Blog for hpHosts, and whatever else I feel like writing about ....

Monday, 2 September 2013

PropellerAds, Felix Leshno (softologic.com, appround.biz), Adf.ly, AdJuggler, AirSoftware, PerformerSoft, etc

Whether it's those god awful "fake surveys" that you can rarely get through to get the "leet crack", "free iPhone" etc from the skiddies that aren't skilled enough to do anything else, or the ad networks that keep allowing companies such as PerformerSoft, or file hosting and redirection sites such as Adf.ly, LinkBucks, FileSwap, Mediafire etc etc etc, we keep seeing a plethora of blatantly fraudulent adverts, all leading to the latest greatest rubbish that your machine keeps begging you not to install.

The latest of these include crapware such as InstallBrain via softologic.com, softologicsa.com, AirInstaller via getsoftsfree.com and noyapps.com, AMonetize from emule.com/amoninst.com and of course, Babylon and Delta, amongst many others.

Some of these do indeed, now have at least a landing page to inform you of what's going on, and the adware company name displayed on the advert itself (though to date, only around 3-4 of those companies, are doing this, the rest don't, presumably because they don't want you knowing).

The vast majority of these adverts are so beyond misleading that I keep having to remind myself this is "normal" (I know, I know - I already knew that). Surprise surprise, when they get themselves blacklisted for this activity, they're very quick to "reach out" (though rarely do these actually result in the misleading and unethical activities actually ceasing), or in some cases, send legal threats because you had the ordasity to do what is right to protect internet users.

To make matters worse, some of these not also use fake "Download" and "Plugin required" adverts (and I use the word fake, because they quite blatantly are, with both the wording and position/style of them, deliberately intended to mislead you into believing they actually are "required", or are going to actually take you to the download you wanted);



They also employ fake FlashPlayer "warnings";



And fake Chrome sites;



Sadly, this is just the tip of a rather large iceburg, where misleading and highly unethical adverts are concerned. Over the last week or two, I've noticed an extremely large proportion of adverts on Facebook, are for counterfeit apparel sites;



All of this of course, is before we get to the scummy snakeoil that is PerformerSoft and its ilk (i.e. 99.9% of "system cleaners" and every single "registry cleaner"), and the fond of misleading, MyPCBackup (FYI, on the subject of backups though, you should always ensure you've got at least 3 backups of a machine - 1 local, 1 local on an external drive (disconnected when not backing up) and 1 remotely stored (and I don't mean so-called "clouds" either! (unless you've encrypted the backup with something like TrueCrypt first)) and their ilk (I could go on, but don't want to be accused of rambling ....).

Why am I bothering to write about this? Well for starters, it's one of my pet peeves as it deliberately misleads people into believing they're going to get something they're clearly not, and in other cases, outright scams people and/or infects their machines, all the while, the ad networks and companies involved, are more than happy to let this activity continue - money talks louder than ethics it seems (yep, doesn't surprise me either).

If you'd like to help those less able, please do point these things out to them, advise them to keep as far away from them as possible. I'd also strongly advise blacklisting the offending sites responsible, and where appropriate, their IPs too. Just some of those you'll want to block (see hpHosts for a more complete listing, along with the corresponding IPs) include;

*.mediaget.com
*.download-instantly.com
*.nyoapps.com
*.softologic.com
*.metainstaller.com
*.imesh.com
*.ilivid.com
*.free2nstllr.com
*.circu.me
*.dwnldit.com
*.airinstaller.com
*.emule.com
*.amoninst.com
*.emulestore.com
*.movieseach.com
*.popker.com
*.pastdate.com
*.sotfball.com
*.motocrose.com
*.popertoys.com
*.torrentts.com
*.barcaelona.com
*.homaphones.com
*.micoscopes.com
*.airinstaller.com
*.install7.*
*.lunacom.*
*.addoncommon.info
allapplicationmy.info
amazingsoftware.info
aminoacidsguide.com
amu.abcdaddon.info
amu.add-spot-on.info
amu.addo-nclick.info
amu.boxinstallercompany.info
amu.brandnewinstall.info
amu.click2add-on.info
amu.clicktoinstalladdon.info
amu.companiesaddons.info
amu.companypage-addon.info
amu.extesnionchooeon.info
amu.generatecustomersthing.info
amu.goldenpage4install.info
amu.helpyourselfinstall.info
amu.installer4company.info
amu.installermustgolive.info
amu.installquicklyspot.info
amu.newinstallpagenine.info
amu.pageofsetups.info
amu.pagesofinstalls.info
amu.parktheextension.info
amu.pickandchooseaddon.info
amu.pickurextension.info
amu.sevenpage4install.info
amu.spotforaddonparking.info
amu.spotforallextension.info
amu.takeaddon4users.info
amu.three-installpage.info
amu.trafficproffiinfo.info
amu.twobox4addon.info
app.datafastguru.info
applicationmega.info
applow.info
apps-n-downloads.info
best-installer.info
cybeitrapp.info
cyber-mind.info
cybermindapp.info
cybermindtool.info
datadownloadscan.info
datafilehomescan.info
datainstallerscan.info
datasendmyukscan.info
dl03us.file.org
documentgoldmy.info
downloaddatascan.info
downloadkeeper.info
downmytool.info
downturk.biz
downturk.info
dr-us.net
driveridentifier-download.com
fastdatafunscan.info
favorythmic.info
fibonacci-trading-software.info
filemagnet.info
get-your-app.info
get-your-file.info
getfiledown.info
getmonetized.net
getthefilenow.info
goinstaller.net
gotovimyrok.com
grabza.net
greatdepothomey.asia
greatsaver.info
iframe.bestfilesarey.asia
iframe.bestfilesdatay.asia
iframe.documentssitey.asia
iframe.filesaredirecty.asia
iframe.filesareworldy.asia
iframe.greatfilesdatay.asia
iframe.superfilesarey.asia
image.borisoglebsk.net
installit-cloud.com
instrumpro.info
intelwinfilter.info
keep-app.info
keepapp.info
keepthefile.info
kosher-file.info
kosher-toolbar.info
kosher-transfer.info
lp.livetrafficall.info
mindyourapp.info
newfeaturesapp.info
newrealityworld.info
onthespotdownload.com
op.alllinuxapplicationsy.asia
op.applicationsforcompletey.asia
op.applicationsforentirey.asia
op.applicationsgroupforally.asia
op.bestfilesarey.asia
op.documentsguidey.asia
op.documentssitey.asia
op.filesareguidey.asia
op.filesareherey.asia
op.filesareonliney.asia
op.filesareworldy.asia
op.greatfilesarey.asia
op.greatfilesdatay.asia
op.superfilesarey.asia
op.superfilesdocumentsy.asia
saveclickersoft.info
saveneto.info
saveonapp.info
savingcollector.info
searchiseasy.info
searchitapp.com
second-reality.info
shopnsavenow.info
shopoptimzer.info
simplesearches.info
skypemoticonsbest.info
skypemoticonsinstall.info
skypemoticonsmagic.info
skypemoticonsproffi.info
superdownloaderssite.info
surfandkeep.info
systemenhancement.info
taketheaddonspot.info
systemutility.info
t1b.downturk.net
theothersworld.info
theall.net
topdogsoftware.biz
tracknl.info
transfer-gansta.info
transfer-guru.info
transfer-master.info
transfermaster.info
updatecoincide.info
updatesync.info
uptouapp.info
wdirect.downturk.net
webprotectionsoft.info
websearch.coolwebsearch.info
websearch.goodfindings.info
websearch.helpmefindyour.info
websearch.searchbomb.info
websearch.searchboxes.info
websearch.searchere.info
websearch.searchesplace.info
websearch.searchisbestmy.info
websearch.searchitup.info
websearch.soft-quick.info
websearch.wisesearch.info
winfilterdata.info
winsys-filter.info
wirelessdatadepoty.asia
zapbureya.info

... and ANYTHING that comes bundled with Delta crapware, Babylon crapware, or remotely resembling RelevantKnowledge (despite the Truste claims, sorry chaps, where "certifications" and such go, Truste are about as trusted as a polition in a brothel), it is NOT clean, it is NOT good for your machine, and YOU DO NOT WANT IT!), amongst others.

Just a word of warning when blocking IPs, there's a few of the larger outfits using CDNs such as Akamai and Amazon, to serve the actual installers and such themselves, as much as I'd love to suggest blocking the CDNs too, sadly, doing so isn't viable as there's also alot of legit sites/companies that also use them and doing so would block those too (including blocking the likes of security software updates, Microsoft updates etc etc).

I'd also strongly urge you either lock down your machine, or install WinPatrol (will notify you as soon as something tries adding a toolbar, adding a startup item, changing file associations, changing a browsers homepage/search engine, amongst many other things.);

http://www.winpatrol.com

If you've not already, also consider installing Malwarebytes AntiMalware*;

http://www.malwarebytes.org

I'd also strongly recommend uninstalling anything with Adobe's name on it, along with Java, and of course, disabling ActiveX in your browser, HTML in your emails, but annoyingly, few will actually take notice of thise as their emails look "prettier" or they are using games or some such rubbish on the likes of Facebook.

* I must note, for the purposes of full disclosure, that I am a contractor for Malwarebytes. I have not however (and will not!) linked you through an affiliate URL! (yep, not fond of those either, never have been).

No comments: