Half a million attempts made each month to install malicious software via ad networks

Kaspersky Lab has revealed that its security solutions prevent more than 500,000 attempts to install software distributed with the help of pay-per-install partner programs.

The underhand scheme acts as an intermediary between software producers who wish to distribute their application and owners of file-sharing sites.

The process is a ‘win win’ for both sides, but it’s users who lose out, says the security firm. The site owner receives money for the installation of applications, and the owner of the partner program collects the fee from advertisers who, in turn, achieve their goal of installing the software. This means that in addition to legitimate software, a malicious program can also be easily installed on a user’s PC without their knowledge and compromise their personal data.

Kaspersky explained that the programs are distributed through a simple process. One such example is when a user downloads a legitimate file and is then redirected to fake webpages, which often imitate the interface of popular cloud services. The user then receives an executable file, which helps intruders to bypass attempts to block their software from being downloaded onto the user’s browser.

Here’s how the data exchange process works: “Firstly, the installer sends a victim’s identification data to the server without his/her agreement, such as information about the PC. The server then returns the information about the downloaded file with the list of specifications for file installation. For example, this could be that the file will be not installed if there is a security solution on the user’s PC.

“Following that, the installer will check the fulfillment of the conditions, so that the installation of a program that will trigger the security solution does not happen. Finally, a window will appear, simulating the download process in a web browser,” explained Kaspersky.

Mariya Fedorova, senior malware analyst at Kaspersky Lab, commented: “The way these partner programs work is dangerous, not only because they can install malicious software on a user’s PC, but that they are collecting and sending sensitive data to the server to identify the victim – undoubtedly, without the user’s agreement. In the absence of security solutions, such resources should be used with extreme caution and vigilance.”

To ensure you don’t get caught out by pay-per-install partner programs, Kaspersky Lab offers up these simple rules:

– Do not download software from unfamiliar resources.

– Do not click on enticing and attractive banners – you are unlikely to get what you are expecting.

– Do not trust icons – if you download a movie, book, or torrent file, and get an executable file (in “.exe” format), do not run it.

– Carefully review what you are installing. Remove all the checkmarks and read everything that is written in the installer agreement before clicking the "next" button.

– Use legitimate security solutions, like Kaspersky Internet Security. The ‘Installation Assistant’ component of Kaspersky Internet Security can remove checkmarks for promotional offers to ensure you don’t fall foul of the scheme.

Check Also


In PCR’s September issue we focus on the challenging topic of Diversity, Equality & Inclusion. …