Carbon Black & VMware Announce Expanded Partnership to Secure the Software-Defined Data Center (SDDC) Learn more

Perils of Downloading Freeware: What Happens Behind the Scenes, Part II

Perils of Downloading Freeware: What Happens Behind the Scenes volume of processes incluing command shells task lists network connections visibility of Carbon Black
benweb
September 9, 2014 / Ben Johnson

After reading this blog post from cert.org, I was reminded of a similar post by my colleague J.J. Guy about how much unwanted change can be introduced to your system by downloading freeware or shareware. I decided to expand on J.J.’s analysis with the same software that CERT used.

First, I downloaded KMPlayer from CNET: http://download.cnet.com/1772-20_4-0.html?query=kmplayer&platform=Windows%2CMac%2CiOS%2CAndroid%2CWebware%2CMobile&searchtype=downloads

Because it came from CNET, a well-known site, one would think the download would be harmless.

benjohnson1

Continually clicking “OK,” I ended up installing something related to PC repair.

benjohnson2

After compiling data, the “something related to PC repair” began doing analysis:

benjohnson3

Finally, after I was done installing in a cleanly-snapshotted virtual machine, the downloaded program told me that I had all sorts of problems, including nine viruses. Remember, this was a totally clean VM.

benjohnson4

Ok, so you’re probably thinking, “that’s interesting, but expected” since I willingly said “OK” to whatever the installer asked me to do. However, the reason I decided to write this blog was to demonstrate the shocking amount of activity that occurred on my system as I went through the download process.

Check out the image below:

process_tree

Using Carbon Black, I was blown away by the sheer volume of processes, including command shells, task lists, network connections, and more. The visibility Carbon Black gave me into my system is pretty remarkable and demonstrates how much activity may be occurring on my systems behind the scenes without my knowledge.

The red arrow in the image above shows the single installer we purposely ran. From there, look at everything else that follows to the right. It’s a smorgasbord of potential malicious activity that could wreak havoc on my system. Visibility is critical. Without it, look to the right of the arrow and notice everything you could be missing.

TAGS: Carbon Black / cnet / Free software downloads / Freeware / malware / visibility

Related Posts