|
 Badware Behavior |
|
| Installs Trojan horse application (Deceptive installation) |
|
| Installs adware (Deceptive installation) |
|
| Claims to have no spyware, but is bundled with spyware components (Deceptive installation/advertising) |
|
| Redirects invalid web addresses (Interferes with computer use without disclosure) |
|
| Difficult or impossible to uninstall (Unacceptable uninstallation) |
|
| Bad or Undisclosed Behavior |
| Installs Trojan horse application |
|
After installing Fake-Mailer, we detected a Trojan horse application on our system named KillFW. Trojan horses are applications that can secretly install additional programs on a user's computer without telling the user. In our tests, we found that Fake-Mailer attempted to silently install a component called MSNNames after the initial installation of Fake-Mailer and KillFW, and we speculate that KillFW's Trojan horse capabilities may have been the means for accomplishing this. Installation of this Trojan horse is not disclosed to the user during installation. However, any amount of disclosure would not justify installation of such a component due to its inherently deceptive and malicious nature.
|
| Installs adware |
|
Fake-Mailer also comes bundled with 2Search, a component that is reported to be adware. 2Search reportedly monitors websites visited by the user and displays similar websites in the form of pop-up advertisements. It also installs a Browser Helper Object (BHO) on Internet Explorer as one of its components. Although we did not see pop-up advertisements during our tests, the installed BHO, which is part of 2Search, did redirect invalid web addresses to http://www.007ground.com/404 in place of the default 404 page for the site (see section on "Redirects invalid web addresses" below). The download page for Fake-Mailer does not disclose to the user that 2Search will be installed, much less that it behaves as adware.
|
| Claims to have no spyware, but is bundled with spyware components |
|
Fake-Mailer.com claims that their software has "100% NO SPYWARE," perhaps based on a highly restricted definition of spyware (namely, that no personally identifiable information is sent by the program). However, Fake-Mailer installs 2Search, which examines users' website surfing to generate targeted pop-up ads. This behavior is considered to be spyware under both the broader definition of spyware as software that subverts the computer's operation for the benefit of a third party, and the more narrow definition that focuses on the transmission of private data (such as web surfing habits) to third parties.
|
| Redirects invalid web addresses |
|
2Search, which is bundled with Fake-Mailer, redirects invalid web addresses to http://www.007ground.com/404 in place of the default 404 page. At the bottom of this page, the user is asked if their "computer is infected by spyware programs?" and is invited to click on a link that takes them to http://www.007guard.com/byebye/adware/. This page, in turn, has a download link for a rogue anti-adware application, System Doctor, which reportedly behaves as badware. Thus, the advertisements displayed through the adware serve as a vehicle to install more badware on user's computer. This redirection of web addresses is not disclosed to the user during installation.
|
| Difficult or impossible to uninstall |
|
Fake-Mailer is not bundled with any uninstaller, nor is there any entry for Fake-Mailer in Add/Remove Programs. As a result, the average user would find it nearly impossible to uninstall this application. Only the BHO component of 2Search comes with an uninstallation file and has an entry in Add-Remove programs -- the rest of 2Search, however, is not uninstallable using these methods. Such failure to provide proper uninstallation of the application and bundled software is completely unacceptable.
|
| Recommendations |
| We recommend that the producers of the Fake-Mailer do the following: |
- Do not install adware without seeking the user's informed consent.
- Do not install Trojan horse applications.
- Do not claim to be "spyware-free" unless your software really is free of all badware behaviors.
- Clearly disclose on a main installation screen that invalid web addresses will be redirected.
- Provide the user with simple, effective uninstallation of the software.
|
|
We currently recommend that users do not download the version of Fake-Mailer that we tested, unless the user is comfortable with the level of risk we identify or until the application is updated consistent with the recommendations in this report.
|
|
|
|
