Opera Browser Strangeness

D

Deleted member 65228

Guest
#24
@Sunshine-boy See, that's the thing that intrigued me (the Baidu references). It even has references to Conduit... But why? As as far as I know, Opera doesn't "prevent" such or "auto-clean" it.

It was also more of references to domains from their services, therefore I don't think it is impossible to rule out that maybe they all actually share data collection silently. Who knows. I do know that China have strict rules about data collection which are in the odds of the user, and that they force all companies to store data and not delete it (allegedly).
 
D

Deleted member 65228

Guest
#25
Well there we go then... Opera was sold for $600 million. Read that again... "$600 million". They will want back their $600 million that they spent on Opera, and would probably want to double or triple it. Therefore the references I found regarding data collection are likely indeed related to genuine data collection. I'm not sure how else a free product provider would go about generating income without the use of money-making advertisements/pop-ups or donations, except for data collection and then selling that collected data.
 
D

Deleted member 65228

Guest
#26
Another thing I will quickly note.

Watch out for any software which connects out to Ukraine at all. I don't mean this in a way that Ukraine are bad, nothing of the sort. The reasoning behind what I am trying to say is because large malware outbreaks such as Petya all originated from Ukraine for the spreading. A company (for example) which provided banking software to the Ukraine government (and others) were hacked twice for spreading of big malicious software outbreaks (Petya was one, I believe the second was NotPetya if I recall correctly). Specifically ransomware.

If @Slyguy posted this here about what he found with the connections, it must mean he has some sort of suspicion about Opera. He usually uses FortiSandbox, a very good end-point tool. When he checked up on CCleaner before the public announcement of their breach, his sandbox has suspicions and he stopped using it, he dodged a bullet there. I don't know much about the member, but I've read his posts and I know he definitely knows his stuff when it comes to networking and use of a sandbox/malware research, so that's another reason to keep your eye out on Opera.
 
D

Deleted member 65228

Guest
#28
@Sunshine-boy I didn't see the connections from network analysis, a cat (which dropped out the sky last night, landed on its feet and had a bag with a next-gen laptop which had many reversing tools) found various domains hard-coded into the actual Portable Executable. The component was opera_browser.dll. I cannot provide step-by-steps for obvious reasons considering Opera is genuine software, however you could try looking up online how to generate Strings for a Portable Executable (reverse-engineering technique - one of the simplest ones out there). Opera doesn't make use of string obfuscation.

What I'm saying though, is why on earth would Opera need to hard-code all of these things? Conduit? MyStart? Baidu stuff? It just seems fishy to me, and I couldn't find anything about it from Opera themselves online...

So take it with a grain of salt, but personally I think something not-so-good is going on and I recon it is to do with data collection and money.
 
D

Deleted member 65228

Guest
#29
I use a lot of freeware software's
Unless the free software is coming from community members on this forum/forums like this, or open-source repositories/reputable vendors for having good privacy guidelines, you're probably paying for software with your information.

Even Avast collect data which they will go on to sell by default for their Free Anti-Virus. Google collect a lot of data as well, as does Facebook, but I don't know about their terms with handling the data.

Web Of Trust (WOT) was exposed in the past for a massive problem with data collection, that pretty much buried them at the time. I never see anyone recommending it, nor even speaking of it nowadays.
 

Prorootect

Level 53
Verified
Joined
Nov 5, 2011
Messages
4,225
#30
Disabling this doesn't impact the background activity related to Ukrainian Bank and such. Same on as it is off.
Have you restarted your browser ... surely ..
Then look on your Registry - or it's hardcoded like Opcode wrote above.
Solution - download my Opera PORTABLE version:
Version: 36.0.2130.80
I don't have your Opera problems.

I download browsers (or other software) portable versions only, always.
 
Last edited:

Prorootect

Level 53
Verified
Joined
Nov 5, 2011
Messages
4,225
#31
Similar locations?

Qihoo is from China, and I believe Opera is also situated in China (or close to it)? Ukraine isn't too far from China as far as I know, but my geography always lacked so best check on that instead of assuming I'm right.
So China borders with Russia, then Russia with Ukraine, yes many hackers everywhere

This very good extension:
7 Times Faster
- it's from Ukraine.

Download on Store: 7 Times Faster
Version: 1.0.2.0
Updated: December 15, 2017
Size: 1.33MiB
- edited
 
Last edited:
Likes: Sunshine-boy

upnorth

Level 24
Verified
Joined
Jul 27, 2015
Messages
1,342
#34
Aha! Might actually have found an answer to why Opera establish a connection to bank.gov.ua.

Quote : " Currency conversion is based on two reference rates reported either by the European Central Bank ("ECB") using EURO as its base currency or the National Bank of Ukraine (NBU) using the Hyrvnia as its base currency.

The default currency converter option is set to the ECB. According to the ECB, its reference rates are updated on working days, excluding TARGET closing days (generally Saturday, Sunday and certain holidays). The ECB's reference rates are based on a regular daily concertation procedure between central banks across Europe. You can learn more about the ECB’s policy and exchange rates here.

Reference rates using the NBU are updated in two groups, daily or monthly, according to the exchange rates of the Ukrainian Hryvnia against foreign currencies. Read more here. "

Source : Search the web | Opera for Windows help
 
Last edited: