Mipony client contains downware!

1. The #1 downware sample I got was...

• File name: DownloadManagerSetup.exe
• Detection ratio: 11 / 54
• Publisher: Bestop-app
• MD5: 4b17da9d6ae8531706d3def6dcfcc7ec

During its (modified/ changed) installation process, I can see the ad for downloading DriverSupport.
In d end, the below "after-install" page (URL, http://www.installfreehd[DOT]com/download-manager/welcomeb/mmm/?&chnl=mobit&dp=[clickid]&iv=0) also spread the annoying advertisement.

2. The 2nd badware I downloaded from the said Mipony v2.0.2 was...

• URL: http://tutor-download8d8b0b[DOT]com/go/lightspark?adprovider=mmltd&source=vuulom15sep&al=1&_alc=1&_cb=1&mdlink=secure.pn-installer31.com&cpixel=http://PartnerPixel-702897885.us-east-1.elb.amazonaws.com/Installer/Conversion?adProvider={adprovider}&source={source}&context=w82PRQT8KBQC489F0A67P14M
• The pop-up I met was waying "WARNING! Please Install Update To Continue."

I got additional information about that website (http://tutor-download8d8b0b[dot]com/legal/uninstall):

This site is distributing custom installers which are different from the originally available distribution. These new installers comply with the original software manufacturers’ policies and terms & conditions. Fusion Install is an install manager, which manages the installation of your chosen software. In addition to managing your download and installation, Fusion Install will offer free popular software that you may be interested in. You are not required to install any additional software to complete your installation of your selected software.

I fellow that dialog, clicked OK, then I was asking to d/l an application "InternetExplorer-Chrome.exe" from secure.pn-installer31.com. Okay... I direct choose the option Run.

• File name: InternetExplorer-Chrome.exe
• Detection ratio: 15 / 54
• MD5: 7de9ddaf694ed9bc365ee98bb971c830

Finally, I met the flagged malware "Premium Installer" (aka, "Browse for Change")

Now, another FREE foistware infection is about to show off

• "Welcome to Premium Installer."



• "Lightspark Player - Lightspark is a modern, free, open-source flash palyer..."



• "Installing your software..."



• "You're All Done..."



• "Your Software has been downloaded... Windows XP Download(?)" (It was a link, googleads.g.doubleclick[dot]net/aclk?sa=l&ai=Cm43sMjo-VLOMIOSvlAKo_ICgCOeBpcUGv4XB254BwI23ARABILC44CFQ2d2ByANgyYaAgLykoBqgAZmYrdsDyAEB4AIAqAMByAOfBKoEuwJP0MlbeS4watGUoS9h_5ryh548mYhoNpmJC-9Rn2u6PkGZnBkAzdpVJoBVKtxYvYrEBOUoUYlSkdUp7wWyUbV4ytXLF_8zJbzVi_zUiTFq9iMkzqcUuASbc4QQ5spRCi0ZzrBrQw9he8FPC3zmfxAUFXlfHAdUoJDNWWHbvn-XXoFaA1kTVYP_6K0d8II8hhnyiX0qx7lygLVsNs6GYWdnOUlZXqFNz8Q0V-0j0XiXs6hts1BR-ni-Q_57vNwhS_MXCHP1r1nnv0Y4Byev_dXiFd7xiyKqeq6E_Tbb7HFmO74otBwvxqbmfzUhyegBiu7vboBfXIPfsfnJVzetsYO2uu-KFD4Eb5qU8K2WImh3QW_wSwqoClHE55QEAIXRQlCaVMR3FO2NwE79ID-Lpx3mXLF7X3wtScTfwmngBAGAB8_n0iQ&num=1&sig=AOD64_3TQcpxI05E3WJHQBTfr2EGqVad3w&client=ca-pub-3330242410394288&adurl=http://pixel.everesttech.net/4343/cq%3Fev_sid%3D3%26ev_ln%3Dwindows%2520xp%2520ultimate%26ev_crx%3D42587149063%26ev_mt%3D%26ev_n%3Dd%26ev_ltx%3D%26ev_pl%3Ddownloadactivation.com%26ev_pos%3Dnone%26ev_dvc%3Dc%26ev_dvm%3D%26url%3Dhttp%253A//www.driversupport.com/lp/gdn/alt%253Ftid%253D300x250-GDN-US-Win7%2526utm_source%253DAdWords%2526utm_medium%253DGDN%2526utm_term%253Dwindows%2520xp%2520ultimate%2526utm_content%253D42587149063%2526utm_campaign%253DGDN-Display-US%2526Network%253DContent%2526SiteTarget%253Ddownloadactivation.com%2526s_kwcid%253DAL%25214343%25213%252142587149063%2521%2521downloadactivation.com%2521d%2521%2521__EFKW__&nm=56&nx=138&ny=63&mb=2&nb=8&clkt=119, that leads the download of driversupport again.)

So far, I got the below Lightspark 0.5.3-git installed.

You missing out a good FLV Player?!