Brothersoft serving up a Fake AV

Yet another instance of a major player in the DL department, actively promoting and serving up a Fake AV. I'm not suggesting they are purposefully doing this, but it's happening right now.



Direct link





AdWare Pro has been available on here -brothersoft . com / publisher / adware - pro . html- from 11 Mar 2010. That's nearly 5 months Amazing they havn't noticed, or been made aware, or should that be AdWare

I'm in the process of trying to alert them

 

Both WOT and Norton Safeweb are flagging Brothersoft as a bad website and this has been the case for a very long time now. I never use Brothersoft because of it's dubious reputation.

 

Brothersoft - dicey. Try Filehippo.

 

I sad thing is a lot of trusted free products use Brothersoft as their default file download site.
It is best to try to avoid Brothersoft because it has a history of listing rogue products and some are the site's picks.

Thanks.

 

All the three links are still alive. Just reported the links to Google and Kaspersky Lab for review.

 

Screw filehippo. They've went downhill recently. They used to not host products that installed adware without user consent but that has changed. Softpedia or Majorgeeks are probably better download sites for now.

 

Filehippo has a very small number of choices, albeit a safe site, but I agree, Majorgeeks and Softpedia are best. Have never ever used Brothersoft, think it's had a dubious reputation for quite a time.

 

I also use Majorgeeks and Softpedia as well as Filehippo. Some very reputable vendor sites divert to Download.cnet and I go for it when that happens.

John B

 

Why can't you just download programs from the official vendor's sites?

----
rich

 

Yes, of course, forgot to say this . Usually use MGs et al for the update alert.

 

Brothersoft has posted Fake AV's before.

Anyway can someone post the MD5 of the fake av?

 

AdWare Pro 2010

md5 9A27A775199BA1B3698102F439067066

Only one scanner on VT detect it- Panda as Application/PrivacyCrusader

 

It must be a Virus Total's "fault" again or your fault because you did a hash search.
Your MD5 search goes to one file . The one I downloaded from the site is completely different
~ Virus Total Results Removed per Policy ~

 

No idea what you are chirping about. I downloaded from brothersoft. I was not able to download from the adwarepronow.com site. Besides, since this thread is about Brothersoft hosting a fake av it would seem to be more relevant to download from brothersoft- not www.financeprogramm.com or where ever you got your download.

 

I am chirping . Wow , really ?

Me,too.

I also downloaded the one from Brothersoft . By the way , it offered me more than one variants but only one was working . The MSI which I started and the program I installed didn't seem like a typical rogue program. I performed full scan with it , it didn't find any threats on my computer (I was running a trial version of it) . Additionally , it asked me to buy it but the URL it opened said the program is not longer being sold (or something like this). I submitted it to Symantec and Microsoft for further inspection

 

Thanks I submitted to a few vendors for more research also.

 

Got one response, from what I have been told it contains no malware code.

 

@Rmus

Sandboxie is a developer and they host on Brothersoft. Ohnos!

@Ibrad

Update your signature before you get infected with Ohnos!

 

That doesn't surprise me because many rogue products are not considered to be malware by a lot of security vendors.
To me if it involves phishing, scamming, hijacking, faking protection or not providing trusted protection then I would expect all security vendors to detect me from them.

This is where a lot of commercial vendors makes deals with these type of products to allow them to escape detection.
That is why many free vendors will do better at detecting these type of rogue products like MBAM, Spybot S&D, SuperAntiSpyware, NoVirusThanks Malware Remover, etc. Because they don't made deals with these rogue vendors.

Because if you want to submit rogue products, start with the free vendors, you will get a better response.

Thanks.

 

But they also host on their own site:

​

However, one would be normally inclined to trust a DL mirror site recommended by the vendor. To force the DL of tampered product would be quite difficult, it seems to me. This is a bit different than browsing a DL site before checking with a vendor's site.

However, to be safe, one could ask the vendor for the MD5 number to check against the DL site.

Now, all of this triggered something from earlier this summer, and I can't find the thread, but if I search for Sandboxie on the Brothersoft site, I'm taken to an HTML page, where I would expect to read about the software. Note that there is a Download button to click. However, a script on the page starts the DL of the executable automatically, which my security flagged. This isn't good etiquette in my book! (Having heard about this, I enabled scripting just to check.)

​

----
rich

 

Always the best first approach, and there are decent, if not perfect, sites like Softpedia as alternatives. I agree with others who question Brothersoft's reputation. I don't even need WOT or anything else to to warn me about it; just one look at the main page with all its gratuitous cheesy advertising belies any modicum of credibility it might attempt to portray. When something doesn't seem right, avoid it like the plague.

 

brothersoft I always thought of as a trash site.

 

Same thing happens with the sandboxie.com d/load link... Actually, does this start the download automatically? I ask because it's still necessary to click the Save file button for the file to download to the machine.

 

Yes, depending on the browser, the file will start to DL but pause until OKed by the user. I think FF starts a null file in the cache; Opera starts a .com file in the cache.

Browsers are configured by default to prompt for the direct download of .exe. My security intercepted before the DL prompt box could display.

There is no danger, of course, that the file could download/execute without user permission, but for the uninitiated, seeing the prompt box pop up before clicking can be unerving. That's why I suggested that it's not good etiquette for a site to do that.

If it were to be a direct download, the link URL should end in .../file.exe and not .../file.html so that there are no surprises.

Note that the Download link on the Sandboxie page is a direct link to the .exe file.

----
rich

 

Okay, I understand now. Interesting stuff, thanks One thing, though, I wonder if this surprises most people? Maybe not. Admittedly it did not surprise me because the button is to download a file, so I kind of expect the prompt to pop-up, but I see now after your explanation why it shouldn't, at least with the Brothersoft one.