The crap being pushed out by adware purveyors is seriously out of control and this latest one causes a major breach of privacy. While installing some adware bundles today I ran into a particular nasty variant called Faster Internet that uploads quite a bit of information to their servers without the user's permission. To make matters worse, it uploads a screenshot of what is currently being displayed on your computer without alerting the user.

When Faster Internet is installed it will create a fingerprint consisting of information related to your motherboard, CPU, hard drives, network adapters, and other information about your computer. This information is then uploaded to the developers server. It will then take a screenshot of the active display on your computer at the time of the install and send this screenshot along with your IP address to the a.duofoldmortify.online/buploada.php URL.

Fiddler Capturing Screenshot Upload

The problem is that when this program is installed, the user may have confidential documents, web sites, or programs open that will be now be included in the screenshot and uploaded to these scumbags. What if the victim had a password manager open to their online bank account, or their tax return showing their social security number and address, or private images that they do not want disclosed? As nobody knows who the people behind this are and what they may do with this information, this behavior is a serious cause for concern.

I have been railing against adware for quite some time as it is a problem that governments just do not take seriously and do something about. The programs being pushed are nothing more than malware being hidden behind end user license agreements. Unfortunately, the computer issues of consumers are not taken as serious as corporate concerns and thus adware companies continue to thrive. Maybe if online merchants knew how much business they lost because adware makes a potential customer's browser unusable they would join in the fight.

Related Files:

%UserProfile%\AppData\Local\Temp\2.jpg %UserProfile%\AppData\Local\Temp\ok223.txt %UserProfile%\AppData\Local\3967195.exe %UserProfile%\AppData\Local\68777971.txt %UserProfile%\AppData\Local\aatxtname.txt %UserProfile%\AppData\Local\cap.exe %UserProfile%\AppData\Local\cap4.exe %UserProfile%\AppData\Local\dotinstall.txt %UserProfile%\AppData\Local\download.exe %UserProfile%\AppData\Local\download4.exe %UserProfile%\AppData\Local\ok223.txt %UserProfile%\AppData\Local\tinstall.exe %UserProfile%\AppData\Local\tinstall4.exe

Related Registry Entries:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CA4F7D1-500F-4CE3-BEAA-186EABFC54A7} HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63617567-6874-696e-7468-656163742121}

Related Network Hosts Connections:

a.duofoldmortify.online d.rightmate.xyz www.oklahomapeery.info ping.neatboot.info