We received a message from a customer informing us that when she installed avast! Free Antivirus, she also got an unwelcome toolbar installed from Conduit. After an investigation, we found that there are some shady characters providing our popular free antivirus protection with unwanted toolbars and other scams. Thomas Salomon, head of AVAST Software ‘s German Software Development team, looked into it further.
Today I was informed that some download portals have wrapped our avast! Free Antivirus with their own installer using our logos and brand name without even asking. From past experience, I know that this typically causes a lot of trouble and annoys users. So I thought to myself: OK, let’s be “John Doe” and test it out.
Unfortunately the experience I had was even worse than expected…
First, I needed to think how a typical user would download avast! Free Antivirus. I guessed that it might be to simply type “avast download” into the search engine of his choice. I used Google in this case, and it came up with our own (avast) download page on top and some ads in the right column. These ads looked suspicious to me, but it’s possible that some users would be convinced to download avast! from these sites. One click later, I ended up at a site called softm8.com. I quickly spotted and clicked the avast! download option. Interestingly, the download was pretty small – actually too small to be an official avast! Antivirus installer. Anyway, I continued in my role as “John Doe” and ran the installer.
The experience begins
After starting the downloaded file it took a second or two for Windows to check the signature. Next, I noticed that the program I just downloaded was not issued by AVAST Software but by a company called “AVSoftware EOOD”. This is definitely not us:
Ideally, this small piece of information would give someone the first hint that the software is not what he expects, therefore he should probably abort the download. For the experiment’s sake, I continued by clicking “Run.” As a result, I ended up in a non-AVAST installer:
This is one “before and after” picture that we didn’t want to see. Someone contacted the original developers of Chrome extensions Add to Feedly and Tweet This Page with an offer to purchase. Thinking it was a good opportunity for a company with more time and money to further develop what they started, both developers sold perfectly nice apps. It wasn’t until the next automatic update that the true transformation was revealed.
Even though users didn’t know about the sale of the extensions, angry reviews indicated that a change had been made. The app was accused of spamming because it had silently updated the extensions to inject ads and affiliate links. Amit Agarwal, Add to Feedly‘s original author told PC World, “These aren’t regular banner ads that you see on webpages, these are invisible ads that work the background and replace links on every website that you visit into affiliate links. In simple English, if the extension is activated in Chrome, it will inject adware into all webpages.”
Over the weekend, the two extensions were removed from the Chrome Web Store.
How to remove bad extensions and toolbars from your computer
“Both of these add-ons are categorized as “very bad” in the avast! Browser Cleanup database,” said Thomas Salomon, head of AVAST Software’s Browser Cleanup development. “Browser Cleanup will remove them without any trace. This means they’ll be removed the same way as any other bad add-on/toolbar.”
avast! Browser Cleanup lists all poorly rated add-ons, extensions, and toolbars for the 3 major internet browsers, Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome, and allows you to disable or remove them. It works by scanning the browser environment, then displays a list of any bad toolbars you may have, and asks if you want the offending toolbar removed. If you authorize it to do so, then Browser Cleanup will remove them.
There are more than 7,500,000 different browser extensions for the three main browsers. AVAST currently receives 1 million requests every day to remove browser toolbars. Read more about annoying toolbars from this blog post by Thomas Salomon.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
1/21 updated number of browser extensions. It keeps growing!
by Caroline James, AVAST Software’s U.S. PR manager
The top three security trends of 2013 will only strengthen in 2014. Hackers abusing new payment options, browser toolbars spreading extensively, and new privacy issues have defined this year’s trends of security threats and nuisances.
Online fraud goes viral on mobile
2013 has been the year of new payment methods, including SMS, WAP and NFC payment – and with these new options, hackers have increased their efforts to develop new ways to steal users’ money.
AVAST detected an average of 1,839 new mobile malware samples a day, about 60 to 70% of which were designed to send and charge mobile users for premium SMS.
AVAST this year has also seen more targeted attacks where the goal is to steal users‘ financial transaction data and ultimately their money. This for example includes hacking specific banks by manipulating their Internet banking interfaces to steal the customer’s personal data.
Unwanted toolbars cling like ivy to browsers
Another trend that snuck up on users in 2013 and strikes instant recognition among people who have experienced it, are browser extensions. The numbers AVAST has collected so far are enormous. The antivirus software company has identified more than 6.1 million different browser extensions for Internet Explorer, Firefox, and Chrome in just eight months.
Unwanted toolbars are a pain everyone can relate to and we would argue they are the first major consumer security outbreak since spyware.
Our experts at AVAST say that we are in the era of new ‘spyware’, but this time it’s even more insidious especially since many players in the security space are actually in the game themselves by pushing the toolbars onto customers.
NSA has people spooked about privacy – who is watching you?
In one of our previous posts we wrote about browser extensions and their possibly unwanted effects on our customers’ computers. Browser toolbars have been around for years, however, in the last couple of months they became a huge mess. Unfortunately, lots of free software comes with more or less unwanted add-ons or browser toolbars.
These are quite annoying because they may:
- Change your homepage and your search engine without your permission or awareness
- Track your browsing activities and searches
- Display annoying ads and manipulate search results
- Take up a lot of (vertical) space inside the browser
- Slow down your browser and degrade your browsing experience
- Fight against each other and make normal add-on handling difficult or impossible
- Become difficult or even impossible for the average user to fully uninstall
Maybe you have already become a victim of unwanted browser toolbars. avast! Browser Cleanup was developed exactly for this reason; to help our customers identify and get rid of unwanted browser toolbars and add-ons. It is integrated in avast! 2014 and is also available as a stand-alone product on various download portals for use by friends without installed avast! Antivirus. Now, about 7 months after the initial release of avast! Browser Cleanup together with avast! Antivirus 8, it’s time for a review of the results. Read more…
by Thomas Salomon, head of AVAST Software ‘s German Software Development team
In a previous blog post we wrote about the statistics from avast! Browser Cleanup. These statistics have become even worse:
- More than 1,000,000 (one million!) browser add-ons are available for the three main browsers
- More than 82% of all add-ons have a bad or very bad rating from our user community
- Two thirds of all add-ons in our database are from only three companies
- We see around 30,000 new add-ons per day of which 90% have a bad or very bad rating
As we can easily see the numbers are still rising. It’s now time to share some more details about the bad add-ons we’ve noticed so far. Read more…