Home / malwarePDF  

SoftwareBundler:Win32/SquareNet


First posted on 19 August 2014.
Source: Microsoft

Aliases :

There are no other names known for SoftwareBundler:Win32/SquareNet.

Explanation :

Threat behavior

This program downloads other software onto your pc, without giving you adequate consent or control.

We have seen it try to download and install adware including Adware:Win32/CostMin and Adware:Win32/InvisibleBrowser. It can install these adware and other threats, including malware, silently, without your knowledge.

It can try to install malware including TrojanProxy:Win32/Bedri and members of the Clikug family of trojans that use your PC for click fraud, such as TrojanDownloader:Win32/Clikug.A.

The program presents itself as a Java updater or installer. Even though it does install Java, often it installs old or outdated versions - having old versions of Java on your PC can open you up to infection by malware. In the following example it will also install other software, including "idle Crawler" which we detect as a variant of the Clikug family.



We have seen it try to install programs including:

  • Cloud Backup
  • DriverSupport
  • Find Ultra Premium Merchants
  • FreeSoftToday
  • HD_Quality
  • idle Crawler
  • iStart123 - Polypower
  • Okiitan
  • PC Safe Pro - Fusion Tech Software
  • Radsteroids - Deals Interactive Media
  • v-bates
  • Yontoo18 - EMG Technology, AIRZIP
  • Youtub_Videos_Downloader


It might also install a number of services, but gives you no way to uninstall them. For example, we've seen it install the following services, which may be used to update software installed by SoftwareBundler:Win32/SquareNet or protect some components from removal.

Service name: WinDevSrv
Display name: WinDevSrv
Description: Web Device Service
Path: %APPDATA%\UpdateServ\UpdaterService.exe or \Online\sv.exe

Service name: MediaDeviceSvc
Display name: MediaDeviceSvc
Description: Media Management Instrumention
Path to executable: \MediaDev\\mediadev.exe, for example \MediaDev\1405901676\mediadev.exe

The program might also install a file called vmhost.exe. This file may be used to browse the Internet without your knowledge and open ads that then redirect to exploit kits that try to infect your PC with malware.



Analysis by Hamish O'Dea

Symptoms

You see a program try to install Java that looks like this:





Last update 19 August 2014

 

TOP

Malware :