Web promos, sometimes called “web rewards”, are not unknown on the Internet. We’ve seen and documented one in the past, and it had a memorable name: Suurgle.
We found another site similar to it. But this time, the person/s behind this campaign has mimicked Microsoft’s branding while maintaining the clean, “Google search page” look. It’s called Web Rewards.
web-rewards[DOT]org
click to enlarge
Notice how the domain’s favicon resembles Microsoft’s current logo. Even the colors of the letters making up the site’s name follow the logo’s color scheme.
Whether one enter an email address onto the text box or not, pressing the Signup button leads a user to a page, announcing that he/she is today’s “lucky visitor” then invites him/her to complete a survey in order to get a discount amounting to $20.
At this point, it isn’t clear to the user what the discount is for until the end of the survey.
click to enlarge
Dear {browser type} user,You are today's lucky visitor for: {current date}
Please complete this short survey and to say "Thank You" we'll give you $20.00 US Dollars! off today.
The site detects the browser type that is used to access it. Since I was using Chrome during testing, it only displayed the appropriate logo and brand, a common attempt to make this campaign more believable. Below are screenshots of them:
After answering all four questions, the user is then redirected to the supposed “qualified offer”, which in this case is a program called Pro PC Cleaner.
click to enlarge
Thank you for completing our survey!Based on your answers, we have found a product that will make your computer Start-Up & Run FAST by optimizing and removing your Junk Files. Upon registration of the program you will receive $20.00 off (today only):
How to Claim Your Prize? To claim your prize: Install & register Pro PC Cleaner - #1 Rated Windows Registry Cleaner*
PC Pro Cleaner will Speed Up your PC and Remove Spam 0 Update and Speed Up PC 0 Reduce crashes and optimize browsing 0 Improves Start-up speed
Supported OS: Windows XP, Windows 7, Windows 8 Manufacturer: Microsoft Inc. Version: 7 Last checked: {current date}
Clicking Install leads to a page on propccleaner[DOT]com wherein one can manually download the said software. Here’s what the page looks like:
click to enlarge
We were able to retrieve the Pro PC Cleaner executable file.
Below is a slideshow of what the users see once they execute the program:
For a list of information and system changes Pro PC Cleaner can do to a user’s system, you can refer to this sandbox analysis results page.
Malwarebytes Anti-Malware detects the file as PUP.Optional.ProPCCleaner.A.
Please refrain from visiting this Web Rewards page, and if you don’t have software that can block suspicious and/or malicious URLs for you, you might as well manually blacklist its domain. Should you encounter Pro PC Cleaner on a site that promises something you may want for your system, do think twice before agreeing.
Jovi Umawing (Thanks to Steven)