On Wednesday, ArsTechnica reported that the Windows version of the open-source GIMP image editing app hosted on SourceForge has been “seized” by SourceForge and used for distributing adware. This is a troubling development, but not exactly surprising for those who have been following the antics of SourceForge lately. Is it time to boycott SourceForge, as is already recommended for sites like Download.com and Softonic?
Read the rest of this entry »

17 Comments

Softonic has been a problem before, as outlined in a previous article, Boycott Softonic. In a nutshell, Softonic was wrapping some software downloaded from their site in an adware installer, which installed the ChatZum adware. Worse, the adware was installed regardless of whether you declined this “optional” software. Although Softonic quickly removed these installers when caught, they obviously did not learn the error of their ways. Adware-riddled installers are back!
Read the rest of this entry »

16 Comments

Just a few hours ago, I wrote about a VLC installer on Softonic that was installing adware. (Adware that was not authorized to be included with VLC, according to a post by Jean-Baptiste Kempf of VLC.) It has just come to my attention that the same thing is happening with UnRarX, and on downloading that software from Softonic, I verified that the installer behaves in the same way. It looks like Softonic is wrapping free software in a custom installer that installs adware, obviously to generate revenue for Softonic. I’m sure that the list of software being abused in this way will continue to grow over the next few days. This is despicable behavior, and I would ask everyone to boycott Softonic until they change their behavior.
Read the rest of this entry »

8 Comments

You should only download software directly from the site of the developer who created the software. This has been a bit of standard advice given by security people like myself when trying to help people understand what to download and what not to download. It’s good advice, right? Well… mostly, but not entirely, unfortunately.
Read the rest of this entry »

34 Comments

Earlier this month, I wrote about how new variants of the Genieo adware are proliferating. Now, however, it looks like Genieo may be changing its name. A new site, for an app called InKeepr, appears to be poised to take Genieo’s place, perhaps because of all the negative name recognition now associated with the Genieo name.
Read the rest of this entry »

28 Comments

InstallCore is adware that began with a couple simple browser extensions. (One of these took the same name as a Spigot extension, “Searchme”, leaving questions about whether InstallCore might be related to Spigot in some way or whether this is purely coincidence.) Recently, however, new variants of InstallCore have been appearing like poop on a lawn full of geese. And some of the strategies it’s using stink just as badly!
Read the rest of this entry »

34 Comments

OpinionSpy first appeared in 2010, installed along with a number of screensavers made by a company named 7art, as well as a few other applications. OpinionSpy – officially called PremierOpinion by its developers – was spyware disguised as marketing software. It was described by Intego at the time, who attributed to it the ability to capture data from the infected Mac as well as from the network it connected to, as well as having backdoor functionality.
Read the rest of this entry »

23 Comments

It’s not easy running a site like The Safe Mac. You get threatened with lawsuits [1], attacked by the bad guys [1, 2] and misidentified as malicious by security companies [1]. Headaches galore! And now, Avast is saying that this site’s RSS feed is the WireLurker malware.
Read the rest of this entry »

16 Comments