Rogue ads lead to the ‘Free Player’ Win32/Somoto Potentially Unwanted Application (PUA)

by


Remember the Win32/Somoto.BetterInstaller Potentially Unwanted Application (PUA)? We’ve just intercepted the latest rogue ad-campaign launched by a participant in their affiliate network, potentially exposing socially engineered users to privacy-invading risks without their knowledge.

More details:

Sample screenshot of the actual ad:

Rogue_Ads_Deceptive_Adware_PUA_Potentially_Unwated_Application_BetterInstaller_Somoto_Toolbar

Sample screenshot of the landing page:

Rogue_Ads_Deceptive_Adware_PUA_Potentially_Unwated_Application_BetterInstaller_Somoto_Toolbar_01

Rogue URL:
hxxp://www.softigloo.com/nlp/e/matomy/free_media_player – 78.138.105.151

Detection rate for the PUA:
MD5: 3ee49800cc3c2ce74fa63e6174c81dff – detected by 16 out of 46 antivirus scanners as Somoto BetterInstaller; Win32/Somoto.A.

More Potentially Unwanted Applications (PUAs) are known to have been downloaded from the same IP (78.138.105.151):
MD5: 0d2a33231e3ea4377daa9aba69badc07
MD5: 569e64fe813cbfeb5f5645c6962da6d3
MD5: 88aa0405e0afad5844471db9a2c7cfb4
MD5: 91dab216e83be379a5690e10cd6f5c95
MD5: 609346344a6dfbd2cbc1fc6f97fd1449
MD5: 1fe6c1c4f166fa77601e4bac3f0c29b3
MD5: b0e362b142c90357ca1e7f1ae4c7b25a
MD5: fbd7091a58119d2b5faeac129b27cb2b
MD5: 7de8af856ca66b2c23e28aef56da8ac9
MD5: ccefee1fefcd7683ec531e3227952854
MD5: 06266b90c304d91e85d7a1dd33301857
MD5: 14a82de2614d466202ae973428a4be21
MD5: 3ee49800cc3c2ce74fa63e6174c81dff
MD5: 32de3ecdcb996cf736d5397a30a53c5a
MD5: f5cc40041780eb4c9fc814888b7a4222
MD5: 0d1a632d18f7cbd2c1ab86772910e5bd
MD5: cc95ae053393c43481bb55fb63a53158
MD5: 37afc6deca650258a6e460c156de8ce7
MD5: 22100b2a79b0ae408ddfd010623b0437
MD5: 21c3c1f47b68de52785f93bdd961c566
MD5: 02696da461918bd98324172130947d24
MD5: 7188e0950fb91a95ab71768a1421d409
MD5: 3967c2686efea20264bff333a935c7ba
MD5: b06882e68a5f7fbd0aff04e52c5e4594
MD5: 44b0d714486c230be83abf95a5e287ba
MD5: 2da8c25cd6b6f5466b27bd815a1479a6
MD5: f2b968c975f27a4d2212c98ecb818912
MD5: b061e2a27452f74226d698e1b3e124bb
MD5: f567b39c5f895dd49367ebb87ac071da
MD5: f4fef07d24fd8945dbfe9fef0a1613ff
MD5: 236eb0c32b0cf3a9e169b05953228dc0

Webroot SecureAnywhere users are proactively protected from these PUAs.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.