Rogue ads lead to the ‘Free Player’ Win32/Somoto Potentially Unwanted Application (PUA)

by

Share this news now.

Remember the Win32/Somoto.BetterInstaller Potentially Unwanted Application (PUA)? We’ve just intercepted the latest rogue ad-campaign launched by a participant in their affiliate network, potentially exposing socially engineered users to privacy-invading risks without their knowledge.

More details:

Sample screenshot of the actual ad:

Rogue_Ads_Deceptive_Adware_PUA_Potentially_Unwated_Application_BetterInstaller_Somoto_Toolbar

Sample screenshot of the landing page:

Rogue_Ads_Deceptive_Adware_PUA_Potentially_Unwated_Application_BetterInstaller_Somoto_Toolbar_01

Rogue URL:
hxxp://www.softigloo.com/nlp/e/matomy/free_media_player – 78.138.105.151

Detection rate for the PUA:
MD5: 3ee49800cc3c2ce74fa63e6174c81dff – detected by 16 out of 46 antivirus scanners as Somoto BetterInstaller; Win32/Somoto.A.

More Potentially Unwanted Applications (PUAs) are known to have been downloaded from the same IP (78.138.105.151):
MD5: 0d2a33231e3ea4377daa9aba69badc07
MD5: 569e64fe813cbfeb5f5645c6962da6d3
MD5: 88aa0405e0afad5844471db9a2c7cfb4
MD5: 91dab216e83be379a5690e10cd6f5c95
MD5: 609346344a6dfbd2cbc1fc6f97fd1449
MD5: 1fe6c1c4f166fa77601e4bac3f0c29b3
MD5: b0e362b142c90357ca1e7f1ae4c7b25a
MD5: fbd7091a58119d2b5faeac129b27cb2b
MD5: 7de8af856ca66b2c23e28aef56da8ac9
MD5: ccefee1fefcd7683ec531e3227952854
MD5: 06266b90c304d91e85d7a1dd33301857
MD5: 14a82de2614d466202ae973428a4be21
MD5: 3ee49800cc3c2ce74fa63e6174c81dff
MD5: 32de3ecdcb996cf736d5397a30a53c5a
MD5: f5cc40041780eb4c9fc814888b7a4222
MD5: 0d1a632d18f7cbd2c1ab86772910e5bd
MD5: cc95ae053393c43481bb55fb63a53158
MD5: 37afc6deca650258a6e460c156de8ce7
MD5: 22100b2a79b0ae408ddfd010623b0437
MD5: 21c3c1f47b68de52785f93bdd961c566
MD5: 02696da461918bd98324172130947d24
MD5: 7188e0950fb91a95ab71768a1421d409
MD5: 3967c2686efea20264bff333a935c7ba
MD5: b06882e68a5f7fbd0aff04e52c5e4594
MD5: 44b0d714486c230be83abf95a5e287ba
MD5: 2da8c25cd6b6f5466b27bd815a1479a6
MD5: f2b968c975f27a4d2212c98ecb818912
MD5: b061e2a27452f74226d698e1b3e124bb
MD5: f567b39c5f895dd49367ebb87ac071da
MD5: f4fef07d24fd8945dbfe9fef0a1613ff
MD5: 236eb0c32b0cf3a9e169b05953228dc0

Webroot SecureAnywhere users are proactively protected from these PUAs.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.


Share this news now.