Home
Internet
Internet News
Download.com and Other Sites Bundling Superfish Style Adware: Report

Download.com and Other Sites Bundling Superfish-Style Adware: Report

By Hitesh Arora | Updated: 25 February 2015 16:59 IST

Despite new security features being added on an almost daily basis, we are certainly not moving towards a more secure Internet - at least, this is what can be derived from recent findings.

After Lenovo was found to be installing the malicious adware Superfish in consumer machines, another report on Monday came out suggesting that it is not the only one doing it. It reported two names of the security firms that have added similar man-in-the-middle code in their software platforms. While one software is being said to be using vulnerable SSL-interception technology sold by Komodia, similar to what Superfish employed, the other using different technology achieves the same effect of bypassing SSL and HTTPS protection.

All this seems to have created panic in consumers, and researchers are taking concerns seriously. According to a new report by How to Geek on Monday, several freeware and software sites (including CNET's Download.com) are bundling HTTPS-breaking-adware nowadays.

The report notes that the adware like Wajam, Geniusbox, Content Explorer, and many others are following the same trend as seen with Superfish in Lenovo. These companies are installing their own certificates and forcing all your browsing (including HTTPS encrypted browsing sessions) to go through their proxy server. Not just that, the report claims that your machine can just get infected "by installing two [KMPlayer and YTD] of the top 10 apps on CNET Downloads." The two apps reportedly feature two different types of "HTTPS-hijacking adware".

Once the adware is installed and is proxying all the traffic, users start to see ads all over even on the secure sites, like on Google, "replacing the actual Google ads, or they show up as popups all over the place, taking over every site."

These adware essentially install their fake root certificates into the Windows Certificates store and then use proxies to connect to secure sites with the fake certificates, explains report.

While it is not exactly clear whether the Download.com team or the app developers are bundling the adware, the distribution sites are obligated to ensure the content they host is safe.

So in short, the HTTPS websites are also not secure if any adware is installed on your machine knowingly or unknowingly.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.