Computer Files

“YellowSend, send your large files for free?”

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at some interesting and quite notable potentially unwanted programs (PUPs). Expect to see this type of content pushed out twice a month at the end of a work week.


YellowSend aka AnySend is a PUP that promises you the ability to send your large files anywhere. Having dealt with mail providers that would not allow any attachments over 100MB I can see how this could be a welcomed service.

main

After installing the package you will find you have several methods of selecting files to send. There is a big balloon on your desktop that you can drag and drop files into.

icons

P.S.  That balloon is really big. I’m glad not every software takes up that much space on my desktop or I would need a 42” inch laptop.

You can also select files and use the right-click menu item to send them.

rightclickmenu

Next you can select sending it to an email-address of your choice or to create a link that provides anyone who knows that link with an option to download the file(s).

downloadlink

But the sender will have to register first.

authentication

And give them their email address.

activation

Or the receiver will see this.

notavailable

All in all this free offer is not so bad considering what you get in return. But I would like to add a few warnings about this one. And they are straightforward about some of them on their site.

beta

First of all, it’s a beta and as they state, bugs will be bugs. Another quote: “YellowSend will pop automatically with a solution and various offers of different products related to sending such as speed (of sending), backup, storage, protection, printing and so on.”

That sounds like it is ad-supported, which by itself does not make it a definite no-no, but we’re getting there.

Then, neither the files nor the traffic are encrypted. That very much limits the files I would dare to use their service for. Some other objections I have are their association with InstallCore, a known bundler of adware and PUPs. When installing YellowSend we noticed that it requires two steps of installing.

The first step that was in the bundle only installed something called YSPackage.This left an entry in the Start-menu called “Configure”

startmenu

Using that link triggers the command

C:Users{user name}AppDataRoamingYSPackageYSPackage.exe /deploy

which in turn starts the actual installation of YellowSend. Maybe this line of work has made me overly suspicious, but that smells like a method of avoiding automated detection by security vendors. This extra step definitely was not necessary when we installed AnySend a few weeks ago.

Which brings me to another point. If you want to make a name for your product, why would you change it every so often? While searching for information about this program I also came across mentions of guru-send and I’m not sure if that is an old or future version, but it looks like just another name for the same deal.

If you are looking for software that will enable you to share or send big files we would recommend to have a look at some of the more established names: WeTransfer, DropBox, Google Drive, OneDrive and (for businesses) Box.com.

YellowSend and AnySend are detected by Malwarebytes Anti-Malware as PUP.Optional.YellowSend and PUP.Optional.AnySend.A, respectively.

Pieter Arntz

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.