What is PUADlManager:Win32/OfferCore?

OfferCore is a bundling tool that is used to install additional apps along with the “main” one. While such solutions were initially created to make free software monetization easier, their main usage these days is spreading unwanted software. The latter may include adware, malicious plugins, pseudo-effective apps and similar stuff.

One particular example of an installer detected with this name is the one for the infamous μTorrent. During the installation, it typically brings one or several unwanted programs to the system. Microsoft Defender tags it as Win32/OfferCore. Moreover, this torrent client alone has the capabilities of adware, which is less than desirable.

Seeing the Win32/OfferCore detection means that there is a software installer infused with this bundler. While its presence is not severely dangerous, having one running in the system is not a desirable situation.

What is PUADlManager?

PUADlManager is a software monetization and distribution method that combines multiple programs into a single installer. Often users do not realize that they are not only installing the desired application but also additional components, most commonly unwanted applications. Bundling is considered malicious by numerous security vendors, including GridinSoft because it violates transparency and user trust.

How does OfferCore affect my computer?

The peculiar thing about Win32/OfferCore is that it does not inflict direct damage to the system. Instead, this damage is brought by numerous unwanted programs it downloads. Some of them trigger a chain reaction, spawning even more junk apps during the installation. Here are a few OfferCore PUA effects I’ve encountered while working with the samples on a virtual machine:

• It changed browser settings and redirected to unwanted sites. I could not use my usual search engine, homepage, or a new tab, but instead could see a suspicious domain that belongs to or is promoted by malware installed by OfferCore.
• A lot of ads and pop-ups have started appearing; a rather unpleasant sight, if you ask me. Banners, pop-ups, and side panels of the sites are cluttered with irrelevant promotions – that is to be expected when you deal with adware. It also sometimes hides useful content on web pages or overlaps other elements, making certain websites unusable.

• Analysis of the outcoming network traffic shows that some of the stuff tracks online activity and passes the data to third parties. This means that PUADlManager loaded by OfferCore collects information about the system activity, like visited sites, search history, activity hours, installed apps, etc.
• The sheer volume of junk apps running in the system also noticeably reduces computer responsiveness and Internet connection bandwidth. Part of the slowdown probably happened due to the performance restrictions of the virtual machine. Nonetheless, it is still representative of how bad this will be to a weak system.

How to Remove PUADlManager:Win32/OfferCore

To remove PUADlManager:Win32/OfferCore from your computer, follow these steps:

1. Use a reliable antivirus program to get rid of the OfferCore PUADlManager. Gridinsoft Anti-Malware will repel all the nasty stuff brought by the bundled installation. This step is a must, as unwanted programs can block or revert further steps.
2. Reset your browser settings. You can do this manually for each browser, or let GridinSoft Anti-Malware do it for you. The program allows resetting all the web browsers in a couple of clicks, which saves quite a bit of your time.
3. To avoid further infections, be careful when downloading and installing programs from the Internet. Always choose official or trusted sources, be suspicious about questionable sources. Also, always choose custom or advanced installation mode whenever possible, and refuse additional or recommended components that may contain PUPs.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post PUADlManager:Win32/OfferCore appeared first on Gridinsoft Blog.

Why is uTorrent detected as uTorrent_BundleInstaller?

While being totally legitimate in its original form, uTorrent has some pitfalls to avoid. The main issue here is that it comes bundled with other software that is considered adware or potentially unwanted programs. Let’s look at what I’ve found during my research.

When installing the software itself, the application contacts a third-party offer provider before getting the user’s consent:

During the installation process, it offers to install several unrelated applications. Apart from being of dubious relevance, their banners do not provide a noticeable choice between installing and declining. This format is clearly intended to confuse the user and “soft coerce” the installation. Furthermore, users repeatedly complain of uncoordinated software.

In addition to the mentioned problems, there is evidence that together with uTorrent additionally installed a program such as EpicScale. It uses the idle time of your computer’s processor for its own needs. The idle capacity, according to the company, is used for solving various mathematical calculations and even mining cryptocurrencies.

Large amount of adware

Using uTorrent is often accompanied by a lot of annoying advertising windows and pop-ups. Annoying ads appear not only in the client window but also start to appear when using a PC. This is not only annoying for the user, but can also become a source of malware risk.

Unwanted programs like those presented by PUABundler:Win32/uTorrent_BundleInstaller can cause problems for users. They are especially known for changing browser settings, displaying advertisements or collecting data without their consent. In addition there is a user-confirmed fact that ads initiated by uTorrent uses an exploit to install malware.

Security vulnerabilities

In 2018, researchers discovered a vulnerability in uTorrent’s web interface that allowed attackers to remotely execute code on a user’s computer. This could have been used to attack users who downloaded and ran the uTorrent client with open Internet access.

$ curl -si http://localhost:19575/users.conf
HTTP/1.1 200 OK
Date: Wed, 31 Jan 2018 19:46:44 GMT
Last-Modified: Wed, 31 Jan 2018 19:37:50 GMT
Etag: "5a721b0e.92"
Content-Type: text/plain
Content-Length: 92
Connection: close
Accept-Ranges: bytes

localapi29c802274dc61fb4 bc676961df0f684b13adae450a57a91cd3d92c03 94bc897965398c8a07ff 2 1

Of course, after the wave of complaints raised by users, this vulnerability was fixed. But nobody guarantees that such an incident will happen again, especially considering uTorrent’s already dubious reputation.

Three uTorrent Installers – Why and for What?

One interesting fact: on the uTorrent website you can download not one, but three different installers, all of the same version. The difference between the web and desktop versions is obvious, but there are two desktop versions. They are downloaded from different links, and the only visible difference is smaller file size.

Perhaps the difference between the three versions of the uTorrent installation file is what additional programs or changes are included in each of them. These changes may be minimal and may touch, for example, pre-installed settings or advertising modules included in the client. Considering that their build times differ by mere seconds, they are unlikely to come from different developers. However, even such a small change may allow you to bypass detection by some antivirus vendors, or at least change the detection name.

How to remove PUABundler:Win32/uTorrent_BundleInstaller and unwanted programs?

If you have installed uTorrent and skipped the installation without paying attention to what it offers to install, it is rather probable that you have a lot of unwanted software installed in your system. Consider checking the list of installed apps and browser extensions, and remove anything you do not remember installing. This stuff may be related to PUABundler:Win32/uTorrent_BundleInstaller.

But since the unwanted programs often aim at making manual removal harder, I recommend using GridinSoft Anti-Malware.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post PUABundler:Win32/uTorrent_BundleInstaller appeared first on Gridinsoft Blog.

RarBG is Shut Down

RarBG is a classic torrent tracker website that provides people with P2P downloading links for various content. Well, a uniting characteristic of most of this content was the fact it was pirated. Hundreds and thousands of downloading links to fresh movies, games and programs were shared there. Back in the days when it started, these places were massively popular. And they still are, especially in poor countries. Back-to-back with sites like ThePirateBay and eMule, RarBG was among the largest cyber pirate resources under the sun.

In 2014, on the wave of digital rights laws introduction to the legislation of most developed countries, RarBG faced tough times. One by one, European countries banned access to the website, forcing people to use VPN or proxy servers to access it. Slow-but-steady transfer of people from the use of cracked software towards using licensed one did not help the situation either. However, the events of the 3 recent years brought even worse challenges. One of RarBG admins says the following in the “goodbye” note:

What now?

Software piracy is apparently becoming a thing of the past. Despite numerous torrent trackers still running, the trend becomes obvious when you look closely at the life in these places. Seedings have much less peers, their speed is lower, and fresh content appears much less frequently. Moreover, torrents always were a perfect place to spread malicious content – both in the package with promised software and instead of it. Leave aside that using cracked apps can create you a lot of legal problems if the fact of their usage is uncovered.

Other trackers I’ve mentioned above are still working and don’t have such serious problems as RarBG did. But who knows what happens behind the scenes? Maybe, we’ll see other piracy sites shutting down in the near future, or not – thanks to the users migration from the ceased website. Yet at this point, it is obvious that the war between piracy and licensed software is won by the latter.

The post RarBG Torrenting Site Is Shut Down, Admins Explain Why appeared first on Gridinsoft Blog.

What is a Torrent?

A torrent, also known as a “torrent tracker” or “file tracker,” is a small file that keeps track of where the file you want to download is located on a network of different computers. It may not seem easy, but it is easier than you think. A torrent is a small file used by a torrent client that tells others, “Hey, I want to download and upload this particular piece of content for and from you.” You can use a torrent file to share media files, such as movies, music, etc., with others using a peer-to-peer network or “P2P”.

What is a Torrent Client?

The torrent client or torrenting client is software that uses a torrent file to find out who else has the file you want to download. The client gets data from all these computers by slowly adding small packets of the file you are downloading to your computer. The torrent client also downloads small packages of that file from the other computers. This is what forms a P2P network. A torrent client is software that connects downloaders and uploaders of a particular file, using a torrent file to determine which file to share.

What is Peer-to-Peer?

A peer-to-peer or P2P network allows computers to share a workload while performing a specific task. It differs from the usual client-server model, where a user simply downloads a file from a server. In a torrent case, using P2P, each computer connects to the other to download (leech) and upload (seed) a particular file. In this sense, the people who share the file act as small servers to download the file using the torrent client.

What are Seeders and Leechers?

Seeders and leechers are terms used to refer to different parts of the P2P network. When a client downloads, it is called a leecher because it leeches a file from others. When uploading, the client is called a seeder because it seeds files for others to download. When you use a torrent client, you are both a seeder and a leecher because you are simultaneously downloading and uploading parts of a particular file. When you have fully downloaded a file, you become a seeder because you are no longer downloading the file.

How Does Torrenting Work?

As written above, a torrent works on the P2P principle. First, you have to upload a torrent-client – a program that allows you to participate in this network. Additionally, you’d need a tracker – a small file that contains the information about the file that will be managed. The torrent client uses this tracker to see who else has the actual file you are about to download. For example, suppose you want to download a movie, and the torrent client gets the data from all those computers, adding snippets of the file you are downloading to your computer.

While you’re downloading those snippets, you’re also giving the snippets you’ve already downloaded to other people, turning your computer into a small server. This download process continues until you completely download the file or stop your torrent client from sharing the file. You will usually have to stop sharing the torrent manually to stop sharing the file.

Where do People get Torrents From?

First, you need to get the torrent file itself. There are now various websites that host these files. They are called torrent sites. An example of such a site is Pirate Bay. However, many torrent sites contain copyrighted content, so downloading such torrents is fraught with legal problems. Some torrent sites, such as Kickass Torrents and The Pirate Bay, have even been shut down with the help of local law enforcement. Even though downloading a torrent is perfectly legal, a great number of files on these sites are copyrighted.

Is Torrenting Legal?

Yes, the use of a torrent itself is legal. This means that it is not illegal to download and upload packages of a specific file. However, most countries have a law that prohibits downloading copyrighted content. This is called piracy, and people involved in copyright infringement are commonly referred to as pirates. However, whether punishment follows depends a lot on where you live. For example, in most countries, especially in Eastern Europe or Latin America, torrent use, although illegal, is rarely enforced. Therefore, it is common to use torrents without any security measures.

However, in cases where the fact of piracy is tracked and acted against, you can get a hefty fine. Unfortunately, only a small number of people downloading copyrighted content get fined or sued. However, suppose you are caught downloading illegal files in countries like Germany. In that case, you will probably receive a huge fine in the mail. Moreover, for consequent software piracy acts you will likely face an imprisonment. Additionally, the company you’re working for will likely to pay a fine as well, and also face legal consequences as the use of pirated software for commercial purposes is punished in a way more severe manner.

What are the risks of using torrents?

Consider a few risks if you want to download from a torrent. The most common problem is downloading malware along with or instead of the file you want. Although this problem has been observed since the early 2010s, those regions where torrents are popular are still at the top of ransomware infections. Here are the most significant risks you may encounter when downloading torrents:

• You may download copyrighted content. This is considered illegal in most countries and can cause serious legal problems.
• Hackers can attack torrent downloaders in many different ways.

Read on to learn more about these risks.

The risk of downloading malware

One of the most significant risks when downloading via torrents is getting infected with a virus. Threat actors who may create the distribution along with other users may embed malware in the files. Since most giveaways contain cracked software with the keygen, the authors often ask to disable antivirus. This gives the green light to any malware. Therefore, it is essential to use proper anti-virus software when surfing the Internet.

Risk of violating the law

When you use torrent clients to download copyrighted material such as movies, songs, books, or video games, you get copyright-protected content without paying for it, which is outside the law. Even if your region does not currently enforce copyright laws on torrents, this may be corrected in the future. Using pirated software is much more risky, as it can be detected through the traces a hacked program leaves in the files, created with its use.

How to Stay Safe When Torrenting

You can take the following steps to be safe when using torrents. It is worth noting that downloading copyrighted content is illegal, and we strongly recommend against it. However, there are also many fully legal torrents. To stay safe when using torrents, follow these tips:

• Use only trusted, reliable torrent sites considered safe and free of malware.
• Use proper anti-virus software, such as GridinSoft Anti-malware, to protect against any unwanted malware you may encounter when downloading a torrent file.
• Refrain from downloading copyrighted content so as not to break the law.

That way, the very act of downloading a torrent is 100% legal. All you are doing is transferring data. You can use torrent programs to download and share files with other users.

The post What is Torrenting? Is it illegal or Safe? How Does it Work appeared first on Gridinsoft Blog.