They're doing it again!
More BitTorrent fireworks went off over the July 4th holiday. After the
last episode it was inevitable that the pests would come crawling back, but so soon? I plucked two files and installed them to get the details, but I saw at least a dozen more files that are likely to have the same installer. Here's what I found out so far.
Different company, same scam. This time, the supposed distributor is Media Decompressor Company, or at least that's the name in the license. A user downloads one of their files using BitTorrent; often the content is an adult-oriented video. Running the file brings up a dialog with soothing legalese on the first screen; clicking "I Agree" rewards the user with the content and the adware bundle. If the user scrolls down in the license, they will see that this program installs the 180Search Assistant from 180Solutions, Golden Retriever from ShopAtHomeSelect, and Internet Optimizer from Avenue Media. The
license text shown to the user only has links to the 180Solutions license; for the others it just mentions that they are installed but says nothing about their license terms.
CDT rides again, with 180Solutions in tow. Several pieces of 180Solutions adware are installed by the bundle. 180Solutions
purchased a company named CDT in March 2005. The payload for this latest bundle is immediately retrieved from servers under the control of CDT and/or 180Solutions, from domains owned by the same companies: public.windupdates.com, static.flingstone.com, bis.180solutions.com, and downloads.180solutions.com. If the "Media Compressor Company" exists at all, it delegates responsibility to CDT/180Solutions very early in the install process.
Help
Back to top
