| VID |
27308 |
| Severity |
20 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
MALWARE |
| Detailed Description |
The "Downloadware" program has been installed on the system.
The presence of this program is sometimes perceived as Adware that downloads and display ads.
Generally, Adware may track your browsing habits and expose it to a central ad server for advertising purposes. The Downloadware, also known as MediaLoads or ClipGenie, connects to fordaleltd.com on port 80 and downloads and displays advertisements in a small browser windows.
It is designed to execute arbitrary code from advertisers. There is no code-signing, so systems are vulnerable to DNS poisoning attacks and attacks on the controlling servers.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.spyany.com/program/article_spy_rm_DownloadWare.html
http://securityresponse.symantec.com/avcenter/venc/data/adware.dware.html
http://www.spywareguide.com/product_show.php?id=474
http://pestpatrol.com/PestInfo/d/downloadware.asp
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Remove it from your system using the following methods, if it's silently installed without the users knowledge or the use of it dose not match your security policy.
1. Using the uninstaller for it on the Add/Remove Program entry.
2. Using spyware/adware removal program or Vaccine(Anti-Virus) program. You can use the following programs:
- Norton AntiVirus: http://www.symantec.com/downloads
- McAfee VirusScan: http://download.mcafee.com/default.asp |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
