The ESET research team has uncovered interesting behavior in an innocent-looking birthday reminder software download. Remembering someone’s birthday can be critical – especially the birthdays of close family members – so an application offering to help remind you about those crucial dates could save a lot of pain.
This particular birthday reminder product has some hidden features that deliver more than reminders – it additionally downloads and executes software that inserts adverts in webpages you browse. It manipulates the DNS queries you make. More simply put, when you request to go to a website, it manipulates the address book that is used to look up the location for the site.
Controlling your access to content enables the malware to insert additional content, in this case advertising. This destroys the experience the website owner wanted you to have. Ad injection in this way can also be extremely deceitful, for example, if it manipulates pages where you purchase products and the inserted advert looks like a recommendation or a purchase button, you may inadvertently be directed to a different site without realizing it. This potentially puts your identity and financial details at risk.
Advertising is a business model that website owners use to help fund their services, and when someone hijacks their site and injects ads, this degrades the user experience. Ads should only be displayed with the website owner’s approval. Insertion without consent may also mean that the application controlling it could be used to download or insert other content without your knowledge. Upfront disclosure and choice should be the basic requirements of all software publishers.
There is no such thing as a free lunch, and that goes for software too. The simple advice that I give my son is that when you download something for free, you need to look to see how the company is making money; if you can’t work it out, then don’t download it, and if you already have it, then uninstall it. Many free software packages disclose advertising or allow users to upgrade for a free, either for additional functionality or to remove advertising. If it’s not clear how the software developer is making money, they may even be selling your personal information, such as browsing history – which for many of us is a step too far.
ESET Global Security Evangelist, Tony Anscombe