Download.com and Other Sites Bundling Superfish-Style Adware: Report

Advertisement
By Hitesh Arora | Updated: 25 February 2015 16:59 IST
Despite new security features being added on an almost daily basis, we are certainly not moving towards a more secure Internet - at least, this is what can be derived from recent findings.

After Lenovo was found to be installing the malicious adware Superfish in consumer machines, another report on Monday came out suggesting that it is not the only one doing it. It reported two names of the security firms that have added similar man-in-the-middle code in their software platforms. While one software is being said to be using vulnerable SSL-interception technology sold by Komodia, similar to what Superfish employed, the other using different technology achieves the same effect of bypassing SSL and HTTPS protection.

All this seems to have created panic in consumers, and researchers are taking concerns seriously. According to a new report by How to Geek on Monday, several freeware and software sites (including CNET's Download.com) are bundling HTTPS-breaking-adware nowadays.

Advertisement

The report notes that the adware like Wajam, Geniusbox, Content Explorer, and many others are following the same trend as seen with Superfish in Lenovo. These companies are installing their own certificates and forcing all your browsing (including HTTPS encrypted browsing sessions) to go through their proxy server. Not just that, the report claims that your machine can just get infected "by installing two [KMPlayer and YTD] of the top 10 apps on CNET Downloads." The two apps reportedly feature two different types of "HTTPS-hijacking adware".

Once the adware is installed and is proxying all the traffic, users start to see ads all over even on the secure sites, like on Google, "replacing the actual Google ads, or they show up as popups all over the place, taking over every site."

Advertisement

These adware essentially install their fake root certificates into the Windows Certificates store and then use proxies to connect to secure sites with the fake certificates, explains report.

While it is not exactly clear whether the Download.com team or the app developers are bundling the adware, the distribution sites are obligated to ensure the content they host is safe.

Advertisement

So in short, the HTTPS websites are also not secure if any adware is installed on your machine knowingly or unknowingly.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Here's When the Poco M8 Power, Poco X8 Could Launch in India
  2. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot
  3. Lava Virat V1 5G, Virat V1 Key Specifications Confirmed Before India Launch
  4. OnePlus Exits US, Europe, Continues Operations in India: 5 Things to Know
  5. Redmi Note 17 Pro Global Variant Appears on NBD Database Alongside Poco Model
  6. Oppo K15 Launch Date Confirmed; Key Specifications Revealed Ahead of Debut
  7. Airtel Revises Postpaid Portfolio, Removes Rs. 549 Individual Plan
  8. Pixel 11a Codename Appears in Google's Phone App: Report
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.