By Dancho Danchev
Our sensors continue picking up deceptive advertisements that expose gullible and socially engineered users to privacy-invading applications and toolbars, most commonly known as Potentially Unwanted Applications (PUAs).
The latest detected campaign utilizes multiple legitimately looking banners in an attempt to trick users into thinking that their media player needs to be updated. Once users install the bogus ‘Media Player Update’, they introduce third-party privacy-invading software onto their PCs and directly contribute to the revenue flow of the cybercriminals behind the campaign.
Sample screenshots of multiple deceptive ads leading to the same Potentially Unwanted Application (PUA):
Sample screenshot of the landing page:
hxxp://dkg.videodownloadonline.com/download/video_downloader – 126.96.36.199; 188.8.131.52
Detection rate for the PUA – MD5: 85387afff8e5e66e2d9cc5dc1c43c922 – detected by 2 out of 46 antivirus scanners as Adware.Downware.925; Bundlore (fs).
The sample is digitally signed by Bundlore LTD, which is yet another pay-per-install affiliate network.
bundlore.com – 184.108.40.206 – Email: firstname.lastname@example.org
The following MD5s that are known to have interacted with the same IP (220.127.116.11):
Webroot SecureAnywhere users are proactively protected from these PUAs.