# 3 download on download.com has malware ties?

Discussion in 'other software & services' started by acr1965, Sep 10, 2010.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    So I get into a discussion with someone on another site about a youtube video downloader. This person had recommended Youtube Downloader 2.6.1 from download.com - here is the page site-
    http://download.cnet.com/YouTube-Downloader/3000-2071_4-10647340.html?tag=contentMain;contentAux

    Apart from the software's questionable home page and contact info, this just looks like another youtube download tool. Even a scan is done of the software on virustotal shows the software is malware free and a report from the Norman Sandbox showed nothing suspiscious. The Sunbelt sandbox timed out most of yesterday so no report was available. An Anibus report showed some issues, but nothing serious.
    http://anubis.iseclab.org/?action=result&task_id=1130f79846421b074edea17f15ef74fb1&call=first

    Above at the download.com page a person can see several complaints in reviews about a toolbar install. Curious about all these complaints and the lack of anything meaningful in scans I had performed I decided to go with Joebox.org to see if there was some info that could be obtained. And yes there was. But the joebox.org report has over 300,000 words and I'm unable to post it. There is a report number if anyone knows how to reference the report that way. The report is titled- Joebox - Abstract Analysis File: 6078

    I have a picture attached showing the Youtube Downloader calls out to a site listed on hphosts as a malware distribution site. The call appears to be for a toolbar add on. I am not sure if the toolbar is downloaded from the site separate from the initial download/install of Youtube Downloader 2.6.1 . Hopefully someone can confirm or deny what actually happens.

    In the picture - 1. is the download submitted to joebox.org showing this is for the Youtube Downloader on download.com. 2. download.mybrowserbar.com and 3. the IP address of download.mybrowserbar.com.

    #2 is where I am a bit confused. Is it possible that the entire toolbar is downloaded from mybrowserbar.com as opposed to already being part of the initial install of Youtube Downloader 2.6.1 ? I believe this way the download could circumvent many of the on demand scanners. Anyone have any info on that?

    Anyway, IP address 174.36.215.20 is listed on hphosts here-
    http://hosts-file.net/?s=www.mybrowserbar.com
    The classification is malware distribution site.

    Does anyone have any thoughts or comments on any of this?
     

    Attached Files:

    • sd.jpg
      sd.jpg
      File size:
      219.2 KB
      Views:
      13
    • cnet.jpg
      cnet.jpg
      File size:
      228.3 KB
      Views:
      9
    Last edited: Sep 10, 2010
  2. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Last edited: Sep 10, 2010
Loading...
Thread Status:
Not open for further replies.