Download.com and Other Sites Bundling Superfish-Style Adware: Report

Advertisement
By Hitesh Arora | Updated: 25 February 2015 16:59 IST
Download.com and Other Sites Bundling Superfish-Style Adware: Report
Despite new security features being added on an almost daily basis, we are certainly not moving towards a more secure Internet - at least, this is what can be derived from recent findings.

After Lenovo was found to be installing the malicious adware Superfish in consumer machines, another report on Monday came out suggesting that it is not the only one doing it. It reported two names of the security firms that have added similar man-in-the-middle code in their software platforms. While one software is being said to be using vulnerable SSL-interception technology sold by Komodia, similar to what Superfish employed, the other using different technology achieves the same effect of bypassing SSL and HTTPS protection.

All this seems to have created panic in consumers, and researchers are taking concerns seriously. According to a new report by How to Geek on Monday, several freeware and software sites (including CNET's Download.com) are bundling HTTPS-breaking-adware nowadays.

The report notes that the adware like Wajam, Geniusbox, Content Explorer, and many others are following the same trend as seen with Superfish in Lenovo. These companies are installing their own certificates and forcing all your browsing (including HTTPS encrypted browsing sessions) to go through their proxy server. Not just that, the report claims that your machine can just get infected "by installing two [KMPlayer and YTD] of the top 10 apps on CNET Downloads." The two apps reportedly feature two different types of "HTTPS-hijacking adware".

Once the adware is installed and is proxying all the traffic, users start to see ads all over even on the secure sites, like on Google, "replacing the actual Google ads, or they show up as popups all over the place, taking over every site."

Advertisement

These adware essentially install their fake root certificates into the Windows Certificates store and then use proxies to connect to secure sites with the fake certificates, explains report.

While it is not exactly clear whether the Download.com team or the app developers are bundling the adware, the distribution sites are obligated to ensure the content they host is safe.

Advertisement

So in short, the HTTPS websites are also not secure if any adware is installed on your machine knowingly or unknowingly.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Apple Might Not Make Any Major AI Announcements at WWDC 2025
  2. iQOO Neo 10 First Sale in India Kicks Off Today: Price, Offers and Features
  3. Apple to Reportedly Overhaul Shortcuts App With AI-Powered Capabilities
  4. Apple Might Upgrade These Devices With Solid-State Haptic Buttons
  5. Vivo X Fold 5 Battery Details Leaked; May Be Cheaper Than X Fold 3 Pro
  6. Realme C73 5G With 6,000mAh Battery Launched in India: See Price
  7. Instagram for iPad App Reportedly Being Tested and May Launch This Year
  1. Samsung Galaxy S26 Series to Reportedly Include Perplexity App as Companies Near Major AI Deal
  2. Google Pixel 10 Series May Launch Earlier Than Usual, Suggests Alleged Pixel Superfans Invite
  3. Bitcoin Falls to $104,900 as Market Undergoes Correction Phase, Most Altcoins See Losses
  4. Realme C73 5G With MediaTek Dimensity 6300 SoC, 6,000mAh Battery Launched in India: Price, Specifications
  5. Apple Developing Solid-State, Haptic Buttons for iPhone, Apple Watch and iPad, Tipster Claims
  6. Elden Ring Nightreign Sells 2 Million Copies on First Day; Patch Announced to Make Solo Play Easier
  7. Vivo X Fold 5 Battery, Charging Details Surface Online; Tipped to Be Cheaper Than Vivo X Fold 3 Pro
  8. Apple's macOS 26 to Be Reportedly Named After California’s Lake Tahoe
  9. Apple Might Not Make Any Major AI Announcements at WWDC 2025: Report
  10. iPhone 17 to Reportedly Use Same Chip as iPhone 16; All Models Could Incorporate Metalens Technology
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.