.

offers100

Note that these bundles offer different installs based on your location, language settings and they change over time, so your mileage may vary.

Here are some examples of what I received: SearchProtect hijacks like deskCut, Crossrider browser extensions like MediaPlayerVid2.4 and DynconIE adware like Websteroids

Keep in mind that we usually have to “Accept” at least one offer to get the “NonProduct” of our desire and on top of that you may get some presents that you were not given any choice about.

And then, even after the installer is done, we get a few attempts to trick us into installing some more software that you can’t do without. Who wouldn’t want to optimize their PC?

warning1

Or watch all the content the web has to offer?

warning5

And even though I paid attention during the installation my fingers must have slipped, because I got more then I intended to agree to.

Now, if you want something really useful, buy some software that will effectively clean the resulting mess and protect you on your next treasure hunt. The Outbrowse bundler is detected as a PUP in its own right and so are many others that operate just like it.

protection1

And whenever possible, download your software from the publishers’ site. Hint, hint.

Don’t forget: Save yourself the hassle and get protected.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.