Researchers hack into software with malware threat


New York, Aug 5 (IANS): A team of researchers has hacked the working of software with the potential risk of malware -- disguised as lucrative advertisements -- opening computers and other devices to hijacking.

A team of researchers from Google and the New York University Tandon School of Engineering next week will offer the first public view into shady practices that deliver unwanted advertising and software bundled with legitimate downloads -- a problem that occurs far more often than malware attempts.

Their research material, provided by The New York University, suggested that some of the affiliates that distribute such softwares might be complicit in the scheme, which provides layers of deniability that they are installing unwanted software.

Generally, when a person goes to the "legitimate software update or download", a barrage of advertisements overruns the screen. Sometimes flashing pop-ups warn of the presence of malware, demanding the purchase of what is often fraudulent antivirus software.

On other occasions, the system's default browser is hijacked, redirecting to ad-laden pages.

The researchers conducted the first analysis of the link between commercial pay-per-install (PPI) practices and the distribution of unwanted software.

Kurt Thomas, a research scientist at Google, and Damon McCoy, an Assistant Professor of Computer Science and Engineering at NYU Tandon and their colleagues cite reports indicating that commercial PPI is a highly lucrative global business, with one outfit reporting $460 million in revenue in 2014 alone.

"If you have ever downloaded a screen saver or other similar feature for your laptop, you have seen a 'terms and conditions' page pop up where you consent to the installation," McCoy explained.

"Buried in the text that nobody reads is information about the bundle of unwanted software programmes in the package you are about to download," McCoy added.

The report explains that PPI businesses operate through a network of affiliates -- brokers who forge the deals that bundle advertisements (often unwanted software) with popular software applications, then place download offers on well-trafficked sites where they are likely to be clicked on.

Parties are paid separately -- meaning some legitimate developers do not know their products are being bundled with unwanted software -- and they are paid as much as two dollars per install.

The paper, Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software, will be presented at the USENIX Security Symposium, a top computer security conference, in Austin, Texas, next week.

  

Top Stories


Leave a Comment

Title: Researchers hack into software with malware threat



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.