D eviantART, an online community showcasing various forms of user-made artwork with a Global Alexa rank of 148, is currently displaying several advertisements redirecting to the eviantART, an online community showcasing various forms of user-made artwork with a Global Alexa rank of 148, is currently displaying several advertisements redirecting to the Optimum Installer , a source of Potentially Unwanted Applications (PUA's). The malvertisements are delivered via DeviantART ads | Redux Media (www.reduxmedia.com) | avadslite.com. The domain avadslite.com was registered on the 3rd March 2014 via Internet.bs Corp. The registrant details are hidden behind Fundacion Private Whois, a privacy protection service in Panama. The site avadslite.com comes up blank, meaning there’s no website hosted at the IP. Over the past months, this domain has been seen to resolve to the following IP addresses: 107.20.210.36 (2014-05-01), 54.243.89.71 (2014-05-01) and 184.170.128.86 (2014-05-25). According to VirusTotal, malware has communicated with the last two IP addresses. A first pop-under advertisement urged me to "update my Media Player", immediately followed by a second one urging me to "update my Windows 7 Drivers" to avoid vulnerabilities, reduce crashes and ensure an optimal browsing experience. avadslite.com - Optimum Installer avadslite.com - Optimum Installer avadslite.com - Optimum Installer avadslite.com - Optimum Installer avadslite.com - Optimum Installer avadslite.com - Optimum Installer avadslite.com - Optimum Installer avadslite.com - Optimum Installer avadslite.com - Optimum Installer avadslite.com - Optimum Installer avadslite.com - Optimum Installer avadslite.com - Optimum Installer The fake warnings are hosted at 5g9zz.playnow.dollfield.eu and owvzz.playnow.dollfield.eu. The domain dollfield.eu was registered via Internet.bs Corp on the 8th May 2014 by L.C.H. Tas in Romania.

VirusTotal Results Media_Player_Setup.exe Additional information MD5: fbfada8ace8b8bfa2c95c3fea9ff9080 SHA1: 94a23e7a5137f202024bb63594e2752c4f9c8934 SHA256: 45839dad71cf829d39bcc48b6cd6d3b8bcbe21b8f3ceb542b5a8d71d37b23f51 File size: 221.4 KB ( 226680 bytes ) Detection ratio: 18 / 54 Analysis date: 2014-06-15 04:43:24 UTC Antivirus Result Update Ad-Aware Gen:Variant.Application.Bundler.OptimumInstaller.2 20140615 AegisLab 20140615 Agnitum 20140614 AhnLab-V3 PUP/Win32.OptimumInstaller 20140614 AntiVir 20140614 Antiy-AVL Riskware[:not-a-virus]/Win32.iBryte.jgi 20140611 Avast Win32:Adware-gen [Adw] 20140615 AVG 20140614 Baidu-International 20140614 BitDefender Gen:Variant.Application.Bundler.OptimumInstaller.2 20140615 Bkav 20140614 ByteHero 20140615 CAT-QuickHeal 20140614 ClamAV 20140614 CMC Packed.Win32.TDSS.2!O 20140613 Commtouch 20140615 Comodo 20140615 DrWeb 20140615 Emsisoft 20140615 ESET-NOD32 a variant of Win32/AdWare.iBryte.AL 20140614 F-Prot 20140615 F-Secure Gen:Variant.Application.Bundler 20140615 Fortinet 20140615 GData Gen:Variant.Application.Bundler.OptimumInstaller.2 20140615 Ikarus 20140614 Jiangmin 20140614 K7AntiVirus Unwanted-Program ( 0040f84f1 ) 20140613 K7GW Unwanted-Program ( 0040f84f1 ) 20140613 Kaspersky not-a-virus:AdWare.Win32.iBryte.jgi 20140615 Kingsoft Win32.Troj.iBryte.j.(kcloud) 20140615 Malwarebytes PUP.Optional.OptimumInstaller.A 20140615 McAfee 20140615 McAfee-GW-Edition 20140614 Microsoft 20140615 MicroWorld-eScan Gen:Variant.Application.Bundler.OptimumInstaller.2 20140615 NANO-Antivirus Riskware.Win32.IBryte.dawyyd 20140615 Norman 20140614 nProtect 20140613 Panda Trj/Genetic.gen 20140614 Qihoo-360 20140615 Rising 20140614 Sophos iBryte Optimum Installer 20140614 SUPERAntiSpyware 20140614 Symantec 20140615 Tencent 20140615 TheHacker 20140612 TotalDefense 20140614 TrendMicro 20140615 TrendMicro-HouseCall 20140615 VBA32 20140613 VIPRE 20140615 ViRobot 20140615 Zillya 20140614 Zoner 20140613 Drivers_Setup.exe Additional information MD5: 70d5f3f59011ec972c53f599ae5c7eb7 SHA1: 8dfa32a9eb5d4092c09d406a7277581e81e5dfef SHA256: eabbebbba5c5491cd9d3d1d059619182ab59b106867fb1f2794dbbb27079e1e1 File size: 221.4 KB ( 226680 bytes ) Detection ratio: 19 / 54 Analysis date: 2014-06-15 04:43:44 UTC Antivirus Result Update Ad-Aware Gen:Variant.Application.Bundler.OptimumInstaller.2 20140615 AegisLab 20140615 Agnitum 20140614 AhnLab-V3 PUP/Win32.OptimumInstaller 20140614 AntiVir APPL/OpenInst.pepoj 20140614 Antiy-AVL Riskware[:not-a-virus]/Win32.iBryte.jgi 20140611 Avast Win32:Adware-gen [Adw] 20140615 AVG 20140614 Baidu-International 20140614 BitDefender Gen:Variant.Application.Bundler.OptimumInstaller.2 20140615 Bkav 20140614 ByteHero 20140615 CAT-QuickHeal 20140614 ClamAV 20140614 CMC Packed.Win32.TDSS.2!O 20140613 Commtouch 20140615 Comodo 20140615 DrWeb 20140615 Emsisoft 20140615 ESET-NOD32 a variant of Win32/AdWare.iBryte.AL 20140614 F-Prot 20140615 F-Secure Gen:Variant.Application.Bundler 20140615 Fortinet 20140615 GData Gen:Variant.Application.Bundler.OptimumInstaller.2 20140615 Ikarus 20140614 Jiangmin 20140614 K7AntiVirus Unwanted-Program ( 0040f84f1 ) 20140613 K7GW Unwanted-Program ( 0040f84f1 ) 20140613 Kaspersky not-a-virus:AdWare.Win32.iBryte.jgi 20140615 Kingsoft Win32.Troj.iBryte.j.(kcloud) 20140615 Malwarebytes PUP.Optional.OptimumInstaller.A 20140615 McAfee 20140615 McAfee-GW-Edition 20140614 Microsoft 20140615 MicroWorld-eScan Gen:Variant.Application.Bundler.OptimumInstaller.2 20140615 NANO-Antivirus Riskware.Win32.IBryte.dawyyd 20140615 Norman 20140614 nProtect 20140613 Panda Trj/Genetic.gen 20140614 Qihoo-360 20140615 Rising 20140614 Sophos iBryte Optimum Installer 20140614 SUPERAntiSpyware 20140614 Symantec 20140615 Tencent 20140615 TheHacker 20140612 TotalDefense 20140614 TrendMicro 20140615 TrendMicro-HouseCall 20140615 VBA32 20140613 VIPRE 20140615 ViRobot 20140615 Zillya 20140614 Zoner 20140613 IP Details tah.avadslite.com - 184.170.128.86 Registrar: INTERNET.BS CORP. Name Server: NS1.DOMAINMANAGER.COM Name Server: NS2.DOMAINMANAGER.COM Updated Date: 03-mar-2014 Creation Date: 03-mar-2014 Registrant Name: Domain Administrator Registrant Organization: Fundacion Private Whois Registrant Street: Attn: avadslite.com, Aptds. 0850-00056 Registrant City: Panama Registrant State/Province: Registrant Postal Code: Zona 15 Registrant Country: PA Registrant Phone: +507.65967959 Additional Information network:Class-Name:network network:ID:NETEL-184.170.128.80-87 network:Auth-Area:184.170.128.0/29 network:Network-Name:NETELLIGENT-184.170.128.80-87 network:IP-Network:184.170.128.80/29 network:IP-Network-Block:184.170.128.80-87 network:Org-Name;I:2201295 ONTARIO INC network:Street-Address:N/A network:City:Toronto network:State:ON network:Postal-Code:M5R 2E3 network:Country-Code:CA network:Tech-Contact;I: This e-mail address is being protected from spambots. You need JavaScript enabled to view it network:Abuse-Contact;I: This e-mail address is being protected from spambots. You need JavaScript enabled to view it network:Updated-By: This e-mail address is being protected from spambots. You need JavaScript enabled to view it NetRange: 184.170.128.0 - 184.170.143.255 CIDR: 184.170.128.0/20 OriginAS: AS10929 NetName: NETEL-ARIN-BLK07 OrgName: Netelligent Hosting Services Inc. OrgId: NHS-31 Address: 800 Square Victoria Address: C.P. 118 City: Montreal StateProv: QC PostalCode: H4Z 1B7 Country: CA

owvzz.playnow.dollfield.eu / 5g9zz.playnow.dollfield.eu - 107.170.48.188 Registrar: Internet.bs Corp. Name servers: ns1.domainmanager.com - ns2.domainmanager.com Registered: May 8, 2014 Expiry Date: May 31, 2015 Last update: May 30, 2014, 4:05 pm Registrant Name: L.C.H. Tas Organisation: Haluco BV Address: 2425 Lincoln Ave 1214154 Volubilis Romania Phone: +34.312345411 Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Additional Information NetRange: 107.170.0.0 - 107.170.255.255 CIDR: 107.170.0.0/16 OriginAS: AS14061, AS62567, AS46652 NetName: DIGITALOCEAN-8 OrgName: Digital Ocean, Inc. OrgId: DO-13 Address: 270 Lafayette St Address: Suite 1105 City: New York StateProv: NY PostalCode: 10012 Country: US

Adware.iBryte

Optimum Installer

PUA Tags: If our research has helped you, please consider making a donation through PayPal