Menu Content/Inhalt
Home Developer Blog fre:ac The adware wrapper pest

News Feed

fre:ac Developer Blog
The adware wrapper pest Print
Written by Robert   
Friday, 26 September 2014 21:07

Originally, I wanted to write the September status update today, but something came in my way...

I'm a little enraged right now! Why? I'm developing fre:ac as a hobby project in my free time. I don't want to make big money with it and so I'm ignoring the mails that come in every other week asking if I wouldn't want to trick my users into messing up their computers for a dollar each by bundling with adware. No thanks, I don't! But lately, more and more download sites are doing exactly this. They are wrapping my software (and others') in their own adware downloaders ruining its reputation.

It started with CNET Download.com a few years ago. They wrapped every download into an adware installer that would try to install toolbars and other foul stuff. Of course, they didn't ask or even inform the software developers, why should they? Soon an uproar went through the IT community and media and forced them to retract a bit. When I learned about it through a German IT news site, they had already ceased to distribute open source software like fre:ac that way. Ultimately, they made the adware downloader an opt-in program.

But the devil was out of the box already. Other download sites started doing the same. Again, without asking the developers. I imagine they might be a little masochistic like "Hey, CNET did this and got beaten heavily! Let's do it too!".

Today I just found one more of those sites! But wait, it's an exceptional one! Exceptionally bad!

I stumbled on this thread on a German message board helping people to get rid of malware on their systems.

The user explains that he downloaded fre:ac from GIGA.de, a site which he thought was trustworthy (I did too!). Then started the installation, clicked away the adware offers (What?) and still got a malware warning from his virus scanner (WTF?). His browser start page was modified and he fears that some malware has been installed on his system. He then concludes with the warning "Finger weg vom fre:ac-Dreck!" which translates to "Hands off that fre:ac shit!".

I had to check that! I'd never bundle fre:ac with any malware! I went to GIGA.de, looked for fre:ac and started the download. The file offered was named fre_ac-audio-converter-lnstall.exe and had a size of just under 1 MB instead of the usual 7 MB for the regular fre:ac 1.0.22 download. Also note that it ends in lnstall.exe, not install.exe (the first letter is a lower case L, not an I). Looks like they are trying to obfuscate something by that already. Sneak under the radar of some malware scanners? I don't want to know!

Running the file, it brings up an installer dialog that looks unsuspicious at first glance. Note how it says "fre:ac audio converter Setup" and "Welcome to the fre:ac audio converter Installation Assistant" just like it was an official fre:ac installer. You almost want to click next to get to the installation options.

The GIGA.de installer in action

But look more carefully! See the blue buttons on blue background at the left? Yes, blue buttons on blue background! I'm still baffled when writing those words hours later! Designed to be overlooked. Also, this thing wants to install not one, not two, no, three adware additions at once. An Amazon Icon, a shopping application called Sparpilot and Securita Scout, which sounds like it might be some sort of scareware.

Everything is laid out in such a way that many users would continue without actually noticing what's happening. Remember that there is no hint whatsoever that this is a 3rd party adware installer. I didn't click next, but users who do will blame me and the fre:ac project for the malware they get.

Of course, fre:ac is not the only download they wrap up so nicely. I found popular open source software like Firefox, VLC or GIMP equipped with the same installer. Even iTunes, Chrome and Skype are bundled with it. I wonder if Apple, Google and Microsoft will find that funny when they find out.

Now you might think that's probably a niche site with next to no users, but no! GIGA.de is well known in Germany; Alexa ranks them at #173 in this country. Also, GIGA generally has had a good reputation here. Looks like they are now gambling it away, though.

The only good thing today: They quickly removed the wrapper for the fre:ac download after I asked them to.

After all this, I looked for other sites wrapping fre:ac in dubious downloaders and found three: CHIP.de, Softonic and BrotherSoft. Unlike GIGA though, they are not playing hide and seek and are making it obvious that it's their own installer running. They also don't use blue buttons on blue background (no, I still can't get enough of that). I still asked them to deactivate their downloaders for fre:ac and expect that they'll do so in the next few days.

If you know other sites that are offering fre:ac bundled with adware, please send a mail to support@freac.org.

 

Share

del.icio.us Add to StumbleUpon Add to diigo

Downloads

Donate