Sumo Bundeld with Viruses ?

Discussion in 'malware problems & news' started by Ranget, Sep 10, 2011.

Thread Status:
Not open for further replies.
  1. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    hey guys

    i was just installing sumo

    if found lot's of other programs installed with it

    Like facesmoosh ,registry Booster

    also PCAV detected a virus

    and malwarebytes also detected lot of infected stuff

    is that a good by for Sumo o_O
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Where did you get it from, the developers' website? I do know it's bundled with adware (can't think of the name), but not all that. I have high doubts the dev would intentionally put a virus in, perhaps the site is compromised?

    Edit: RK is the only thing that users should be aware of http://www.kcsoftwares.com/index.php?rk Nothing else should be in there unless it's gone rogue or the dev just hasn't updated the website.
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,769
    Location:
    Outer space
    It comes with Adware, not malicious, but still unwanted by most. You really have to pay attention during installation to make sure you don't unintentionally install that crap. There is also a crap/sponsor-free version available: -ftp://ftp2.kcsoftwares.com/kcsoftwa/files/sumo_lite.exe-

    Did you get the installer from the official site? Check the logs of PCAV and MBAM for the detection names, if it's PUP(Potentially Unwanted Program) or Adware then you don't have real malicious software installed.
     
  4. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    pcav

    detected a trojan/hupigon.BDH
    tojan/vb.aln

    Malwarebytes's antimalware detected 9 infections of Adaware

    yes it's an installer from the developer site
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    A Google search shows Hupigon to be a backdoor, as far as the 9 detections of adware, I have no idea what you have there. The site could be compromised. I went there (with Noscript and sandboxie), and Avasts' webshield didn't speak up, so I don't know.

    Edit: MBAM's website blocker is not saying anything either when I visit the website.
     
  6. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    thank god i used it on the VM first

    saved by luck :thumb:
     
  7. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    download SUMo lite version.. im using it;)
    -ftp://ftp2.kcsoftwares.com/kcsoftwa/files/sumo_lite.exe-
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Interesting... Didn't Malwarebytes buy hpHosts? http://hosts-file.net/?s=kcsoftwares.com

    Classification: EMD* (*engaged in malware distribution)

    This rating was last updated 31-05-2010.

    o_O

    There is a difference between adware and malware... I wonder what makes hpHosts classify it as such.

    hpHosts was always way too much abusive in the way it rated websites. I'd expect that with Malwarebytes being now the owner things would change. Apparently, not.

    I looked at the forum (hpHosts forum), and there's no explanation why it's rated as such.

    This doesn't give much credibility to hpHosts, IMHO.
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,769
    Location:
    Outer space
    hmm, interesting.
    You might want to contact PCAV support to make sure if these detections are FP or not.
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Look for the Lite version, which is also on the download page (Free of all sponsors download links).
     
  11. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I don't know about MBAM and HpHosts to be honest. I'm not against classifying adware as malware though. I will say that HpHosts is not doing themselves a favor by going that long without re-checking. We're in the days of malware being on a site for an hour and then never being seen again. As far as PCAV, I'd actually say they themselves are a bit overboard in their detections. Consider that hearsay since the system tools I used, and PCAV flagged as trojans, are long gone, but yeah. I even had it take out a file used to restore my OS (A gateway tool).

    Back on topic though, maybe one or so of the detections may be an FP, but 9 or 10? That's stretching it even for an FP-happy AV/AM like PCAV, and a usually spot on app like MBAM.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Well, according to VT results only Kaspersky and avast flag the sumo.exe installer as being adware, due to the Relevant Knowledge thing.

    It's funny, actually. For example, avast suggests to download and install Google Chrome. By definition avast is adware and should be flagged as being malware.

    It doesn't bundle it, but it does suggests to download it. It's suggested a third-party application not necessary for the program to function.

    I got nothing against it, but if it's to flag other apps as adware, then avast shouldn't include/suggest anything. They need to be coherent with what they flag and then do themselves. :blink:

    Regarding MBAM flagging 9 entries, MBAM will flag all entries that belong to a given malicious program (malicious according to them). Other antimalware/antivirus may only flag one, but for all the stuff.
     
  13. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Now wait a sec, M00n, lol. Adware to me is doing such within the program itself, not suggesting it on a blog. We could argue about whether a security vendor needs to be telling people what browser to use, but that's a bit irrelevant. Of course, we could very easily say all of the programs, including Avast that give the option to install Chrome, can technically be considered adware..but really it isn't as long as it is optional (and doesn't install itself anyway, even when the user opts not to..a lot of that going on).

    With regard to MBAM, I wasn't thinking about that. It makes sense that 9 things were found then. It was never made clear that these were different entries or the same detection.
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You misunderstood... :D I was just linking to a blog post saying that they do suggest to download Google Chrome on avast! free.

    By the way, users do have the option to download a RK-free version. So, it's not like RK is forced upon users. It's a bit like CCleaner. There's a main installer and then there's the slim version.

    But, is RK forced to users (for those who download the main installer)? Or, do they have the option to opt-out? Because, if they got no option to opt-out, then yes... massacre the beast. :D :argh:
     
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Well now, if RK wasn't forced in the full install, there wouldn't be a need for a lite version, now would there? :D If you really want an answer, I don't know, but that's my logical guess for why there is a lite version. I'm personally not going anywhere near either one.
     
  16. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Doubt it, last time I tried, it was all opt-out. Another example is CCleaner. Now is Chrome forced?
     
  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    No, Google Chrome is not forced to anyone. avast! merely suggests that users download and install it. I do not recall if it such option comes preselected, though.

    Anyway, what I tried to do, was create a context. avast! flags Sumo (main installer) as being adware. Sumo is ad-supported. According to you, it's an opt-out. So, it's not an abusive action, IMO. It doesn't really matter whether or not RK comes already bundled or if KC Software would make the installer suggest to download and install it. It's the same thing, as the end goal would be exactly the same.

    The same happens with avast! free. It's ad-supported. Nothing against that. I just find it ironic that a security vendor that offers an ad-supported antivirus flags some other application, apparently providing an opt-out, as being adware.

    I think security vendors should be more careful. Most people are familiar with one word only: virus.
    Their antivirus will protect them against viruses. If the antivirus flags something, then it's a virus. For all they care adware can be just some random name given to the virus.

    I just believe that applications should be flagged more careful. If a software developer is being abusive and not giving any option to opt-out, then yes, flag the application, as it would be a malicious action... Not necessarily a malicious application, but a malicious action. It's my opinion, of course.

    I doubt that, say, Microsoft EMET was bundled with some third-party application or suggestion to download a third-party application, security vendors would flag it. Just a feeling that I got.

    It reminds me Sysinternals. We all know what happens before Microsoft acquired it. Are these tools flagged anymore?

    I'm against flagging tools just for the sake of flagging them.

    I already gave an example. Malwarebytes bought hpHosts. hpHosts flags www.kcsoftwares.com as being engaded in malware distribution. Malwarebytes should put order in the house.

    For example, WOT rates it green. But, hpHosts is a WOT's trusted source. I'd say WOT is fairly used by a lot of people. Not to mention users are rating it red over WOT's page -http://www.mywot.com/en/scorecard/www.kcsoftwares.com

    It's just like Megaupload. It's rated as being engaged in malware distribution. Megaupload is a clean service, it just happens bad guys use it. Like Rapidshare, Dropbox, etc. hpHosts should be the domain being blocked... They are way too abusive in how they rate other domains. lol

    It reminds me of Ask.com toolbar and Avira's recent story. Do they simply rate something based on what they feel like they should be rated? Then, if they want to make a deal with a the company, they no longer flag it? o_O

    I dislike what Relevant Knowledge is, which if I'm not mistaken is to track and study online behavior? Don't take me wrong.
    But, in avast!'s example, Google isn't that innocent either. And, Google Chrome's default search engine is Google. Not to mention Google Chrome's default options aren't privacy-friendly either. Still, avast! does suggest it.

    Why flag Sumo/Relevant Knowledge? If it's malicious in itself, then flag it... Otherwise, don't. A line needs to be drawn. And, unless some software developer is being abusive by not giving an opt-out... Not only they do give an opt-out option, but they also provide a clean version... But, in that case, the application should be flagged as abusive software and not adware.
     
    Last edited: Sep 11, 2011
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,769
    Location:
    Outer space
    When installing Avast Free, installing Chrome is pre-selected in the installer ;)
    Last time I checked, Sumo comes bundled with a lot more crap than just RK.
     
  19. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    518
    Location:
    Italy - Ravenna
    exist a portable version (is the zip or 7zip file on download page) so .. problem solved
    sumo standalone have not crap software or adware:D
     
  20. MysteryFCM

    MysteryFCM Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    24
    Location:
    Newcastle, Tyne & Wear
    The reason it's rated as such, is because of the rubbish that comes with it. This was re-checked last month and is still the same, which is why it's not been updated (no need to update it if nothing has changed).

    The EMD classification covers everything from spyware, to adware, to worms/trojans etc etc.
     
  21. MysteryFCM

    MysteryFCM Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    24
    Location:
    Newcastle, Tyne & Wear
    The MBAM IPBL can't block it as it's a shared server.
     
  22. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    The subject of bundling Relevant Knowledge into SuMo has reared its head a few times with its developer Kyle Katarn in the SuMo thread here on Wilders.

    Kyle did have this to say last August: [post #201]
    It doesn't look like anything's changed there.
     
  23. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    No one argued that Sumo application doesn't bundle crap. That's beside the point. The real issue is the rating, IMHO.

    There should be different rating categories. Malware should be, obviously, in the EMD category. It makes sense.
    But, adware should be rated as such, and not malware. One thing is being engaded in adware distribution, another one to be in malware distribution. Or, are we saying that RK is something like, say, SpyEye or like ZeroAccess rootkit? I have my serious doubts about that.

    Anyway, it's just an opinion, so don't take it that serious. ;)
     
Loading...
Thread Status:
Not open for further replies.