Last Friday, the German federal government decided on a law against internet scammers and subscription traps – the so called “button” solution. Sites like www.software-und-tools.de often cheated unsophisticated and often defenseless surfers, taking from them a three-digit sum while the surfers just thought they were downloading a freeware program. I’m happy with this new law – even if it is years too late and probably not comprehensive enough.

Using the example of www.winload.de, a well known page here in Germany, I want to introduce a relatively new scam today that is, unfortunately, also used by supposedly reputable sites.

Those currently downloading software through the www.winload.de portal must read the content of the page below the download button – where most users will not scroll – very carefully. (Update: After informing the website owner the Opt-Out infos are now visible above the download button) If you simply click the “Download” button, you will experience a surprise. After installation, the settings for the homepage and the search provider are changed – without any prior notice within the setup. In addition, an unsolicited toolbar is installed whose license conditions allow the operator to:

• Change of the default search engine in your Internet Browser's built-in search box
• Change of the default Homepage of your Internet Browser
• Add an alternative "Page not Found" functionality
• Add other search related services
• Install updates on the PC
• Send notifications to the user
• Collect location-based information
• Collect information contained on your Social Network account and/or site

According to our tests, the provider of this toolbar does use these new rights! The browser's built-in protective mechanisms, for example the query as to whether the user wants to use the new toolbar is circumvented. The toolbar and the changed browser-settings are retained, even if the downloaded software, which the computer owner considers (wrongly) to be the culprit, is uninstalled. Incidentally, the uninstallation of this toolbar using the provided uninstaller was unsuccessful in Windows 7 Ultimate 64 bit.

We at AVAST wish that the law against internet scammers and subscription traps would be extended. An end user neither wants his account to be hacked nor does he want his PC to be equipped with dubious toolbars using fictitious facts, and which henceforth provide him with unwanted ads and pass on his Facebook data. Until there is a reaction from the legislature, we will detect such downloads as malware – because that’s what it is in the view of our users.