{"id":13271,"date":"2013-07-19T10:00:39","date_gmt":"2013-07-19T17:00:39","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=12063"},"modified":"2018-10-05T12:47:58","modified_gmt":"2018-10-05T18:47:58","slug":"rogue-ads-targeting-german-users-lead-to-win32installbrain-pua-potentially-unwanted-application","status":"publish","type":"post","link":"https://www.webroot.com/blog/2013\/07\/19\/rogue-ads-targeting-german-users-lead-to-win32installbrain-pua-potentially-unwanted-application\/","title":{"rendered":"Rogue ads targeting German users lead to Win32\/InstallBrain PUA (Potentially Unwanted Application)"},"content":{"rendered":"

German Web users<\/strong><\/a>, watch what you install on your PCs!<\/p>\n

Our sensors just picked up yet another rogue\/deceptive ad campaign enticing\u00a0visitors to install the bogus PC performance enhancing software known as ‘PCPerformer’, which in reality is a Potentially Unwanted Application (PUA)<\/strong><\/a>, that tricks users into installing (the Delta Toolbar in particular) on their PCs.<\/p>\n

More details:<\/p>\n

<\/p>\n

Sample screenshot of the actual advertisement:<\/strong><\/p>\n

\"Adware_PUA_Potentially_Unwanted_Application_Germany_Rogue_Ads_PC_Performer_01\"<\/a><\/p>\n

Sample screenshot of the landing page:<\/strong><\/p>\n

\"Adware_PUA_Potentially_Unwanted_Application_Germany_Rogue_Ads_PC_Performer\"<\/a><\/p>\n

The PUA is digitally signed by Performersoft LLC.<\/p>\n

Rogue URLs:<\/strong>
\nhxxp:\/\/www.fasterstrongerpc.net\/pcperformer\/st2\/pcperformer-st2-de.php<\/em> – 216.146.46.10; 216.146.46.11
\nhxxp:\/\/www.softologicsc.com\/download<\/em><\/p>\n

Detection rate for the Potentially Unwanted Application (PUA) – MD5: d8c542ced7879d0ca4a1a69d0ca97a53<\/strong><\/a> – detected by 4 out of 47 antivirus scanners as Adware.Downware.1295; APPL\/InstallBrain.Gen.<\/p>\n

\"InstallBrain_Delta_Toolbar_PUA_Potentially_Unwanted_Application\"<\/a><\/p>\n

Related MD5s part of the same family, known to have been downloaded from the same IPs (216.146.46.10; 216.146.46.11) in the past:<\/strong>
\nMD5: 21420e6cb90327bae4cf28e5b0544f9b
\nMD5: 4b6ee8317779f95e80e53e79c4641fba
\nMD5: 89120c3a4cb5436ae0543cec1ad38bf0
\nMD5: b31f81472933315d66f9dea4b3453281
\nMD5: 7156f2b47fd0fe6a89abacdb4d0e58cd
\nMD5: dbe791e0aacd084400fa62e17e19e115
\nMD5: fb58ca29357d25ecd447e79f61b03b67
\nMD5: b88650fda149064d72a7c2a49d810c65
\nMD5: dbef581a9db01fca22fb1d353d1df2e5
\nMD5: 0a0c769ef483e879e727c45948925d3b
\nMD5: a755d221a33813b4db8e0fda03439649
\nMD5: 93e8bd74b2bbf7b9214a674ce9367343
\nMD5: 976cf6723be45baa81a40513fbef258a
\nMD5: 3c3098bc796856b514cedd4500ddf782
\nMD5: c54c9126ce834c9b1a72f1a084b52108
\nMD5: 671559ba02deba84ff3abe1a850c9bbc
\nMD5: 5ac20f9bdeae82c28b5c45cdd7ea37a0
\nMD5: 9ca82be7c1821873f04959ab10fa9c7a
\nMD5: 4e269ce006ce599e7823a40ee4fe0feb
\nMD5: cdafbf8c6986791b0b8f7b902473c3f1
\nMD5: a7c445a075a800b5836c7af43771628b
\nMD5: 64159f11f26e06bb64abb7e9424ed217
\nMD5: 59b828d65a35ce144ba2bbca1c60b9b0
\nMD5: 65ea351fa94d582d9548d484c073e4bb
\nMD5: 7a46f9fa6d5488d748c160cb81d291bb
\nMD5: 6dff7941b8fb63f2049a94d7905396e1
\nMD5: be5f167c91788779e4507c1a1c23a1fb
\nMD5: e7dc6f6c354f11d06c271fb1b84cfbb6
\nMD5: c37ffd6b19df0ed67b4ed090746d689b
\nMD5: 023feae3f3cc4ccfd9ebc87642a2eae7
\nMD5: 5143628e02e1b0edd6cc59354b423818
\nMD5: fe2546f291d1b26b35df56de9195c738
\nMD5: 29e07d6b8eca583cb04ce32ae021cfe2
\nMD5: d0db4f62648912e4baae34f1d918010b
\nMD5: 988132ace637767c5564ce1639aaed98
\nMD5: ba1d94fddafa30253f47b960f957241a
\nMD5: 08b97d5174fac38915a1a276c2ffa74f
\nMD5: 06ac452b2ffe750496364a054987fda0
\nMD5: 2242dd5a6616e50385aeb232a32bcc37
\nMD5: 145cf1b82455ecdc2cbe702b8a7236f3<\/p>\n

Webroot\u00a0SecureAnywhere<\/a><\/strong>\u00a0users are proactively protected from these PUAs.<\/p>\n

You can find more about Dancho\u00a0Danchev at his\u00a0LinkedIn Profile<\/a><\/strong>. You can also\u00a0follow him on Twitter<\/a><\/strong>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

German Web users, watch what you install on your PCs! Our sensors just picked up yet another rogue\/deceptive ad campaign enticing\u00a0visitors to install the bogus PC performance enhancing software known as ‘PCPerformer’, which in reality is a Potentially Unwanted Application (PUA), that tricks users into installing (the Delta Toolbar in particular) on their PCs. More […]<\/p>\n","protected":false},"author":65,"featured_media":17052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[4037,4209,14747,15313,4295,4047,4323,5263,5251,11671,14739,5253,3875,5605,5615,5273,11681,14741,3529,3471],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/13271"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=13271"}],"version-history":[{"count":2,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/13271\/revisions"}],"predecessor-version":[{"id":25705,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/13271\/revisions\/25705"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17052"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=13271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=13271"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=13271"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=13271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}