Tuto4PC Utilities Silently Install 12M Backdoors, Cisco

  • 27 April 2016
  • 2 replies
  • 202 views

Userlevel 7
Badge +54
by Tom Spring April 27, 2016
 
                                      



Security experts are warning PC users of scareware computer utilities published by the French firm Tuto4PC that secretly bundle adware and spyware. Cisco’s Talos security research team said several of the company’s utilities, including OneSoftPerDay and System Healer, contain Trojans that exhibit “malicious intent and behavior.”

Talos estimates 12 million users have been enticed to download one of Tuto4PC’s software programs. Researchers say once PC users install one of its utilities, the software acts like malware and installs a Trojan called Wizz.

“Installed with administrator rights, (Wizz) is able to harvest personal information, and install and launch executables uploaded by the controlling party,” Talos researchers wrote Wednesday in a blog post.
 
Full Article

2 replies

Userlevel 7
Sounds like another piece of 'crapware' that we will need to be aware of in terms of PUAs, etc. I just wonder why these firms do it as they must realise that eventually they will be found out and once they are their reputation, as it is, will be down the pan...to me it is sheer business suicide.
Userlevel 7
By Eduard Kovacs on April 28, 2016 Cisco’s Talos security intelligence and research group has come across a piece of software that installed backdoors on 12 million computers around the world.
The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The firm, previously known as Eorezo Group and apparently linked to another company called Wizzlabs, has been targeted by French authorities over its questionable practices regarding the installation of unwanted software and harvesting of users’ personal details.
Cisco started analyzing Tuto4PC’s OneSoftPerDay application after its systems detected an increase in “Generic Trojans” (i.e. threats not associate with any known family). An investigation uncovered roughly 7,000 unique samples with names containing the string “Wizz,” including “Wizzupdater.exe,” “Wizzremote.exe” and “WizzInstaller.exe.” The string also showed up in some of the domains the samples had been communicating with.
 
full article here:

Reply