By Dancho Danchev
Our sensors recently picked up an advertisement using Yieldmanager’s ad network, enticing users into downloading the iLivid PUA (Potentially Unwanted Application) on their PCs. Operated by Bandoo Media Inc., the application installs the privacy invading “Searchqu Toolbar”.
Sample screenshot of the advertisement:
Sample screenshot of the download page:
Detection rate for iLivid – MD5: 468bbe0dc83496cad49597a47341c786 – detected by 3 out of 47 antivirus scanners as Adware.Bandoo.12; Win32/Toolbar.SearchSuite; W32/Toolbar.SEARCHSUITE
Landing URL: lp.ilivid.com – 126.96.36.199
Known to have responded to the same IP are the following malicious MD5s, which we believe attempted to monetize the malware-infected host through iLivid’s affiliate network:
What’s so special about iLivid and why should you avoid using it? Going through iLivid’s FAQ, we can easily spot the following:
“iLivid may automatically receive and record certain non-personally identifiable information on its server logs from your browser, including your IP address, browser type, internet service provider (ISP), cookie information, and
the webpage that a user visits. iLivid collects non-personally identifiable information for general purposes, including but not limited to analyzing trends, administering the site, tracking user movements, conducting research,
and providing anonymous reporting to internal and external clients. iLivid will not link any Personal Information, including e-mail addresses, with aggregate data of its users.”
To avoid continuously feeding URLs you visit to a third-party who will monetize access to this data by sharing it with more parties, we advise you not to install iLivid.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.