The Dark Side of Ad Fly

Adf.ly or just Ad Fly, is a well-known advertising network that has been around for quite some time. It is a tool that can be used website owners to monetise their content or just regular Internet users to make money by spreading links locked by ad.fly tool and make some extra bucks this way.

Ad Fly serves as a middle man between publishers of advertisements and those who want to monetise their links and web content. By the concept, it sounds like a really good idea for both parties. However, things are a bit different in reality. A blog post by 2-viruses.com addressed this problem, why in some cases Adf.ly should be considered as an adware infection. The line between legitimate tool and malicious infection is very thin and it seems like Ad Fly tends to cross it.

The-dark-side-of-Ad-Fly

The biggest problem is that Adf.ly fails to control their partners. For instance, if you want to advertise using Google Adwords, Facebook ads or any other well-known advertising network, you will have to pass a strict control and verify for number of criteria. This way users are 100 percent sure that the content they receive through these providers are save to use. When speaking of Ad Fly, this lack of control is a really dark side. Various scammers and hackers can direct traffic to their websites of questionable reputation by using this tool. It’s not a secret that most of the time advertisements displayed by Ad Fly leads to offers to purchase viagra or other controversial services, that you wouldn’t normally encounter on legitimate websites.

Another feature that puts a question mark on this tool – it might stick to your web browsers without even asking your permission to do that. It can be also very difficult to get rid of it, therefore users struggle everyday, skipping ads and experiencing random redirects.

What’s our best advice in order to stay away from malware like this? Well, first of all, your computer should always be protected with reliable protection tools. There are tons of useful and free tools, such as AdBlock, CCleaner and so on – they will help you to protect your computer from unwanted content and spam, malicious files. Good anti-malware program should come useful as well. You should also be careful while browsing the Internet. Avoid websites that look suspicious and only download software from well-known and reliable sources.

Analysis of Search.chill-tab.com browser hijacker

It is always difficult to indicate the owners of browser hijackers as they are always trying to conceal their identities. In some cases, they do not introduce themselves at all. In other cases, suspicious developers leave a different company name in each of their products.

We have investigated a curious case of Search.chill-tab.com virus. In this website, its owners are not properly introducing themselves. However, the web sever on which the domain is hosted reveals more information about the possible owners of this domain.

Search.chill-tab.com virus is generated by developers that are using multiple company names to hide their true identity. Titles of Veristaff, Pinwid, ReSoft, CodeSet and maybe others have been noticed to be indicated in similar products.

Search.chill-tab.com virus

This is a classical strategy that hackers or simply greedy developers take advantage of. For the sake of profiting as much as possible, website-developers create identical search engines and use deceptive means of advertising to promote them.

As you might know, utilizing suspicious platforms for searching is never a wise idea. Suspicious ads will soon start to be noticed in forms of pop-ups, pop-unders, banners or in-text ads.

All of this promotional material might be involved in some sort of malvertising campaign. For instance, rogue updates for browser and Flash Players have been indicated as one of the most popular schemes for malware distribution.

Please pay attention to the search engine, assigned as your preference. If it happens to be Search.chill-tab.com browser hijacker, follow appropriate guidelines to get rid of this tool once and for all. These specific parasites are definitely aggravating as they are difficult to eliminate. However, anti-malware tool will always help you remain protected from vicious infections.

What are the first symptoms of a browser hijacker? Well, this question is easy to answer: modified browsers’ preferences, maybe other settings as well. There are certain types of browser hijackers. For instance, last week, we discussed infections that only affect new tab pages. This means that the default search provider will probably foster your selected engine.

To avoid potentially unwanted or dangerous software, install only respectable software tools and try to always select advanced/custom modes for installation processes.

Browser hijackers that occupy new tabs: how to avoid them?

There is a certain type of browser hijackers that occupy new tab pages and in some cases, start pages. They are similar to usual hijackware parasites,butt they do not occupy search providers. If you want to read more about this type of parasites, check out this helpful article.

There are several most widely known developers of browser hijackers that we have investigated. One of them is the MindSpark Interactive Company which has produced many similarly-looking browser extensions. All of them encourage people to use Hp.myway.com browser hijackers and are difficult to remove.

Newtab viruses

This organization is also very famous for its deceptive advertising strategies. If you are a regular visitor in online-streaming services, you might have been introduced with one or another Mindspark toolbar. Of course, you should always decline these propositions.

New tab viruses will show intense amounts of online advertisements with the hopes of triggering interests of possible users. In some cases, these search engines receive commission for the products, purchased thanks to their marketing.
Furthermore, browser hijackers have annoying habits of collecting users’ online information. Occasionally, this data might be shared with unknown third-parties that could use this information for their personal benefits. Therefore, we hope you will not keep an unknown new tab in your browsers.

There are many other producers of New tab viruses. ClientConnect LTD is one of those suspicious companies that generate knock-off search platforms and hope to benefit from them. Also, we have observed a parade of disturbing browser hijackers that try to trick users by incorporating “newtab” into their titles. If you notice that an unknown search platform has made modifications to your browser, we hope you will find an appropriate removal tool to take care of this problem. Always be certain that your browsing activities are properly protected and no shady applications have managed to slither inside your operating system.

Old Search.conduit.com virus still functions

Browser hijackers have been around for a long time and there are many old parasites that still manage to function. Search.conduit.com infection is one of the prevailing older search engines that are still trying to make it among the dozens of new hijackers.

The Conduit Toolbar was founded more than 8 years ago and at first, it was one of the most hi-tech online platforms around. Its owner, Adam Boyden, was even featured in influential magazines for his success.

After some time, the Conduit Toolbar began to be distributed in a way that many security researchers find disturbing: bundling. It appears that the browser extension would be installed together with other freeware applications. As people did not even bother to read installation processes, they agreed to get many redundant software applications.

Search.conduit.com virus

Conduit Toolbar was determined to have rootkit capabilities, allowing the toolbar to influence operating systems more. Because of this feature, browser hijacking was constituted to be possible.

Therefore, Search.conduit.com virus would be noticed as users’ home pages, default search providers and new tab pages. The exact classification of this tool has ranged from a potentially unwanted program (PUP) to a browser hijacker.

Some security researchers indicated it as a PUP because it was not necessarily malicious, but a lot of time has passed. ClientConnect Ltd. company is indicated as the owner of Search.conduit.com virus. During our analysis, we discovered that there are dozens of similarly-shaped search engines that are generated only for monetization purposes. Results to search queries might be tainted with sponsored material for which the owners of the platform receive financial support.

United States, Japan, Canada, India and United Kingdom are the regions that are currently being dragged into Search.conduit.com virus. Of course, people from other countries can also be bothered with the software of Conduit.

It is always advisable to stick to using more legitimate and secure searching platforms. In this case, you will have less chance of being exposed to potentially malware-laden websites, phishing scams or other deceptive websites that have no business being visited by you. To be safe from malware, we hope you will try to avoid this type of content.

Taboola serves malicious ads in MSN.com website

Online advertising companies have also been observed as not 100% secure services as frequently, their content distributed fake news, click-bait articles or malware-laden adverts. The popular and extremely profitable Taboola ad-network has obtained a rather cozy position in the digital world, but some security researchers are still regarding its content as questionable. Within the last weeks of September in 2017, a very disturbing truth resurfaced and made many researchers say “I told you so!”.

Taboola served malicious ads in MSN.com

From the recent news, owners of MSN.com intentionally included Taboola Ads in their domain. When you are making such a deal with MSN.com, the 53rd website in the world, you have to be careful. However, Taboola failed this task and provided MSN with advertisements that lead users straight into technical support scams. Such deceptive domains are only interested in tricking users and obtaining money.

Taboola Ads

The technical support scam pretended to originate from Microsoft technicians and urged users to contact a toll-free helpline. In addition to this, the domain insisted that people would reveal the usernames and passwords of Windows accounts with administrative rights.

This incident should definitely discourage more cautious website-owners from including ads from Taboola into their domains. It now has become clear that the ad-serving network should make their requirements more strict and review the submitted content before pushing it to its partners.

This just goes to prove that tons of online advertisements are bound to cause trouble. If you notice that your browsing is being interrupted by adverts, please make sure that your operating system has not become compromised by malware.

In addition to this, we always encourage our users to stay away from ads in unknown websites. However, the fact that MSN.com transferred people to technical support scams reminds us that basically any domain can become a distributor of suspicious content.

However, there are certain features of potentially dangerous ads:

1. They are presenting fake news or click-bait articles. We are referring to headline of “Justin Bieber is dead: see pictures to believe!” or “1 easy trick to pay off your home in half the time”. While they do sound intriguing, check reputable sources for more information instead of an unreliable source.
2. They present technical support. It could be that an ad will warn users that their operating systems are severely damaged. Do not believe these statements.
3. Lotteries, surveys and other participation-requiring adverts. They usually could require to learn users personal details or other information.

Should you try a DNS service? No!

While it might be devastating to be unable to access certain websites due to geo-restrictions, this is not an excuse to start using services that are clearly rogue. Many of them have received labels of “adware” or simply “malware”. TV show fanatics might be incredibly tempted to view content, published on official Pandora, Netflix or Hulu services. Nevertheless, do not start using Counterflix as your salvation.

Geo-restrictions are applied for a reason and it would be unjust to violate these rules. However, there is a variety of third-party programs that scrape of users’ actual IP addresses and replace them with the ones that would actually pass through the geo-wall.

Counterflix spywarerid

By downloading these tools, you are probably not sure what to expect. How about constant and deceptive online advertisements? Banners, pop-ups and pop-unders and constantly open and jeopardize your safety. If this occurs, then you are most definitely infected with an adware.

Changing DNS setting to specific servers are very easy. In case of Counterflix, it also does not take a lot of time. However, users’ cybersecurity should come before entertainment. In addition to disruptive flow of online promotional content, users might also become victims of illegal tracking.

Adware infections frequently insert cookies into hard drives and violate users’ privacy. In some cases, users names, email addresses, telephone numbers come into possession of hackers. Do not believe in applications that aim to provide high-quality services but are free of charge. This means that their revenue must come rom other sources, presumably pay-per-click schemes.

Other symptoms of adware parasites include: more sluggish operating systems, installations of unknown programs and additional disturbing features. Please do not believe the promises that DNS services are so passionately making. They are only trying to trick you into changing DNS settings to their servers. Furthermore, you will also receive additional program in your Control Panel.

Question of the day: how to determine a reliable free tool from malware?

Free but highly-appreciated software applications are rare, but they are like candies of the virtual world. If you find one, your experience becomes a little more pleasant. However, free but useless tools are like stones in a road that won’t budge to make way. What factors determine which applications are bound to be praised, and which ones criticized? There are several factors to observe:

  • First of all, it depends on the fact how an application is distributed. If its main channel is an official website, the program could be considered as fit for usage. Unfortunately, more than a few free tools turn to more desperate techniques, like being delivered in software bundles or thanks to drive-by strategies.
  • Secondly, whether application will display third-party advertisements in exchange for free services. Even though some legitimate programs could display only approved and certified promotional material, but there are hundreds of adware parasites that display online adverts, leading to phishing or other suspicious domains.

Malware or not?

  • Programs that are pre-installed into computers. This could be indicated with a term of “bloatware”. One of the famous of examples is Pokki which definitely stirred the calm waters. From 2012 or 2013, Lenovo computers were sold with a perk: Pokki software. However, the actual response from clients indicated that they did not like Pokki’s presence. Furthermore, users were forced to employ stronger program removal methods because the desktop menu did not budge easily. Currently, it is indicated as a potentially unwanted program (PUP) which could be installed into operating systems without users’ permission.
  • It monitors online activities and shows tailor-suited ads. This means that online adverts will be shaped according to recently-initiated search queries and visited domains.
  • It does not do much. If a free program has barely features and you find it close to useless, it might be designed for the purposes of completing pay-per-click schemes.

Selecting software can be difficult sometimes. Regular users like free samples, free programs and free trials without considering their price on privacy. Please, regularly scan operating systems to avoid malware, and check Task Manager or Control Panel to find tools that could be not considered dangerous, just unwanted.

Free-trials from hell charge credit cards without permission

You have probably been introduced to nicely-promoted online services that required solid amounts of payments to become their clients. The steep prices presumably are bound to push some potential customers away, but clever specialists of marketing have come up with a solution for this problem: free samples.

Free trials could be seen as investments in the future profit, hoping that people will sign up for full memberships. In this case, vicious people have found a way around.

Muvflix scam

After reviewing a service of Muvflix, we had to choice but to come to a conclusion that it is one of the expensive scams. Of course, clueless and naive users are the ones to pay their price. Like any other free-trial scam, this movie-provider has a neat official website that might fool users.

However, more attentive users shall dig a little deeper. The free trial is 5-days long, meaning that during this time, users should not be required to make any payments. The first red-flag is that during the registration for a free trial, Muvflix scam requires their banking account information.

Very quickly after signing up for this deceptive service, users might notice some disturbing activity in their banking accounts. Sums of 52 dollars are the most optimal to be taken away from victims of Muvflix victims, but bigger losses have also been reported. The main issue with these charges is that people are not required to provide permissions for these transactions. Money out of users’ accounts flies straight into controllers of this scam. To make matters worse, some people indicate that even after they cancelled their free-trials and hoped to have nothing to do with Muvflix hoax, money continued to be billed.

If you happen to be introduced to pop-ups, promoting this specific video-streaming service, we hope you will instantly look away. If you are one of the victims, seeking help from the wise sources of the Internet, we cannot help you get back your money. However, we do recommend that people who have suffered from Muvflix scam would contact their bank-service providers and order them to prevent any charges to be done by Muvflix. We have read a few testimonials that deceived people were planning to go as far as to sue the service.

FakeGlobe crypto-viruses: a family that derived from Globe ransomware

FakeGlobe or a.k.a Globe Imposter was first noticed in 2017 and over the course of this year, an awfully-disturbing number of its variants have been detected. Of course, this means an equal multitude of extensions follows every newly discovered threat.

If you need to know how did the ransomware emerged, nobody saw that it was going to be huge at first. It appeared like a one-time-thing, a ransomware based on Globe ransomware. Nevertheless, hackers showed their persistence and the number of GlobeImposters is not clear as there are new versions coming out on a daily basis.

FakeGlobe virus

Beginning from such normal extensions like .help, .crypt, .and 726, the ransomware variants soon began to append rather odd additions to encoded data. Now, there are variants of FakeGlobe virus that append .f*ck, .skunk, .GRANNY,. LEGO or .zuzya. In addition to this palette of extensions, we also have to add that hackers had decided to use names of former presidents like .ReaGan, .BUSH and .Bill_Clinto@derpymail.org.

Necurs botner, which has been noticed to distribute a variety of ransomware infections like Locky, has also been involved in the transmission of FakeGlobe ransomware. In August, the latter virus even became the second mostly-distributed infection on the Internet.

According to the circulation of malspam that delivers malicious payloads, people from United States and European Union were targeted the most. However, this does not mean and people from other countries should feel completely safe from FakeGlobe infection. If you are a speaker of the Spanish language, we recommend you try reading this article.

At some point, the FakeGlobe infection was being sold as an RaaS service. As it would appear, PSCrypt might have been based on a purchased tool. You might remember PSCrypt from the fact that it targeted Ukraine, just like NotPetya did.

Lastly, let’s once again remind our users about the best ways to take care of their operating systems and digital files. Ransomware viruses are everywhere: you could become infected by simply responding to a pop-up or visiting an unknown domain. Therefore, we hope you will find time to patch all outdated software and the OS itself. If you are still using an old version of Windows like XP, you are basically insisting to become infected with ransomware, or basically any malware that comes your way.

Locky terrifies the world with its newest version of Lukitus crypto-virus

After global attacks that occurred in 2017, there are barely any people left that would not be familiar with a concept of ransomware. These malware infections are probably one of the most severe viruses that we have ever encountered. Of course, some of them are based on Hidden Tear open source projects or are deeply flawed, but every once in a while, sophisticated crypto-viruses enter the arena.

Locky infection is one of the persistent infections that continue to threaten Internet surfers. Victims of this ransomware have no pay of recovering their data, unless they have them in online storages or USB flash drives. Lukitus crypto-virus is generated by the same hackers that are responsible for Locky, and we do think that these ransomware designers are rather persistent.

Lukitus virus

The newest strategic move that owners of these ransomware infections did was massive. Over the course of 24 hours, crooks were able to send 23 million of malware-laden email letters. It appears that most of them pretended to originate from DropBox service. The notifications required people to verify their emails by clicking on a specific link. What people did not knew was the fact that his seemingly-insignificant click might have allowed a malicious file to be implanted into an operating system.

What else can be said about Lukitus ransomware? Well, Locky was distributed via fraudulent pop-up messages. Who can say that the same strategy won’t be adopted to distribute Lukitus? Victims that become compromised by this disease should notice .lukitus extension at the end of encoded files.

Lastly, we should remind our visitors of a couple of tricks that are designed to help users become immune to ransomware.
1. Upload valuable digital files in backup storages. There is a variety of online services that provide this utility. Find the one that suits your needs and requirements.
2. If the first option is not for you, you could simply place your files in USB flash drive. However, remember no not keep it connected to your operating system. If a ransomware enters, it would encode data in the flash drive as well.
3. Use respectable anti-malware tools. If you will have a proper protection software, ransomware infections (or any other type of malware) will have less chance of slithering inside.