OpenCandy
OpenCandy was an adware module and a potentially unwanted program classified as malware by many anti-virus vendors.[1][2][3][4] They flagged OpenCandy due to its undesirable side-effects.[5][6] It was designed to run during installation of other desired software. Produced by SweetLabs, it consisted of a Microsoft Windows library incorporated in a Windows Installer. When a user installed an application that had bundled the OpenCandy library, an option appeared to install software it recommended based on a scan of the user's system and geolocation. Both the option and offers it generated were selected by default and would be installed unless the user unchecked them before continuing with the installation.[7][8]
OpenCandy's various undesirable side-effects included, changing the user's homepage, desktop background or search provider, inserting unwanted toolbars, plug-ins and extension add-ons in the browser. It also collected and transmitted various information about the user and their Web usage without notification or consent.[1][9] After massive criticism of the software occurred, it was eventually discontinued in August of 2016.
Development
[edit]The software was originally developed for the DivX installation, by CEO Darrius Thompson. When installing DivX, the user was prompted to optionally install the Yahoo! Toolbar. DivX received $15.7 million during the first nine months of 2007 from Yahoo and other software developers, after 250 million downloads.[8]
Chester Ng, the former DivX business development director, is chief business officer and Mark Chweh, former DivX engineering director, is chief technology officer.[8]
Windows components
[edit]Components that the program used may have differed but here are some similar names based on versions of the software.
Files dropped
[edit]- OCComSDK.dll
- OCSetupHlp.dll
- Fusion.dll
Processes
[edit]- spidentifier.exe
- rundll32.exe
DNS and HTTP queries
[edit]- tracking.opencandy.com.s3.amazonaws.com
- media.opencandy.com (website not available)
- cdn.opencandy.com
- cdn.putono5.com
- tracking.opencandy.com
- api.opencandy.com
- www.arcadefrontier.com
Software known to have included OpenCandy
[edit]- AC3Filter[10][11]
- Auslogics Disk Defrag[12]
- CamStudio (since version 2.7 r316)[13]
- CDBurnerXP (depending on version; alternate download without OpenCandy available; confirmed 2017-03-01)[14]
- FileZilla (present in 2013)[15]
- Format Factory[16]
- Foxit Reader (6.1.4 – 6.2.1)[17]
- FreeFileSync[18]
- FrostWire[19]
- GOM Player[20]
- ImgBurn (since version 2.5.8.0, though only on the version of the installer distributed directly from imgburn.com; the version distributed from the official mirror sites is adware-free)[21][22][23][24][25][26][27][28][29][better source needed]
- mIRC[30]
- MP3 Rocket[31]
- Orbit Downloader (confirmed 2015-10-24)[32]
- PDFCreator[33]
- PhotoScape[34]
- PrimoPDF[30]
- Sigil (dropped in version 0.5.0 and later)[35]
- Trillian (dropped 5 May 2011)[30]
- μTorrent[36]
- WinSCP (through August 2012)[37]
- FL Studio Installer[38]
Workarounds
[edit]There were workarounds to bypass OpenCandy by running some installers with a /NOCANDY
parameter on the command line, which was up to the installer to support or not.[39]
References
[edit]- ^ a b PUP.Optional.OpenCandy, Malwarebytes, retrieved 3 February 2018
- ^ OpenCandy, Sophos, retrieved 3 February 2018
- ^ ADW_OPENCANDY, Trend Micro, retrieved 3 February 2018
- ^ Virustotal analyses of OpenCandy, Virus Total, retrieved 3 February 2018
- ^ Richards, Gizmo (16 April 2017), Controversial Advertising Program Now Being Embedded in More Software, Tech Support Alert, retrieved 2 February 2018
- ^ ADW_OPENCANDY: Trend Micro page, 30 April 2016
- ^ Needleman, Rafe (11 November 2008), OpenCandy brings ad market to software installs. What?, CNET news, retrieved 18 August 2009
- ^ a b c Marshall, Matt (10 November 2008), OpenCandy inserts recommendations when you install software, retrieved 18 August 2009
- ^ "What is OpenCandy and How to remove it?". Appuals.com. 24 January 2016. Retrieved 31 January 2022.
- ^ "OpenCandy". 7 December 2023.
- ^ "Antivirus notes". 7 December 2023.
- ^ "Inquiry about detection of Auslogics Defrag Free Edition – ESET NOD32 Antivirus". 22 January 2014.
- ^ "Complete Version history / Release notes / Changelog".
- ^ "CDBurnerXP: FAQ".
- ^ "FileZilla OpenCandy". Retrieved 24 July 2013.
- ^ "Format Factory – Free media file format converter".
- ^ "Does Foxit Reader free 6.1.4.0217 have malware?". Foxit Corporation Forums.
- ^ Zenju. "FreeFileSync".
- ^ "FrostWire: Downloader, BitTorrent Client and Media Player".
- ^ "GOMlab.com include technical information and download link of GOM Player, GOM Audio, GOM Video Converter and GOM Remote".
- ^ LIGHTNING UK! (16 June 2013). "The Official ImgBurn Website: Change log". www.imgburn.com. Retrieved 3 October 2017.
Changed: No longer bundling/offering the Ask.com toolbar in the setup program, OpenCandy now handles product offerings during installation.
- ^ LIGHTNING UK! (16 June 2013). "The Official ImgBurn Website: Download". www.imgburn.com. Retrieved 3 October 2017.
- ^ "MD5 doesn't match any downloadable installers – ImgBurn General". forum.imgburn.com. 29 October 2016. Retrieved 3 October 2017.
- ^ "Wrong hash? – ImgBurn Support". forum.imgburn.com. 23 June 2016. Retrieved 3 October 2017.
- ^ "Wrong Hash 2 – ImgBurn Support". forum.imgburn.com. 31 January 2017. Retrieved 3 October 2017.
- ^ "ImgBurn". fileforum.betanews.com. 17 June 2013. Retrieved 3 October 2017.
CLEAN INSTALL! No OpenCandy bundled.
- ^ "ImgBurn Download: Changelog". Softpedia. 31 March 2017. Retrieved 3 October 2017.
no more 'opencandy' adware!
- ^ "Codecs.com | Downloads for ImgBurn 2.5.8". www.free-codecs.com. 20 June 2016. Retrieved 3 October 2017.
Download ImgBurn 2.5.8 – without OpenCandy!
- ^ "ImgBurn". www.majorgeeks.com. 23 June 2016. Retrieved 3 October 2017.
This is a clean, no OpenCandy version.
- ^ a b c gizmo, richards (8 February 2014). "Controversial Advertising Program Now Being Embedded in More Software". Gizmo's Freeware. Archived from the original on 7 August 2014. Retrieved 30 August 2014.
OpenCandy (OC) is a relatively new advertising product that more and more software developers are bundling with their programs. It can now be found in the installers of dozens of popular programs including IZArc, mirC, PrimoPDF, Trillian Astra and more.
- ^ "MP3 Support Analysis – herdProtect".
- ^ [1] Archived 9 April 2016 at the Wayback Machine On the Help/Facts page
- ^ Discussions on pdfforge Forums Archived 4 March 2016 at the Wayback Machine
- ^ [2] PhotoScape – Virus and Malware
- ^ Schember, John (21 January 2012). "Sigil 0.5.0 Released". Archived from the original on 24 April 2016. Retrieved 17 March 2012.
{{cite web}}
: CS1 maint: numeric names: authors list (link) - ^ "Malware on Install". 29 March 2014.
- ^ "WinSCP – OpenCandy". Archived from the original on 7 April 2014. Retrieved 3 April 2014.
- ^ Found in FL Studio 12.1.2 Installer – By Windows Defender: PUA:Win32/CandyOpen / OCSetupHlp.dll
- ^ "OpenCandy explained: what you need to know about the technology". www.ghacks.net. 6 August 2021. Retrieved 12 May 2021.