Tuesday, February 5, 2013

Be Careful Download.Com Distribute Adware & Viruses Through Downloads

Be Careful Download.Com Distribute Adware & Viruses Through Downloads, I strongly recommend if you planned to download a software and the source of download is from download.com just stop it and look for another mirror of direct download of that software!

About one month ago i download a file from Download.com and few days ago i found out that my Facebook account start showing strange advertises on right top and left of Facebook page. that sounds suspicious so I double checked with my friend if Facebook add new advertise or not? after i understood these adds are not from Facebook , i got these advertises are injected to my browser pages. after Googling i found out it seems the files i downloaded 1 month ago was contain a virus.
DOWNLOAD.COM use its own downloader for downloading all files on your computer.The problem start from here that you can not download without Download.com downloader and the Downloader itself contain  a silent virus that later will install these Ad-wares to your computer. I believe they activate these after one month that user don't become suspicious to download.com .
These Ad-wares was in form of browser Add-ons that already was installed on my Google Chrome, Firefox , Internet Explorer. In my case the Ad-ware was installed with this name: "Deals Plugin Extension". and in some cases it was saw with this name : "Coupon Companion Plugin".

for cleaning this adware from Chrome:

  1. Go to Extension section of Chrome and write the "extention ID" then navigate to following path and remove the directory with that specific ID.

    Windows XP:
    %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions

    Windows Vista/ Windows 7/ Windows 8:
     %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions
  2. Remove "updater21804.exe" from following paths:

for cleaning from the Firefox & Internet Explorer also you can goto the extension section and disable this extension.

Download.Com is part of CNET.

related posts:

ModSecurity Log Auditing System in PHP (MSLA Project)

Light MSLA is a "Light Mod Security Log Auditing" tools that i wrote in PHP , it will import the log of Mod Security to a MySQL database and then using Google API's draw charts from the log file.
This project was part of Mod_Security Project that i did before.
The heart of this script is the "patterns.php" that include few regular expressions command , it will find parts that we need inside the log file and extract them.

You can download the Project from this link : DOWNLOAD (Inside the Google Drive Press Ctrl+S to download)


  • Copy all the files inside the zip package into your server path.
  • Create a database and import the "modsec_db.sql" file into your database.
  • open config.php in a text editor and change the Database name,username,password,host and the Mod_security log path.
  • run the Parser.php from your browser ( it might take some times it depends on how big is your log file)
  • after the parser.php fully loaded and page become Done , open the index.php
  • input the username and password as following for going into the dashboard.
  • For drawing the graphs it need some times. 

IMPORTANT: This script need internet access for drawing the charts because i use Google API's for the charts.
As i mentioned before this was a student project , so you can change any parts based on your own need.
the hardest part and heart of this script are the patterns inside the "patterns.php" that will help to
find and extract specific parts from the log.
"useragent.php" will extract the details of os and browser from the user-agent information in the log.

This video is also show you how to install and an example of the project.

This is the post about the "How to install Mod Security on Apache Step by Step for Beginners"
This is the post about the "How to implement Reverse Proxy & Mod Security"

Social Networks Sharing