Ad Injectors courtesy of Wajam.com and VideoFileDownload
A binary signed by “TUGUU SL” is targeting the Browser vertical on popular search engines.
Essentially, they are buying the top ad spots for queries the likes of “Google Chrome” in a bid to lure unsuspecting users to install what they have in store. This is a great example of using the online advertising ecosystem to get your binary out with lightning fast speed and fairly cheaply (consider the cost of the alternative: rising to the top of the organic links for queries of this nature).
Once their binary is up and running on your machine, it will install a treasure trove of bad add ons (baddons?) into your browser, including an ad injector, all under the pretense that you’re installing the browser you were looking for; in this case it’s Google Chrome:
Baddons installed include the FunMoods Toolbar, Wajam and VideoFileDownload. Google Chrome was not installed (an error was always thrown when the time came):
Much like the last ad injector we looked at, the wajam ad injector is injecting Microsoft ads into the Google DOM but staying far away from bing.com.
Interstingly enough, unlike our last ad injector, we don’t see the referrer header in the click through to Microsoft’s ads:
The VideoFileDownload addon isn’t touching search for its injections, instead it’s nailing display and “enhancing” sites the likes of Wikipedia.
Before VideoFileDownload does it’s thing:
And after (bottom left hand corner):
« query.ipensatori.comCompromised sites used for Cookie-Stuffing »