Beware of Spoof File Downloads!

by CXOtoday Staff    Aug 21, 2008

Two spoof P2P application installers, BitRoll-5.0.0.0 and Torrent101-4.5.0.0, are being used to install the Lop adware on users systems. These programs are used to exchange files between remote users and both these installers are available for download on the Internet, so any user could access them and become infected.

Other false applications are also being used by cyber-crooks to install malicious code, such as a program called wavesoftwarecreative.exe (which passes itself off as audio software) or another called bitdownloadsetup.exe .

The Lop adware is designed to display ads from various advertisers through pop-up windows, banners, etc. It also switches the Internet Explorer home page to its own search engine. When searches are made with this engine, the results returned will be advertising pages related to the search words.

To help prevent detection, this adware connects periodically to a Web page from which it downloads new files containing variants of the code and making it difficult to delete all active malicious files on the system.

If users try to use the program installed, they will be able to search for files but not download them.

Very often, users unwittingly consent to installing adware through clauses in the license agreements of other programs , explains Luis Corrons, technical director of PandaLabs. In this case however, there is no mention in the agreement about the installation of Lop.

Related links:
PandaLabs: Thieving Worms on the Prowl