OFFICIAL SECURITY BLOG

Misleading eBook Advertisements Install PUPs

July 2, 2014 | BY

Regardless of what it is, the Internet is filled with misleading advertisements.

Most of you reading this can relate to being in a frustrating situation where you’re looking for the “real” download link on a website.

Even more frustrating, however, is when you get it wrong, and you end up somewhere else or downloading something different from what you intended, typically a Potentially Unwanted Program (PUP) or Application (PUA).

I found myself in such a situation when looking for eBooks.

bookoffer

Entering information into this form then led me to another, this time telling me to enter credit card information for verification purposes.

This opens up a link to doitplay.com membership signup, not my eBook download.

bookccverify

Alternatively, if “No, thanks” is selected, the option to download the book without a credit card is presented, but with a special file downloader program called “The Red Badge of Courage and Selected Prose and Poetry pdf.exe”.

This file scores 24/54 on VirusTotal and is identified by Malwarebytes Anti-Malware as InstalleRex, a PUP I talked about here.

Running the downloader program installs fake PC optimizer programs along with other useless tools, like a LiveSupport agent which is quite possibly a Tech Support scam. Eventually I learned the download link to the book was broken, but only after all the junk was installed.

linkbroken

Numerous other sites are doing the same thing; here is another pushing PUPs while advertising eBook downloads.

faclic

Any of the book downloads on this site install another PUP we detect as PUP.Optional.Amonetize and scores 11/54 on VirusTotal.

Amonetize offers users “the opportunity to install some of our advertisers’ software in addition to that installation.” That’s a rather fancy way to describe adware.

We’ve talked a lot about PUPs in the past and the methods they use to get onto your computer; these are no different, and PUP distributors will continue to choose new avenues to make money while bloating your hard drive with useless software.

Malwarebytes takes an aggressive stance against PUPs, as detailed in a blog post by our CEO last year. These programs use deceitful tactics to find their way onto your computer, and usually end up not being what you’re looking for, just like the case here.

Don’t fall for these tricks, and steer clear of the many too-good-to-be-true offers out there. If you do happen to get snagged by the lure of these downloads, you can clean up the mess with Malwarebytes Anti-Malware, which provides free on-demand malware scans.

@joshcannell