Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

April 13, 2016

Protected with Purpose:    Is Free Really Free?

Article by: Steven Sundermeier

This week my family and I had an opportunity to attend a Cleveland Cavaliers (Cavs) game at Quicken Loans Arena.  Given our family of five (and the $40 parking!), attending a Cavs game is a huge treat for our family. And while I do enjoy watching our NBA Eastern Conference-leading Cavs and its All-Star roster (LeBron James, Kevin Love, Kyrie Irving, etc.), one of my family’s favorite aspects of being at the game was all of the promotional activities and giveaways- whether it is balls being thrown out by the Cavs dance team or Moondog, our mascot firing shirts by cannon into the stands.  And at one point Ohio lottery tickets came parachuting down from the rafters!  However, we were most excited by and cheered loudest for all of the corporate sponsored, incentive-based giveaways.  Which for our game included a free McDonald’s Quarter Pounder (if 25 points or more are scored by the Cavs in the 1st quarter), a free fountain soda at Giant Eagle Get Go (if 100 points or more are scored by the Cavs) and of course, the Dunkin Donut Iced Coffee (if the Cavs win at home).  Now that is a win!

There has always been a great appeal for “free” stuff, and I shared the above to let you know that I too am on board sometimes in the hopes of getting something for “free”.  And while my example dealt with physical items (i.e. t-shirts or coffee), as a recognized security expert, I know that there is also a huge appeal for programs and apps online (or anywhere!) offering to perform functionalities free of charge.  However, there is a question that must be seriously considered, "Is free really free?” 

One such (recent) example is a free "File Opener" program that opens archived files (ZIP, RAR, ARC, etc.).  The lure of this type of program is providing a free program that consolidates other file opening programs (ie. WinZip, WinRAR, etc.) instead of purchasing multiple, individual programs that perform similar tasks.  Our Thirtyseven4 Virus Labs traced this particular program back to being actively downloaded at a high rate among faculty and staff members within school districts Nationwide.  After analyzing the program, we (the Thiryseven4 Research Labs) found that upon the installation of this file opener program, the free software did perform the described functions (so no immediate red flag raised!).  However, behind the scenes, as is so often the case-it also installs a Potentially Unwanted Application (PUA) setup file.  (A PUA is defined as an unwanted program downloaded in conjunction with the program that the user actually wanted.)  The PUA associated here will then begin displaying unwanted advertisements and redirects to different websites. Next, in order to "spread" in a sense, it also tries to automatically connect to the users various email and social media accounts, to share the following message/post:

“I just downloaded this desktop app, which is totally free, and easily opens any archived file (ZIP, RAR, ARC, etc.) This is an absolutely essential tool for your PC, it's free and makes opening files a breeze. Check it out here - filename.”

Please note:  I modified the above website to avoid accidental opening.

Luckily for our customers, Thirtyseven4 already had detection for the PUA as "PUA.Friedcooki.Gen".  But, in cross referencing the additional downloaded PUA against other leading antivirus scanners, most did not yet offer detection. It is important to understand that most free applications are getting reimbursed or funded by some outside means, and many are not in our (the users) best interest (ie.  They are paid for by advertisers/spammers who pay these publishers in exchange for your contact information when you sign up/register for the free utility, etc.).  Have you ever questioned how popular “free” to play apps/programs can afford development and employee costs or how they can afford the multi-million dollar commercial spot on the Superbowl? Again, the question that must be seriously considered, "Is free really free?”
To get a better feel for Potentially Unwanted Programs, let’s take a close look at a couple other detections, PUA.Clientconn.Gen and PUA.Softonicin.Gen.
PUA.Clientconn.Gen is a generic classification of Potentially Unwanted Programs that support Adware publishers.  These types of applications lead to an excessive amount of pop-up displays degrading the overall system performance, they modify default browser homepages specifically to promote their own search engines and also highly recommend other downloads from malicious websites.  PUA.Softonicin.Gen is our generic detection for those Potentially Unwanted Programs that download malicious installer setup files (i.e. disguised as Voice Over packages, PC Performance Boosting software, Instant Messaging programs, games, etc.).  It’s important to understand that PUA’s are “smart” (in a malicious sense) as they aren’t developed to simply display any banner but are intently crafted to gain access to search results, visited websites and cookies so that they can display advertisements that appeal to the user.  They also can take more of a malicious direction and download Trojans that utilize backdoor techniques remotely exposing a system to a 3rd party attacker that can use this security hole to steal confidential information.
Very few things are actually free, with no strings attached.  Did my family receive a “free” Quarter Pounder, a free Soda and a free coffee (see paragraph 1) per ticket because the Cavs won the game we were attending?  Yes, but to experience that win (and “free items”), we had to purchase tickets to the game, pay (outlandish!) parking fees and buy some hot dogs and nachos and a soda.

There was a cost, but we perceived the burger, soda and coffee to be “free”, even though there were decisions made and money paid for us to be at the game, where we in-turn received the “free stuff”.

If an online app or a generalized email from a “friend” winks at you and tells you that you can get something for nothing, don’t fall for it.  There’s a catch, and these cyber-villains are getting very savvy at disguising the catch.  You don’t want to be their catch-of-the-day.  I actually pray that through our little monthly chats in these columns, you are more and more informed and less gullible online. 

When you see the attractive claim for X,Y,Z pop up in your inbox or online, common sense nudges you and reminds you that very few things are actually free.  You will pay something—your time, even your information.  My favorite saying comes from a seasoned technology coordinator who told me that the free apps and antivirus products are not a free drink—they are a free puppy.  They may come to you easily enough and looking harmless, but the time and energy that you will need to invest can become exhausting.  And let’s be honest, time is something none of us seem to have enough of.  Let’s be wise about how we invest it!  And “Go Cavs!”


Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4