OFFICIAL SECURITY BLOG
April 3, 2014 | BY Christopher Boyd
Arcadia looks like a nice place, but it appears they had something a little odd going on with their website recently at
The pop-up box is for “VIO Player”, and it states that the download is managed by “Optimum Installer”.
“Optimum Installer is an install manager, which manages the installation of your chosen software. In addition to managing your download and installation, Optimum Installer will offer free popular software that you may be interested in. You are not required to install any additional software to complete your installation of your selected software. You can always completely remove the programs at any time in Windows’ Add/Remove Programs.”
The install button directed end-users to the following IP / executable:
However, the link is currently inactive so it’s hard to say for certain what would have happened next.
VirusTotal has the executable pegged at 7 / 51, and users of Malwarebytes Anti-Malware will find we detect it as Trojan.Agent.ZT
You can also see some URLs related to the above here.
We notified an email address connected to the site to see what was going on, and the mysterious “should not be there” pop-up has now been removed.
It doesn’t matter whether your website is a .gov or a .net – if there’s a way for someone to exploit it, they will and your visitors could end up paying the price. Thanks to the people over at the Arcadia site for removing the pop-up box so quickly.