Panda Security's antimalware laboratory has revealed that two spoof P2P
application installers, BitRoll-22.214.171.124 and Torrent101-126.96.36.199, are being
used to install the Lop adware on users' systems. These programmes are used
to exchange files between remote users and both these installers are
available for download on the Internet, so any user could access them and
"This highlights a growing trend whereby false applications are being used
by cyber-crooks to install malicious code," says Jeremy Matthews, head of
Panda Security's sub-Saharan operations. Matthews sites
wavesoftwarecreative.exe, which passes itself off as audio software, and
bitdownloadsetup.exe as other examples of this technique.
Lop, the malicious code downloaded by the spoof installers, is designed to
display ads from various advertisers through pop-up windows, banners, etc.
It also switches the Internet Explorer home page to its own search engine.
When searches are made with this engine, the results returned will be
advertising pages related to the search words.
It doesn't stop there, however. To help prevent detection, this adware
connects periodically to a webpage from which it downloads new files
containing variants of the code and making it difficult to delete all active
malicious files on the system.
If users try to use the programme installed, they will be able to search for
files but not download them.
"Users must be really careful about what applications they are choosing to
download from the web," says Matthews. "Only use reputable websites – and
check for verification of the product you intend to download. A simple
Google search can ensure this."