OpinionSpy spyware rears its ugly head on Macs once again

“Almost five years ago, Intego security researchers warned about the OSX/OpinionSpy spyware infecting Mac computers, downloaded during the installation of innocent-sounding applications and screensavers distributed via well-known sites such as MacUpdate and VersionTracker,” Graham Cluley reports for Intego.

“Once compromised, infected Macs could leak data and open a backdoor for further abuse,” Cluley reports. “Now, sadly, a variant of OpinionSpy seems to be making something of a comeback.”

“Mac security researcher Thomas Reed raised the alarm on his blog earlier this week, describing how he believed he had spotted a new variant of OpinionSpy in an installer for an app on CNET’s Download.com.,” Cluley reports. “Intego researchers have confirmed that Mac users downloading an app called Free Video Cutter Joiner by DVDVideoMedia might be getting more than they bargained for… During installation you would find yourself prompted to install an application called PremierOpinion (detected as OSX/OpinionSpy by Intego’s Mac anti-virus products).”

Cluley reports, “Fortunately, if OpinionSpy ends up on your Mac computer it’s not too hard to spot.”

Read more in the full article here.

Related article:
Warning: Windows ‘OpinionSpy’ spyware mutates; Mac version now found in free apps, screen savers – June 1, 2010

9 Comments

  1. A CNET user has clearly marked this as an infected file. Why hasn’t CNET pulled it?

    What does their disclaimer mean, that they have scanned it to ensure that it is virus and spyware free? Apparently, nothing.

    1. Short Answer: CNET deliberately infests their downloads with adware and in this case spyware. CNET won’t be pulling anything. They WANT to infect their victims with malware such as this. Consider Downloads.com off limits to anyone cognizant of computer security and privacy.

      Long Answer: As Thomas Reed, (discoverer of this new ‘C’ version of OpinionSpy), points out in his article, CNET’s Download.com website is now infested with adware and in this case spyware. Downloads.com is to be avoided, boycotted, condemned, shot, stabbed, drawn and quartered. IOW: Never use it. Curse you CBS, etc.

      I was net friends with the two guys who ran VersionTracker.com. Then CNET bought TechTracker, their company, and proceeded to gradually infiltrate all the bad aspects of Downloads.com into VT. As of October, 2013, the bastardization of VT was complete, signified by the infection of all software updates thereafter with blatant adware. I wrote an epitaph about it at the time:

      http://macsmarticles.blogspot.com/2013/10/attack-of-adware-cnet-has-ruined.html

      To CNET, infesting their downloads with “PremierOpinion”, aka OSX.Trojan.OpinionSpy.C, is just another source of revenue. CNET gets paid by PremierOpinion. CNET in turn adds PremierOpinion into their raft of piggy-backed adware/spyware that is installed along with downloaded software. The CNET victim gets screwed. CNET adds another buck to their dirty loot coffers.

      BLAME CBS Corporation, who owns CNET. Note that CBS Corporation is merely a renaming of the earlier controling company Viacom.

    2. MacUpdate and CNET are definitely off my list of software sources from now on. Pass it on. Maybe they will reform themselves, although I kinda doubt it. They probably get some revenue from such schemes.

  2. I also blame Google.

    Many people go and look up software before downloading it. They might want the current version of VLC or (gag) FLASH. Google gives them back ads first. Crap like “OfficialFlashDownload.com” and they fall for it. The download the installer, run it, hand over their passwords and yes, they get some version of FLASH or another, but they also wind up getting adware, often a crap load of it. In addition they get toolbars for browsers, their browser home page is changed, their browser now has a new search engine that does all kinds of wacky stuff, and that’s just the tip of the iceberg. Google should flag such results in RED or something.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.