OpenCandy Adware no longer detected/blocked?

Discussion in 'ESET NOD32 Antivirus' started by Carbonyl, Apr 13, 2011.

Thread Status:
Not open for further replies.
  1. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Recently I almost installed a free utility that contained the known Adware OpenCandy. For those interested, it was Driver Sweeper by Phyxion. I will not link to the program unless asked, so as to prevent issues for others.

    In the past ESET detected OpenCandy as Adware - Specifically as a Potentially Unwanted Program. I currently have scanning/blocking for Potentially unwanted Programs active for both on demand and real-time on-access scanning. But when I downloaded the software, ESET didn't warn me about it at all. Scanning on another machine running ESET also didn't pick up the PUP.

    Is OpenCandy now considered 'Goodware' by ESET? Or have they merely tweaked their installer to slip past the NOD radar? I can submit a sample, if necessary. I just feel dirty that I saved the installer to my HDD at all!
     
  2. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Maybe this is another sample, with advanced Stealth capabilities that dont allow ESET to detect it. Please send the sample to samples@eset.sk: an archived copy (RAR or ZIP) with a password "infected"
     
  3. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    some weeks ago OpenCandy complained (see their website) about the detection and now it seems that all AV (except Microsoft) do not longer flag files which contain OpenCandy (just tried with one file on VT, but better you wait for confirmation by ESET).
     
  4. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
  5. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Wow. I guess all malware authors have to do in order to avoid AV detection is ask? Not sure I understand quite what's going on here, but OpenCandy is adware/malware without question. It is, without exception, a potentially unwanted program, even if not a trojan, worm, or otherwise.

    Anyhow, still don't know ESET's take on the matter. I sent in the installer in question with an explanation to the email address above, but I don't know if ESET replies to such emails.

    Thanks for the information, folks! I do appreciate knowing the larger story.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Wow, Microsoft is the only one that correctly labels this adware now? How uncomforting.
     
  7. DonnEdwards

    DonnEdwards Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    36
    FWIW, I just installed Any Video Converter 3.3.2 and ESET Smart Security 4.2 blocked a link to xxxp://api.opencandy.com
     
    Last edited by a moderator: Apr 27, 2011
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  9. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    We have been informed by Mr. Thompson (OpenCandy CEO) about their new internal policy to determine suitability of promoted applications for their advertising/recommendation network. According the information from OpenCandy, several questionable applications were removed.
    As a result of the applied improvement the ESET will remove blocking of the OC plug-in network communication in the one of the following updates. The by-default blocking could be re-activated only when it will be needed to ensure safety of our customers.
    ESET users who still wish to block the advertisement in the OpenCandy installers can do it if they decide to do so by adding *opencandy.com* to the list of blocked addresses.
    How do I configure my ESET security product to restrict access to specific websites?
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2123

    Alternative way of blocking is the way described in WikiPedia via the hosts file: http://en.wikipedia.org/wiki/OpenCandy
     
  10. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Thanks danieln and all others for the info and links !
     
    Last edited: May 23, 2011
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You're welcome, FanJ :thumb:
     
  12. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    So now spyware companies just have to contact AV companies to remove the detection and they just obediently do what they're told. -_- Shame on them.
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    As far as I know, OpenCandy will still be flagged as a Potentially Unwanted Application and should remain so since there is not definitive list of what software they are bundled with :ouch:

     
Thread Status:
Not open for further replies.