Beware of 'Repacks': Malicious Software Packs to Make a Yuan, MMPC

Microsoft Malware Protection Center is warning about the surge in malware-laced "repack" — “Nowadays, when people want to download software, they usually search for it using a search engine that leads them to a download site. But some software on these sites may be harmful. In China, more and more software package authors are using these […]

Microsoft Malware Protection Center is warning about the surge in malware-laced "repack" — “Nowadays, when people want to download software, they usually search for it using a search engine that leads them to a download site. But some software on these sites may be harmful. In China, more and more software package authors are using these download sites in a malicious way in order to make money. They add other unwanted software into the normal software package – this is called a "repack",” revealed MMPC.

“A customers intended to download a web browser landed with a malicious installation package that was detected as TrojanDownloader:Win32/Startpage.NZ (SHA1: FAFA0BD6AA6A59439DF01E82750D72D7E13E5637). It appears to be a normal install package, but after installation with default options, it adds many shortcuts to an affected user's desktop and pops up advertisements. It also modifies the Internet Explorer home page, and adds some fake IE shortcuts in the quick start area (also advertisements). We can see that this is a repacked package, and the following installer script was been added, complete with download links,” MMPC explains:

“All of these URLs are related to advertising. The author of the package will make money from them.”

The MMPC advises that you download from a legitimate and verified source, and take advantage of the SmartScreen filter feature in IE9. “Smartscreen Filter works with Download Manager to help protect you from malicious downloads. Potentially risky downloads are immediately blocked. Download Manager then clearly identifies higher risk programs so that you can make an informed decision to delete, run, or save the download.”

[Source: MMPC]