STE WILLIAMS

Horrid checkbox download bundlers drop patch-frozen Chrome

The public service announcement is simple: only install browsers from their vendors’ sites, because software attics are planting malware.

A download bundler has been caught unloading junk that will kill user’s browser updates across the likes of Google Chrome, Firefox, and Internet Explorer.

The bundler – part of what amounts to nothing short of a shameful software scourge on end-user security foisted by commercial file attics – is dropping an old version of Google Chrome and switching off automatic updates.

That move not only exposes users to vulnerabilities patched in newer versions of Chrome but ensures they are open to attacks from new exploits that they will not receive.

The DynamicPricer adware will drop its JavaScript guts into the Chrome’s Windows AppData folder which will be loaded when Chrome executes.

Malwarebytes security man Pieter Arntz sought the bundler but could only find a stand alone installer which attempted but failed to hijack and downgrade Firefox and Internet Explorer.

El Reg has seen Chrome updates freeze, as a result of commercial download bundlers which were wrapped around otherwise benign software.

Those bundlers are encountered on legitimate file houses and not on what most users would regard as shady or warez sites.

Bundlers are designed to fool users into installing extra software by checking tickboxes by default and including difficult-to-find text.

This is done with the knowledge that most will rapidly click next which will both install the software they seek and the additional crapware.

Not only does this possibly expose users to adware or malware, but it also increases a user’s attack surface because there is more software installed on their machine from probable lousy software houses. ®

Sponsored:
2015 Cost of Cyber Crime Study: United States

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/11/13/horrid_checkbox_download_bundlers_drop_patchfrozen_chrome/

Comments are closed.