Interactive Corp. (IAC) Uses The Bible To Lure Users Into Installing Malware

By | March 8, 2012
Print pagePDF page

IAC USES THE BIBLE TO LURE USERS INTO INSTALLING MALWAREInteractive Corp’s (IAC) FunWebProducts has consistently denied their bundle of software (FunWebProducts)  is spyware or adware. We’re not going to argue what it is. What we can tell you is this: products from Interactive’s FunWebProducts has caused many users  serious computer problems.

We have repaired a lot of computers helping PC users via our Cloudeight Direct Computer Care service. We  can tell you from our own experience – FunWebProducts causes many computer problems. Aside from hijacking your searches and your browser’s start page, FunWebProducts spawns pop-ups which seemingly appear out of nowhere, and it’s hard for computer users to find out exactly where they’re coming from.

FunWebProducts makes numerous changes to your computers registry as well as to other files and folders. And if all that wasn’t bad enough, when users install this collection of software, they, by default give permission to the software to “check for and download updates” (this happens without the user’s specific knowledge or consent). Users aren’t aware that these “updates” can mean updates or it can mean that more programs will be added to their computer. The FunWebProducts bundle currently contains more than a dozen applications – and you get them all when you install any one of the FunWebProducts’ program.

Webfetti, Zwinky, Smiley Central, Cursor Mania, Popular Screensavers, My Fun Cards among others. But one not mentioned which is the backbone of the FunWebProducts bundle is MyWebSearch (toolbar). And very few people know that the company behind FunWebProduct also owns Ask. com (Ask.com toolbar is installed by many freeware bundles), iWon, Excite, Evite, Bloglines, MyWay, and others.

Regardless what users download, whether it is Zwinky, Cursor Mania, Smiley Central, etc., they get the MyWebSearch Toolbar – and all of the following (this was obtained from the privacy policy for Zwinky , and it’s the same policy you will see if you downloaded any of the other programs):

“…Features of the MyWebSearch Toolbar

By downloading the MyWebSearch toolbar, you will be installing a toolbar in your Internet browser (and any supported email functions and instant messenger functions) with the following features:

SEARCH BOX: This is a search box located within the toolbar that will help you search the Internet with search results from Ask.com.
SEARCH ASSISTANT: This provides relevant links and results when you make a search request in your browser address bar or if your browser address (DNS) request is invalid, misspelled or incorrectly formatted.
WEBFETTI:This feature enables you to customize a social networking profile page with layouts, graphics, custom cursors, music and video.
ZWINKY: This feature allows you to create and modify avatar characters, and use them in a social networking environment. If you use Windows XP, the ZWINKY feature will also automatically provide you with an icon that will appear in your Windows XP system tray at the bottom right of your desktop. Use of the Zwinky feature is subject to separate terms of use at http://info.zwinky.com/zwinkyinfo/tos.jhtml.
SMILEY CENTRAL: This allows you to insert smiley face emoticons and other graphics into your web-mail, Outlook, Outlook Express and instant messages.
POPULAR SCREENSAVERS: This provides you with photos and images that can be added to the user’s screensaver or PC desktop wallpaper. Also includes the ability to add personal digital photos.
MY FUN CARDS: This provides access to free electronic greeting cards that you can personalize on the Web and send to any email address.
CURSOR MANIA: Free computer mouse cursors that allow the user to change the look of his/her default cursor to something more fun and expressive.
FUN BUDDY ICONS: Free icons that can be added to an instant messenger client.
HISTORY SWATTER: This allows you to delete easily computer cookies, URL history, temporary cache, and other stored browser files.
POP SWATTER: Free tool that swats pop-up ads before they appear. Includes a “Safe List” to allow pop-ups from user-specified web pages.
SMOTOS: This enables you to post, upload, share, download and store images, and allows you to send such images to email addresses of your choice.
MY INFO: This provides one-click access to news, sports, weather, finances, horoscope, movie listings, lottery results and more, which appear in a thin window to the immediate left of your main browser window.
MY MAIL NOTIFIER: This allows you to use animated characters to alert you to new web mail messages.
MY MAIL SIGNATURE: This allows you to create signature designs to place in the footer of outgoing email messages.
MY MAIL STAMP: This allows you to insert digital stamp designs into outgoing emails.
MY MAIL STATIONERY: This provides you with background images, colors and themes to enhance the look of outgoing email messages.

In addition, an Easy Installer will be downloaded to install this software. It does not install any other software and is automatically deleted the first time you turn off your computer after installation of the above-described products.

You will also have access to websites related with the software described above, (the “Websites”).

THE TOOLBAR AND ALL ITS FEATURES LISTED ABOVE ARE FREE…”

All those programs download and install with the so-called “Easy Installer”.

But there’s one product that IAC/FunWebProducts distributes that we were not aware of until yesterday. It’s called DailyBibleStudy toolbar. We found out about it after scheduling an appointment with a lady who was constantly being bombarded by popup every time she opened Windows Live Mail and sometimes her browser.

The first thing we did – is what we alway do when we help someone with their computer — we looked at their process, RAM, and services. We saw nothing going on in the processes or services — and this lady’s computer had plenty of RAM. We did notice that she had DailyBibleStudy running in several process and in her computer’s running services. Because we assumed that no one would stoop so low as to use the Bible to install malware on a computer — we never suspected DailyBibleGuide or DailyBibleStudy.

Still we couldn’t explain the popups that appeared when she opened Windows Live Mail. We knew there had to be adware or spyware or malware lurking — but we saw nothing unusual going on in her computer’s processes or services. We’ve repaired so many computers by now we can usually tell by looking at processes and services if malware is the problem. But other than DailyBibleStudy and DailyBibleGuide – we saw nothing out of the ordinary. What kind of scumbag company would lure users into installing malware using The Bible? IAC/FunWebProducts – that’s who.

We ran Malwarebytes on our customer’s computer — and this is a copy of the scan log from Malwarebytes:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514

3/7/2012 9:12:25 AM
mbam-log-2012-03-07 (09-31-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303867
Time elapsed: 13 minute(s), 18 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe (Adware.MyWebSearch) -> 3104 -> No action taken.
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe (Adware.MyWebSearch) -> 7424 -> No action taken.

Memory Modules Detected: 1
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrstub.dll (Adware.MyWebSearch) -> No action taken.

Registry Keys Detected: 13
HKLM\SYSTEM\CurrentControlSet\Services\DailyBibleGuideService (Adware.MyWebSearch) -> No action taken.
HKCR\CLSID\{0631bff0-6846-48ca-982d-d62d7f376e97} (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0631BFF0-6846-48CA-982D-D62D7F376E97} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0631BFF0-6846-48CA-982D-D62D7F376E97} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0631BFF0-6846-48CA-982D-D62D7F376E97} (Adware.MyWebSearch) -> No action taken.
HKCR\CLSID\{2a942ab7-2073-49bc-a7e1-77e93835889a} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A942AB7-2073-49BC-A7E1-77E93835889A} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A942AB7-2073-49BC-A7E1-77E93835889A} (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DailyBibleGuidebar Uninstall (Adware.MyWebSearch) -> No action taken.
HKCR\CLSID\{beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEEA7FA9-D1F4-49A2-9B1F-6FB7A2D9BC2A} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BEEA7FA9-D1F4-49A2-9B1F-6FB7A2D9BC2A} (Adware.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEEA7FA9-D1F4-49A2-9B1F-6FB7A2D9BC2A} (Adware.MyWebSearch) -> No action taken.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DailyBibleGuide Browser Plugin Loader (Adware.MyWebSearch) -> Data: C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbrmon.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DailyBibleGuide Search Scope Monitor (Adware.MyWebSearch) -> Data: “C:\PROGRA~2\DAILYB~2\bar\1.bin\2vsrchmn.exe” /m=2 /w /h -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{2A942AB7-2073-49BC-A7E1-77E93835889A} (Adware.MyWebSearch) -> Data: ·*”*s ¼I§áwé85ˆš -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{2A942AB7-2073-49BC-A7E1-77E93835889A} (Adware.MyWebSearch) -> Data: -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrstub.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbarsvc.exe (Adware.MyWebSearch) -> No action taken.
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe (Adware.MyWebSearch) -> No action taken.
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrchMn.exe (Adware.MyWebSearch) -> No action taken.
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll (Adware.MyWebSearch) -> No action taken.

(end)

To see where this DailyBibleGuide (it shows up as DailyBibleGuide and DailyBibleStudyGuide when installed – but goes by a different name on the Web) comes from – visit this site. (PLEASE DO NOT DOWNLOAD IT!)

We were shocked when we saw the scan. We found it unbelievable – and in unbelievably poor taste that a large American corporation would stoop to this low of level to lure unsuspecting Christian users into installing this malware. It’s bad enough using flashing, talking smileys and cutesy graphics to induce young people to install a collection of malware – but using The Bible – a sacred book – to induce Christians into installing malware takes the prize.

We’re still shocked that The Bible is being used this way by a company like IAC. We’ve repaired over 200 computers and we’ve seen the problems IAC’s FunWebProducts, MyWebSearch and its other software causes. There should be a law against this kind of software — and this kind of trickery. We’ve seen the damage and the problems IAC’s software bundles can cause.

IAC and its affiliated companies should be ashamed of using The Bible as a lure to encourage Christians to download its malware.

What do you think? Can  Interactive Corp (IAC) sink any lower than this?

10 thoughts on “Interactive Corp. (IAC) Uses The Bible To Lure Users Into Installing Malware

  1. JIM "BONES"BONO

    YOUR ARTICLE ON FUNWEB PRODUCTS IS RIGHT ON. IT CORRUPTED MY BROWSER (IE8). TOTALLY CORRUPTED MY SYSTEM WITH VIRUSES, DESTROYED MY REGISTRIES. I HAD TO RELOAD MY SYSTEM (WINDOWS XP) FROM SCRATCH. I HAD NO RELIABLE BACKUP. BUT NOW, THANKS TO EB AND COULDEIGHT COMPUTER CARE AND A NEW EXTERNAL HARDDRIVE AND EASEUSTODO BACKUP SW I AM IN GREAT SHAPE NOW. THANKS,EB.

    Reply
  2. Steve

    I agree with you 100%, You can’t go much lower than this.
    However I’m sure they will find a way to sink even lower.

    Reply
  3. Cecilia Bracamonte

    Thank you so much for your artical “Interactive Corp. (IAC) Uses The Bible To Lure Users Into Installing Malware) That was a shocker and one I may have fallen for. You guys have been a true blessing to all us seniors. Almost every thing I know about computers..I have learned from you. Thank you again from the bottom of my heart. Sincerely, Cecilia B.

    Reply
  4. Les Hawkins

    Can they get lower than a snakes belly??
    Legislation is needed to stop these sly underhand tactics.

    Reply
  5. Mary Calton

    Thank you for all your great advice! Did you know that my latest Java update wanted to install Ask.com toolbar too! Shameful!

    Reply
  6. Ken Roberts

    A law will not be passed protecting us from this type of smut, the so called employees of the American people have bent to the will of the greedy and will continue to do so unless we all get involved . it is money and then there is money but this money is evil .

    Reply
  7. Ken Roberts

    write your congress :I did , Dear honorable Sherrod Brown: It has been a thorn in the side of computer users for decades and I speak of bundled soft ware for a free soft ware , they are never told what they are getting into , the soft ware comes with malware and it messes up the computer to where it is almost unusable. Fun Web products is about the worst and now they are using a daily bible study to install the malware the user is unaware of . If you wanted to be of service to your constituents, you could introduce a bill to stop the cancer from spreading , older folks are at risk and to use the bible is about as low as any one can go to advance their bottom line . Do some research and you will find people are having their computers repaired left and right because of the malware that comes with this so called free stuff. There needs to be a requirement that this is what comes with the free stuff and it should be spelled out that it can cause your computer to crash and not work correctly . I do expect a reply from you on your ideas on this subject.

    Reply
  8. Pingback: Will A Google Crackdown On Shady Search Toolbars Hurt AVG & IAC? - giaiphaplytuong.com :. Tin tức thời sự doanh nghiệp việt nam - trong nước và tin thế giới

Leave a Reply

Your email address will not be published. Required fields are marked *