OpenCandy Adware no longer detected/blocked?

Recently I almost installed a free utility that contained the known Adware OpenCandy. For those interested, it was Driver Sweeper by Phyxion. I will not link to the program unless asked, so as to prevent issues for others.

In the past ESET detected OpenCandy as Adware - Specifically as a Potentially Unwanted Program. I currently have scanning/blocking for Potentially unwanted Programs active for both on demand and real-time on-access scanning. But when I downloaded the software, ESET didn't warn me about it at all. Scanning on another machine running ESET also didn't pick up the PUP.

Is OpenCandy now considered 'Goodware' by ESET? Or have they merely tweaked their installer to slip past the NOD radar? I can submit a sample, if necessary. I just feel dirty that I saved the installer to my HDD at all!

 

Maybe this is another sample, with advanced Stealth capabilities that dont allow ESET to detect it. Please send the sample to samples@eset.sk: an archived copy (RAR or ZIP) with a password "infected"

 

some weeks ago OpenCandy complained (see their website) about the detection and now it seems that all AV (except Microsoft) do not longer flag files which contain OpenCandy (just tried with one file on VT, but better you wait for confirmation by ESET).

 

Link:
http://www.opencandy.com/2011/03/04/the-story-behind-the-opencandy-and-microsoft-adware-debacle/

 

Wow. I guess all malware authors have to do in order to avoid AV detection is ask? Not sure I understand quite what's going on here, but OpenCandy is adware/malware without question. It is, without exception, a potentially unwanted program, even if not a trojan, worm, or otherwise.

Anyhow, still don't know ESET's take on the matter. I sent in the installer in question with an explanation to the email address above, but I don't know if ESET replies to such emails.

Thanks for the information, folks! I do appreciate knowing the larger story.

 

Wow, Microsoft is the only one that correctly labels this adware now? How uncomforting.

 

FWIW, I just installed Any Video Converter 3.3.2 and ESET Smart Security 4.2 blocked a link to xxxp://api.opencandy.com

 

From a previous reply on OpenCandy adware:
What is OpenCandy and why does it trigger a threat warning?

Please wait for an ESET Representative to correctly reply to this query.

 

We have been informed by Mr. Thompson (OpenCandy CEO) about their new internal policy to determine suitability of promoted applications for their advertising/recommendation network. According the information from OpenCandy, several questionable applications were removed.
As a result of the applied improvement the ESET will remove blocking of the OC plug-in network communication in the one of the following updates. The by-default blocking could be re-activated only when it will be needed to ensure safety of our customers.
ESET users who still wish to block the advertisement in the OpenCandy installers can do it if they decide to do so by adding *opencandy.com* to the list of blocked addresses.
How do I configure my ESET security product to restrict access to specific websites?
http://kb.eset.com/esetkb/index?page=content&id=SOLN2123

Alternative way of blocking is the way described in WikiPedia via the hosts file: http://en.wikipedia.org/wiki/OpenCandy

 

Thanks danieln and all others for the info and links !

 

You're welcome, FanJ

 

So now spyware companies just have to contact AV companies to remove the detection and they just obediently do what they're told. -_- Shame on them.

 

As far as I know, OpenCandy will still be flagged as a Potentially Unwanted Application and should remain so since there is not definitive list of what software they are bundled with