14 DAY TRIAL // Certain Yahoo searches will pop up results that instead of displaying the official pages of the product, advertise downloads that install charity applications.
Sun Belt blog informed us this morning of this so I decided to take a look for myself.
If we try to search for a "TeamViewer download" page, the first thing that will pop-up is a downloads.yahoo.com result with a large green download button. Once pressed, a large warning popped up from my anti-virus alerting me that I am about to access Win32/Adware.OpenInstall.
I've asked for some further explanation from ESET and they've quickly replied that “OpenInstall is an advertising platform” and they also pointed out that Yahoo confirms its presence by displaying the message “By Clicking download, you agree to the OpenInstall EULA and Privacy Policy”
This aside, a GFI researcher reveals the rest of the process "If the user runs the download from this page, they will be presented with an offer for the Yahoo toolbar and then either Shop to Win or Social Ribbons add-on. After the user accepts or declines these offers, the installer then downloads the actual TeamViewer installer from Tucows to the user's desktop and and prompts the user to run it."
Social Ribbon installs a browser plug-in and it monitors if the user shops on certain partner websites. For each purchase, they donate a certain amount of money to charities, but the amount is not mentioned and neither are the organizations that receive the funds.
It also seems that the whole process collects a fair amount of information that will be used to launch further targeted advertising, a thing that is not mentioned clearly except in the EULA/Privacy Policy.
Charities are always a good thing, especially if they’re accredited, but the way Yahoo pushes them to internauts is not nice. Especially for someone who doesn't know his way around too much, it's unfair that he would have to install a lot of additional components just to get the single application he wanted in the first place.
It's also unfair to the application's vendor who might lose a lot of customers because of the fact that their official site doesn't show up as the first result.