Software:OpenCandy

From HandWiki
Short description: Adware module classified as malware

OpenCandy is an adware module and a potentially unwanted program classified as malware by many anti-virus vendors.[1][2][3][4] They flag OpenCandy due to its undesirable side-effects.[5][6] It is designed to run during installation of other desired software. Produced by SweetLabs, it consists of a Microsoft Windows library incorporated in a Windows Installer. When a user installs an application that has bundled the OpenCandy library, an option appears to install software it recommends based on a scan of the user's system and geolocation. Both the option and offers it generates are selected by default and will be installed unless the user unchecks them before continuing with the installation.[7][8]

OpenCandy's various undesirable side-effects include changing the user's homepage, desktop background or search provider, and inserting unwanted toolbars, plug-ins and extension add-ons in the browser. It also collects and transmits various information about the user and their Web usage without notification or consent.[1][9]

Development

The software was originally developed for the DivX installation, by CEO Darrius Thompson. When installing DivX, the user was prompted to optionally install the Yahoo! Toolbar. DivX received $15.7 million during the first nine months of 2008 from Yahoo and other software developers, after 250 million downloads.[8]

Chester Ng, the former DivX business development director, is chief business officer and Mark Chweh, former DivX engineering director, is chief technology officer.[8]

Windows components

Components of the program may have differing but similar names based on version.

Files dropped

  • OCComSDK.dll
  • OCSetupHlp.dll
  • Fusion.dll

Processes

DNS and HTTP queries

  • tracking.opencandy.com.s3.amazonaws.com
  • media.opencandy.com (website not available)
  • cdn.opencandy.com
  • cdn.putono5.com
  • tracking.opencandy.com
  • api.opencandy.com
  • www.arcadefrontier.com

Software known to have included OpenCandy


Workarounds

There is a workaround to bypass OpenCandy by running some installers with a /NOCANDY parameter on the command line, which is up to the installer to support or not.[40]

References

  1. 1.0 1.1 PUP.Optional.OpenCandy, Malwarebytes, https://blog.malwarebytes.com/detections/pup-optional-opencandy/, retrieved 3 February 2018 
  2. OpenCandy, Sophos, https://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OpenCandy/detailed-analysis.aspx, retrieved 3 February 2018 
  3. ADW_OPENCANDY, Trend Micro, https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/adw_opencandy, retrieved 3 February 2018 
  4. Virustotal analyses of OpenCandy, Virus Total, https://virustotal.com/en/file/81196839f19269ce807e43c8b9669459dc833d6fd2d510646fc0bebc0e0ef2eb/analysis/#comments, retrieved 3 February 2018 
  5. Richards, Gizmo (16 April 2017), Controversial Advertising Program Now Being Embedded in More Software, Tech Support Alert, https://www.techsupportalert.com/content/controversial-advertising-program-now-being-embedded-more-software.htm, retrieved 2 February 2018 
  6. ADW_OPENCANDY: Trend Micro page, 30 April 2016
  7. Needleman, Rafe (11 November 2008), OpenCandy brings ad market to software installs. What?, CNET news, http://news.cnet.com/8301-17939_109-10094314-2.html, retrieved 2009-08-18 
  8. 8.0 8.1 8.2 Marshall, Matt (10 November 2008), OpenCandy inserts recommendations when you install software, https://venturebeat.com/2008/11/10/opencandy-recommends-software-when-youre-installing-stuff/, retrieved 2009-08-18 
  9. "What is OpenCandy and How to remove it?" (in en-US). 2016-01-24. https://appuals.com/remove-opencandy/. 
  10. "OpenCandy". http://www.ac3filter.net/wiki/OpenCandy/. 
  11. "Antivirus notes". http://www.ac3filter.net/wiki/Antivirus_notes/. 
  12. "Inquiry about detection of Auslogics Defrag Free Edition – ESET NOD32 Antivirus". https://forum.eset.com/topic/1783-inquiry-about-detection-of-auslogics-defrag-free-edition/. 
  13. "Complete Version history / Release notes / Changelog". http://www.videohelp.com/software/CamStudio/version-history#history. 
  14. "CDBurnerXP: FAQ". https://cdburnerxp.se/help/Intro/faq. 
  15. "FileZilla OpenCandy". https://malwaretips.com/threads/sourceforge-net-adds-adware-installers-provided-by-ask-com.17247/. 
  16. "Format Factory – Free media file format converter". http://www.pcfreetime.com/. 
  17. "Does Foxit Reader free 6.1.4.0217 have malware?". Foxit Corporation Forums. http://forums.foxitsoftware.com/forum/portable-document-format-pdf-tools/foxit-reader/18349-does-foxit-reader-free-6-1-4-0217-have-malware. 
  18. Zenju. "FreeFileSync". https://www.freefilesync.org/faq.php. 
  19. "FrostWire: Downloader, BitTorrent Client and Media Player". http://www.frostwire.com/. 
  20. "GOMlab.com include technical information and download link of GOM Player, GOM Audio, GOM Video Converter and GOM Remote.". https://www.gomlab.com/. 
  21. LIGHTNING UK! (2013-06-16). "The Official ImgBurn Website: Change log". http://www.imgburn.com/index.php?act=changelog. "Changed: No longer bundling/offering the Ask.com toolbar in the setup program, OpenCandy now handles product offerings during installation." 
  22. LIGHTNING UK! (2013-06-16). "The Official ImgBurn Website: Download". http://www.imgburn.com/index.php?act=download. 
  23. "MD5 doesn't match any downloadable installers – ImgBurn General". 2016-10-29. http://forum.imgburn.com/index.php?/topic/24395-md5-doesnt-match-any-downloadable-installers/. 
  24. "Wrong hash? – ImgBurn Support". 2016-06-23. http://forum.imgburn.com/index.php?/topic/24265-wrong-hash/. 
  25. "Wrong Hash 2 – ImgBurn Support". 2017-01-31. http://forum.imgburn.com/index.php?/topic/24503-wrong-hash-2/. 
  26. "ImgBurn". 2013-06-17. https://fileforum.betanews.com/detail/ImgBurn/1128426215/1. "CLEAN INSTALL! No OpenCandy bundled." 
  27. "ImgBurn Download: Changelog". 2017-03-31. http://www.softpedia.com/get/CD-DVD-Tools/Data-CD-DVD-Burning/ImgBurn.shtml. "no more 'opencandy' adware!" 
  28. "Codecs.com | Downloads for ImgBurn 2.5.8". 2016-06-20. http://www.free-codecs.com/imgburn_download.htm. "Download ImgBurn 2.5.8 – without OpenCandy!" 
  29. "ImgBurn". 2016-06-23. http://www.majorgeeks.com/files/details/imgburn.html. "This is a clean, no OpenCandy version." 
  30. 30.0 30.1 30.2 gizmo, richards (2014-02-08). "Controversial Advertising Program Now Being Embedded in More Software". Gizmo's Freeware. http://www.techsupportalert.com/content/controversial-advertising-program-now-being-embedded-more-software.htm. "OpenCandy (OC) is a relatively new advertising product that more and more software developers are bundling with their programs. It can now be found in the installers of dozens of popular programs including IZArc, mirC, PrimoPDF, Trillian Astra and more." 
  31. "MP3 Support Analysis – herdProtect". http://www.herdprotect.com/signer-mp3-support-146c2e323177663b9df87fff1b9c31d8.aspx. 
  32. SEMU-Design. "FJ Software Development". http://www.fjsoft.at/en/news.php. 
  33. [1] On the Help/Facts page
  34. Discussions on pdfforge Forums
  35. [2] PhotoScape – Virus and Malware
  36. Schember, John (21 January 2012). "Sigil 0.5.0 Released". http://sigildev.blogspot.com.au/2012/01/sigil-050-released.html. 
  37. "Malware on Install". https://forum.utorrent.com/topic/90702-malware-on-install/. 
  38. "WinSCP – OpenCandy". http://winscp.net/eng/docs/opencandy. 
  39. Found in FL Studio 12.1.2 Installer – By Windows Defender: PUA:Win32/CandyOpen / OCSetupHlp.dll
  40. "OpenCandy explained: what you need to know about the technology". 2021-08-06. https://www.ghacks.net/2012/08/06/opencandy-explained-what-you-need-to-know-about-the-technology/. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Software:OpenCandy&oldid=3462895"