Apply those updates now: CVE bypass offers up admin privileges for Windows 10

Exploring a “Malwarebytes Anti-Malware for Windows 10” website…

Here at Malwarebytes, we offer support for a wide variety of Windows Operating Systems – from XP right up to Windows 10. The latter OS is the starting point for this blog post, with a website located at

malwarebytes-windows10(dot)com

which seemed to offer up a “Windows 10 ready” version of Malwarebytes Anti-Malware.

MBAM Windows 10

 

This installer is not ours, so it’s clear that this is a download manager of some sort, and – one would hope – gave the downloader a copy of Malwarebytes Anti-Malware at the end of the process. However, the download kept breaking, so we couldn’t get any further than the initial installer splash.

Since we started looking into this, the site has also now apparently rolled down the shutters:

MBAM 404

 

However, the EULA / Privacy Policy on the installer took us to a site located at

qpdownload(dot)com

which also offered up a variety of programs including Adblock Plus and yet another Malwarebytes Anti-Malware download:

Another MBAM download

I must admit, it’s somewhat bizarre to see a download like this offered up alongside text which reads as follows:

This download will be managed by our ad-supported smart download manager. The download manager may show commercial offers, such as a toolbar or other browser add-ons

Old MBAM

We did end up with a copy of Malwarebytes Anti-Malware on the testbox, but unfortunately the version offered is a bit old – 1.75.0.1300. We’re currently on version 2.1.8.1057.

Here’s an example of an Installer advert from the Adblock Plus download manager, offered on a different page:

Ads in Adblock installer

What you end up with here is an Ablock Plus .XPI file sitting in the Download folder. I’m not sure if many people know how to install an .XPI manually, given the majority of extensions are typically interacted with via the official Extension site (you do it via the Cog icon in the top right hand corner, in case you were wondering). We would advise to stick to official channels when installing browser extensions, though.

.XPI in Download folder

 

Users of Malwarebytes Anti-Malware will find we detect the “Download Manager” as PUP.Optional.InstallCore.A. Download sites can be cool, but it seems counter-intuitive to offer products designed to reduce advertisements / advertising software on your desktop alongside….adverts. If you’d like to try the most current version of Malwarebytes Anti-Malware sans any optionally bundled advert supported installers, feel free to visit our download page and give it a whirl.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.