Shady download manager hides Sirefef/ZeroAccess variant

Oct 31, 2013 16:41 GMT  ·  By

In theory, the sponsored links and ads of major search engines should point to safe websites. However, in practice, that doesn’t always happen. 

Researchers from ThreatTrack Security have found that users who search for “google chrome download” on Yahoo! might end up with a nasty malware infection. That’s because some of the sponsored ads point to a website called softpack(dot)info/chrome.

The “free software website” urges users to install applications through their own download manager, WeDownload Manager.

This practice is not uncommon for websites that offer free software downloads. However, the installers are usually bundled with adware. In this case, the Google Chrome installer offered on the site is a version of the notorious Sirefef/ZeroAccess malware.

When it’s executed, the installer deletes itself and installs Adobe Flash Player. In the background, it starts infecting the victim’s computer. Once it’s installed, the malware disables Windows security features to enable cybercriminals to download other threats.

If you want to download software, do it from trusted websites. Try to avoid websites that ask you to download software via third-party installers.