- Jan 24, 2011
- 9,379
You may well be familiar with Softpedia, which is a huge library of downloadable software and breaking news stories. We recently noticed a Softpedia mention on a Facebook post, except something didn’t look quite right with the URL:
The URL in question is
s0ftpedia(dot)pw
and they’ve replaced the letter “o” with a zero (just in case it isn’t clear from the formatting).
The site has a dead frontpage and an “under construction” message:
Elsewhere, however, things are a little more interesting:
Many of the links on the page redirect to 403: forbidden messages on another URL. The main download offered in the above screenshot is live at time of writing, though:
The file is a PUP (potentially unwanted program) currently pegged at 11 / 53 on VirusTotal, and users of Malwarebytes Anti-Malware will find we detect it as PUP.Optional.Amonetize. The VirusTotal page lists some of the names the file has gone by:
CSGO Multihack September 14.exe__3038_i1336425480_il907688.exe
pumps theory design and applications__3516_i1336463687_il915800.exe
file-7497235_exe
csieda 5.4 crack__3038_i1336278996_il877527.exe
Launcher.exe
felix the cat desktop buddy__3515_i1336603348_il943112.exe
setup.exe
c exe decompiler__3515_i1336154130_il849859.exe
sysprep windows 2003__3516_i1336521661_il927032.exe
Running the file opens up a EULA for InstallPath File Manager, which leads to various yes / no install options for IstartSurf, OffersWizard and Plus HD (if you’re in “expert mode” – otherwise it’ll just assume you want everything by default). There’s also one final screen for Wajam.
In testing, it gave an “install complete” message but no trace of the above programs could be found. It’s possible that the installer is broken or somebody already switched off the download / distribution channel.
According to Whois data, the site – which is privacy protected – was created on the 12th of September 2014. Unfortunately for whoever made it, Softpedia has just had a major redesign and so the imitation is already looking outdated.
This won’t help everybody who may visit, but at the very least people familiar with Softpedia and the new look will hear alarm bells ringing sooner rather than later. Although the site creator hit typo paydirt by switching the letter o for the number zero – look how close together they are on the keyboard! – it might be tricky to sell .pw instead of .com as the “real” Softpedia URL.
Read more: https://blog.malwarebytes.org/online-security/2014/09/imitation-softpedia-site-offers-up-a-pup/
The URL in question is
s0ftpedia(dot)pw
and they’ve replaced the letter “o” with a zero (just in case it isn’t clear from the formatting).
The site has a dead frontpage and an “under construction” message:
Elsewhere, however, things are a little more interesting:
Many of the links on the page redirect to 403: forbidden messages on another URL. The main download offered in the above screenshot is live at time of writing, though:
The file is a PUP (potentially unwanted program) currently pegged at 11 / 53 on VirusTotal, and users of Malwarebytes Anti-Malware will find we detect it as PUP.Optional.Amonetize. The VirusTotal page lists some of the names the file has gone by:
CSGO Multihack September 14.exe__3038_i1336425480_il907688.exe
pumps theory design and applications__3516_i1336463687_il915800.exe
file-7497235_exe
csieda 5.4 crack__3038_i1336278996_il877527.exe
Launcher.exe
felix the cat desktop buddy__3515_i1336603348_il943112.exe
setup.exe
c exe decompiler__3515_i1336154130_il849859.exe
sysprep windows 2003__3516_i1336521661_il927032.exe
Running the file opens up a EULA for InstallPath File Manager, which leads to various yes / no install options for IstartSurf, OffersWizard and Plus HD (if you’re in “expert mode” – otherwise it’ll just assume you want everything by default). There’s also one final screen for Wajam.
In testing, it gave an “install complete” message but no trace of the above programs could be found. It’s possible that the installer is broken or somebody already switched off the download / distribution channel.
According to Whois data, the site – which is privacy protected – was created on the 12th of September 2014. Unfortunately for whoever made it, Softpedia has just had a major redesign and so the imitation is already looking outdated.
This won’t help everybody who may visit, but at the very least people familiar with Softpedia and the new look will hear alarm bells ringing sooner rather than later. Although the site creator hit typo paydirt by switching the letter o for the number zero – look how close together they are on the keyboard! – it might be tricky to sell .pw instead of .com as the “real” Softpedia URL.
Read more: https://blog.malwarebytes.org/online-security/2014/09/imitation-softpedia-site-offers-up-a-pup/
