Download Adware from Agave
You download a file to yourself, and it is in a self-extracting archive. Run exe'shnik, opens like WinRar (a very similar window to the view), unpack your file and forget. But after a while, advertising starts to crawl from all holes, which is unclear how to turn off because it is not clear where it came from.
It would seem that the classical scheme of advar pairing has been living for many years and is not remarkable. But in Russia they decided to do it differently. Advar is now approved by local antiviruses, a fairly large and well-known company is practically officially involved in distribution.
Just over a year ago, one of the partners knocked me and said that someone there wants to post viruses and pay money for it. Only the fact that he called himself a representative of the Agave and that their virus seems to have been approved by Kaspersky and would not be caught by him kept him from the proposal to immediately send such a merchant to the forest. I wondered how this could be and I allowed to give my contacts to communicate directly.
In ICQ, a certain Avaks knocked, who called himself Mikhail Ilyin, director of something in Agave. Briefly told about what is offered:
I pack all the files on the site with their archiver, it turns out exe's, which when unpacking are similar to WinRar, so that the user will not notice the difference. When unpacking, a window pops up, where among the heap of text there is a small paragraph that the user clicking "continue" agrees to set himself some advertising module, which can then be deleted. After clicking “continue”, the user is put in this module, which starts to show ads somewhere in a day. They say, money for clicks will go to me, over time, users will download a virus with my refka a lot, clicks will go nemeryannom and in general you can earn a million very quickly and without straining. And so, as advertising will be only a day after the installation of the advertising module, no one will damn where it came from.
')
To my questions, such as why I voluntarily ruin my resource, why Agave does not use his ifolder.ru, and how the public company can even send viruses to me, I was told that I would not ruin the resource because they had a terribly relevant advertisement and the user would Only pleased that it will be shown. Ifolder is not used because the type of integration is not yet ready (as far as I know, it is not ready yet either :), and then they will offer users to compress their files with this miraculous archiver, but about viruses, it’s not a virus at all, there There is an uninstaller and in general all this stuff is approved in the Kaspersky Lab and their antivirus does not respond to the advertising module.
At the same time, the question of whether they simply wanted to substitute competitors (in my face) or they were simply impressed with the way they flew over the past few months and decided to try to develop by the same methods caused an angry tirade. The comparison with the letbitbit is even offensive, saying that we have an uninstaller here and, in general, this is not an adviser at all, just an advertising module that the user himself agrees to install. And they don’t want to substitute competitors, and in general they are not very interesting for them and it’s planned to work with mp3 sites, then I just turned up my arm and so on.
So, the conversation lasted about an hour, I was convinced (users - shit, what difference do you have, then the money is paid, etc.), threatened (we will go to your competitors, they will earn a lot of money and survive you from the market), dig a phrase about what they are not advar, that they are legit on their heads and generally carry the good and eternal. It ended with the fact that I promised to automatically detect the presence of their files in the files and delete the files, together with the users, that they were flooded and the dialogue was terminated.
I was inspired by the Russian style of business, even stumbled upon sites with their advocates, but the crisis came and, in general, this story was somehow forgotten (apparently, it was decided not to show activity during the crisis). After all, someone left could well call himself Mikhail Ilyin, carry on a dialogue in his style (read his posts on roem.ru several times after that) and generally hang noodles.
She received a continuation now, when she submitted offers to make a lot of money in the feedback form, but this time there were referral links and judging by the style of the letter, the work is clearly of some students. Links led to the website tmaproject.ru , going and reading a few paragraphs, I immediately remembered last year’s dialogue, making sure that the representative of Agave and I really wrote them to me:
This time, however, the module is openly called adware, the list of antiviruses that do not catch this module has expanded: “So, in Kaspersky Lab, TMAgent is classified as AdTool, a safe program that displays ads. Also, the safety of TMAgent is confirmed by its absence in the databases of such well-known antiviruses as DrWeb, NOD32, Panda Antivirus, AVG, Avira, Ad-Aware and many others. ”
Probably, in honor of the crisis, antiviruses reduced the prices of ignoring viruses, Agave decided to expand the list =)
Two points are surprising:
1. Is it possible in Russia to legalize a lawyer? It is clear that the user type puts himself, and that, it seems like you can delete, but this is an obvious fraud. The same as in SMS scam, in fact.
2. Why use antiviruses that skip past such a software plan?
below is an addition about this
It would be interesting to look at advertisers that buy advertising in this adwart. It is quite possible that they are selling some clicks on a completely legal teaser, and in fact, generate transitions in this way.
It would also be very interesting to listen to official comments from Agave herself and from Kaspersky Lab, which seems to be doing software that protects against such programs.
ZY People working at Kaspersky Lab say that there was no ignoring of this module, that their antivirus did not catch it solely due to their lack of a sample. At the moment, the adware module is caught by the latest software versions and there is nothing to be afraid of.
Apparently, Agave about Kaspersky invented herself, using the fact that for some time their module was not in the database.
It would seem that the classical scheme of advar pairing has been living for many years and is not remarkable. But in Russia they decided to do it differently. Advar is now approved by local antiviruses, a fairly large and well-known company is practically officially involved in distribution.
Just over a year ago, one of the partners knocked me and said that someone there wants to post viruses and pay money for it. Only the fact that he called himself a representative of the Agave and that their virus seems to have been approved by Kaspersky and would not be caught by him kept him from the proposal to immediately send such a merchant to the forest. I wondered how this could be and I allowed to give my contacts to communicate directly.
In ICQ, a certain Avaks knocked, who called himself Mikhail Ilyin, director of something in Agave. Briefly told about what is offered:
I pack all the files on the site with their archiver, it turns out exe's, which when unpacking are similar to WinRar, so that the user will not notice the difference. When unpacking, a window pops up, where among the heap of text there is a small paragraph that the user clicking "continue" agrees to set himself some advertising module, which can then be deleted. After clicking “continue”, the user is put in this module, which starts to show ads somewhere in a day. They say, money for clicks will go to me, over time, users will download a virus with my refka a lot, clicks will go nemeryannom and in general you can earn a million very quickly and without straining. And so, as advertising will be only a day after the installation of the advertising module, no one will damn where it came from.
')
To my questions, such as why I voluntarily ruin my resource, why Agave does not use his ifolder.ru, and how the public company can even send viruses to me, I was told that I would not ruin the resource because they had a terribly relevant advertisement and the user would Only pleased that it will be shown. Ifolder is not used because the type of integration is not yet ready (as far as I know, it is not ready yet either :), and then they will offer users to compress their files with this miraculous archiver, but about viruses, it’s not a virus at all, there There is an uninstaller and in general all this stuff is approved in the Kaspersky Lab and their antivirus does not respond to the advertising module.
At the same time, the question of whether they simply wanted to substitute competitors (in my face) or they were simply impressed with the way they flew over the past few months and decided to try to develop by the same methods caused an angry tirade. The comparison with the letbitbit is even offensive, saying that we have an uninstaller here and, in general, this is not an adviser at all, just an advertising module that the user himself agrees to install. And they don’t want to substitute competitors, and in general they are not very interesting for them and it’s planned to work with mp3 sites, then I just turned up my arm and so on.
So, the conversation lasted about an hour, I was convinced (users - shit, what difference do you have, then the money is paid, etc.), threatened (we will go to your competitors, they will earn a lot of money and survive you from the market), dig a phrase about what they are not advar, that they are legit on their heads and generally carry the good and eternal. It ended with the fact that I promised to automatically detect the presence of their files in the files and delete the files, together with the users, that they were flooded and the dialogue was terminated.
I was inspired by the Russian style of business, even stumbled upon sites with their advocates, but the crisis came and, in general, this story was somehow forgotten (apparently, it was decided not to show activity during the crisis). After all, someone left could well call himself Mikhail Ilyin, carry on a dialogue in his style (read his posts on roem.ru several times after that) and generally hang noodles.
She received a continuation now, when she submitted offers to make a lot of money in the feedback form, but this time there were referral links and judging by the style of the letter, the work is clearly of some students. Links led to the website tmaproject.ru , going and reading a few paragraphs, I immediately remembered last year’s dialogue, making sure that the representative of Agave and I really wrote them to me:
This time, however, the module is openly called adware, the list of antiviruses that do not catch this module has expanded: “So, in Kaspersky Lab, TMAgent is classified as AdTool, a safe program that displays ads. Also, the safety of TMAgent is confirmed by its absence in the databases of such well-known antiviruses as DrWeb, NOD32, Panda Antivirus, AVG, Avira, Ad-Aware and many others. ”
Probably, in honor of the crisis, antiviruses reduced the prices of ignoring viruses, Agave decided to expand the list =)
Two points are surprising:
1. Is it possible in Russia to legalize a lawyer? It is clear that the user type puts himself, and that, it seems like you can delete, but this is an obvious fraud. The same as in SMS scam, in fact.
below is an addition about this
It would be interesting to look at advertisers that buy advertising in this adwart. It is quite possible that they are selling some clicks on a completely legal teaser, and in fact, generate transitions in this way.
It would also be very interesting to listen to official comments from Agave herself and from Kaspersky Lab, which seems to be doing software that protects against such programs.
ZY People working at Kaspersky Lab say that there was no ignoring of this module, that their antivirus did not catch it solely due to their lack of a sample. At the moment, the adware module is caught by the latest software versions and there is nothing to be afraid of.
Apparently, Agave about Kaspersky invented herself, using the fact that for some time their module was not in the database.
Source: https://habr.com/ru/post/73805/
All Articles