{"id":11332,"date":"2013-06-06T00:00:08","date_gmt":"2013-06-06T07:00:08","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=11332"},"modified":"2018-01-30T12:25:45","modified_gmt":"2018-01-30T19:25:45","slug":"ilivid-ads-lead-to-searchqu-toolbarsearch-suite-pua-potentially-unwanted-application","status":"publish","type":"post","link":"https://www.webroot.com/blog/2013\/06\/06\/ilivid-ads-lead-to-searchqu-toolbarsearch-suite-pua-potentially-unwanted-application\/","title":{"rendered":"iLivid ads lead to ‘Searchqu Toolbar\/Search Suite’ PUA (Potentially Unwanted Application)"},"content":{"rendered":"

By Dancho\u00a0Danchev<\/strong><\/p>\n

Our sensors recently picked up an advertisement using Yieldmanager’s\u00a0ad network, enticing users into downloading the\u00a0iLivid\u00a0PUA (Potentially Unwanted Application<\/a><\/strong>) on their PCs. Operated by\u00a0Bandoo\u00a0Media Inc., the application installs the privacy invading “Searchqu Toolbar”.<\/p>\n

More details:<\/p>\n

<\/p>\n

Sample screenshot of the advertisement:<\/strong><\/p>\n

\"iLivid_SearchSuite_PUA_Rogue_Advertisement_Yieldmanager\"<\/a><\/p>\n

Sample screenshot of the download page:<\/strong><\/p>\n

\"iLivid_SearchSuite_PUA_Rogue_Advertisement_Yieldmanager_01\"<\/a><\/p>\n

Detection rate for iLivid – MD5: 468bbe0dc83496cad49597a47341c786<\/strong><\/a>\u00a0– detected by 3 out of 47 antivirus scanners as Adware.Bandoo.12; Win32\/Toolbar.SearchSuite; W32\/Toolbar.SEARCHSUITE
\n<\/strong><\/p>\n

Landing URL:<\/strong> lp.ilivid.com<\/em>\u00a0– 109.201.151.93<\/p>\n

\"iLivid_SearchSuite_PUA_Rogue_Advertisement_Yieldmanager_02\"<\/a><\/p>\n

Known to have responded to the same IP are the following malicious MD5s, which we believe attempted to monetize the malware-infected host through iLivid’s affiliate network:<\/strong>
\nMD5: 74562e98a305834d84cb6df299a96a63<\/em>
\nMD5: 463913c483112676a0c532f94802a6f0<\/em>
\nMD5: 0ff6aa66003c2d6e9a4b86c97198a722<\/em>
\nMD5: a7dd79393a3882acb8a373d5aebec1ea<\/em>
\nMD5: 33da215b4d827b1c74ff8361914f09ed<\/em>
\nMD5: 8c92b8c70e5a667bc9084517bc2431c3<\/em>
\nMD5: c3c9954178fc0efe04d4b182d3dc3045<\/em>
\nMD5: 60d4d1506efc6f444915257a402f76aa<\/em>
\nMD5: 70e8fe9b2baf3c39451ed95cb57666a7<\/em>
\nMD5: 20b9e917485a52b9dcf7bb1adb05fd95<\/em>
\nMD5: 2c5fcb0c1f346097542751e1f5a1d394<\/em>
\nMD5: d6390373eb082062688b4a568cea6e37<\/em>
\nMD5: d2dc7b3058a64a358f46953f2d2243ac<\/em>
\nMD5: 152172ad3cbd0e52bd3291a61d7153ed<\/em><\/p>\n

What’s so special about iLivid and why should you avoid using it? Going through iLivid’s FAQ, we can easily spot the following:<\/p>\n

iLivid may automatically receive and record certain non-personally identifiable information on its server logs from your browser, including your IP address, browser type, internet service provider (ISP), cookie information, and <\/em>
\nthe webpage that a user visits. iLivid collects non-personally identifiable information for general purposes, including but not limited to analyzing trends, administering the site, tracking user movements, conducting research, <\/em>
\nand providing anonymous reporting to internal and external clients. iLivid will not link any Personal Information, including e-mail addresses, with aggregate data of its users.<\/em>”<\/p>\n

\"iLivid_SearchSuite_PUA_Rogue_Advertisement_Yieldmanager_03\"<\/a><\/p>\n

To avoid\u00a0continuously feeding URLs you visit to a third-party who\u00a0will monetize access to this data by sharing it with more parties, we advise you not to install iLivid.<\/p>\n

You can find more about Dancho\u00a0Danchev at his\u00a0LinkedIn Profile<\/a><\/strong>.\u00a0<\/em>Y<\/em>ou can also\u00a0follow him on Twitter<\/a><\/strong>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

By Dancho\u00a0Danchev Our sensors recently picked up an advertisement using Yieldmanager’s\u00a0ad network, enticing users into downloading the\u00a0iLivid\u00a0PUA (Potentially Unwanted Application) on their PCs. Operated by\u00a0Bandoo\u00a0Media Inc., the application installs the privacy invading “Searchqu Toolbar”. More details:<\/p>\n","protected":false},"author":65,"featured_media":17052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[4037,11685,4209,6175,6173,5735,14757,14867,3557,4521,14755,14745,5251,11671,14865,14863,14861,5605,11681,3471],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/11332"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=11332"}],"version-history":[{"count":1,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/11332\/revisions"}],"predecessor-version":[{"id":23727,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/11332\/revisions\/23727"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17052"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=11332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=11332"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=11332"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=11332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}