Badware risks: fileforum.betanews.com

[wsmith1]

fileforum.betanews.com should be added to badware risks.

fileforum.betanews.com distributes links to installers with malware in them and does not take them down even when they are reported to them.

Example URLs

CDex: hxxp://fileforum.betanews.com/detail/CDex/930285642/1

malware reported by reviewers on site, here is VirusTotal scan:

https://www.virustotal.com/en/file/5fd4adfd8ff0fb9c8d00981fa42046f0c4e96c57b04d09b5ef4809f4920b278f/analysis/1456289197/

MusicCube: hxxp://fileforum.betanews.com/detail/musikCube/1091033963/1

malware reported by reviewers on site, here is VirusTotal scan:

https://www.virustotal.com/en/file/348be75d52e3e866abca3f782ff146b86078c085f62cf04092540c4162de8e77/analysis/

InnoExtractor: hxxp://fileforum.betanews.com/detail/InnoExtractor/1345187681/1

An older version 4.6.1.147 contained malware that installs even if you say no to every offer. I installed it and had to re-ghost the machine afterwards. The link to the file was not taken down by fileforum.betanews.com even after I contacted them via web form back in 2014.

Checksums for installer with malware:

9cea8c78d644c964a90e6d40af114b74a106b919ff96014026fc09905dd1f7ca *IE_Install.zip
719d314b81a24050bb9cd147230597eb4faafa0bf875850743bb0b9f53fdcbb7 *IE_Install.exe

[Havokdan]

Excuse me, I do not speak English, I do google translator to use, but it seems to me that the Betanews itself does not install malware, something that happened for example with some sites, such as softonic or sourceforge, in which the sites themselves were that you lowered an installer created by them to install the applications.

[Betsy25]

I use betanews a lot, and I never have found it offering me something that is not the exact same as what I would get on the original software author's site, it's always identically the same hash, so if you didn't catch a false positive, chances are very high when you download the file from the original author's site, you'll have the same warning.

[Betsy25]

EDIT: I downloaded the CDex file from the author's site, and it indeed has the exact same SHA256 hash as the one on Betanews & the one you uploaded to VirusTotal, so don't blame betanews if the software author is a jackass.

Betanews is one of the very few that has never added anything to downloads, and it's not happening today either.

[gorhill]

@Betsy25 Thanks for your input, this is enough for me to close this issue.

[gorhill]

Anyways, just like any other sites in Badware risks, this would require many reliable 3rd-party references, and there is no such thing so far.

[wsmith1]

BetaNews does not host files on their servers. BetaNews redirects to links to files or download pages provided by submitters of the programs. In case of InnoExtractor, BetaNews download button link redirected to a mediafire page (but that page did not require to wait 30 seconds to download the file, like it is normally done). In case of CDex, BetaNews redirects to hxxp://cdex.mu/download.

InnoExtractor installer linked by BetaNews in 2014 downloaded and installed 20 different programs, even when the user said "no" to every offer. For musiccube, antivirus products report that the installer contains infostealer. BetaNews could have reacted to users' reports, reviewed and removed links to CDex and MusicCube installers and told authors to submit a link to a clean installer instead. But BetaNews chose to keep the links to malware on their site, This indifference makes BetaNews website unsafe to use for non-technical users.

By the way, Badware risks wiki page does not tell that a candidate site for inclusion into the Badware risks list must be hosting binaries on their own servers and wrapping installers themselves. Maybe it should say so explicitly. Right now, the wiki page reads "The block page is there to remind users to be cautious, particularly non-technical users." 3 examples I provided earlier show that users must be more cautious on BetaNews site than on a site that does review files submitted to them.

[wsmith1]

By the way, a software developer submitted a program that does nothing and does not even run to 1033 software download portals back in 2007. His program, awardmestars 1.0, got 25 awards. 9 years later, it is still possible to find software download portals that have that "awardmestars" program.

• The software awards scam (2007)
• The software awards scam (update) (2007)

[gorhill]

3 examples I provided earlier show that users must be more cautious on BetaNews site than on a site that does review files submitted to them.

You provided. Compare this to the many candidates in the wiki page for which there is more than 3 example from various reliable sources. I think this makes it clear I will not add whatever is submitted without supporting material of persistent, wanton disregard for users.

[ghost]

@gorhill Though news sites don't report on every site which distributes badware, right? Sourceforge for example is a very popular site and was trusted for many years so the outrage was huge. Other sites simply won't get that coverage. It makes sense to only add sites where there is clear evidence but that excludes less popular sites or sites which didn't have a very good reputation among tech savvy people to begin with.

[gorhill]

It probably would be nice to have a filter lists dedicated to badware risks sites, but with a lower bar with regard to supporting material, i.e. such filter lists would not be enabled by default, so it's ok to loosen requirements. Anybody who feel this is needed is free to create and maintain such filter list, and it will be their responsibility to defend their choices.

The one in uBO is enabled by default, so the only stuff I throw in there are sites for which I am personally comfortable to defend the choice I made to include those sites in there.

[wsmith1]

@gorhill maybe ship a second list, disabled by default, that includes candidate sites as well? I would enable that list instead of adding candidates to my own list manually.

[wsmith1]

According to The software awards scam (2007) article, submit-everywhere service submits software to 1033 software download portals.

Most of these portals distribute binaries or links to binaries as is, without modifying them or wrapping into their own installer. Even if they do not modify installers, these portals disregard their users, because they let dishonest authors to distribute malware.

Unfortunately, most of these 1033 portals won't make the news because of that, only the most popular are analyzed by journalists. Yes, Every Freeware Download Site is Serving Crapware (Here’s the Proof) does not mention every freeware download site with malware by name, because it is impractical and would make the article boring to read.

For less popular portals, all we can get is first-hand evidence. What could be the criteria for such evidence to be considered reliable enough to be a basis for inclusion into any of the badware risks lists? (it should be independently verifiable at least).

By the way, I remember that FileHippo in 2006 took stand against adware in at least one case: "Although there are newer versions of BS Player (1.38.828), it contains adware so will not be posted on FileHippo."

[Betsy25]

Going from this perspective, people might classify all software distribution sites are scamware. The point is, do those sites let people host their software, and add crapware to them, or do they simply let people host their software. Betanews never fiddled with hosted software to date.