They’re doing it again!

More BitTorrent fireworks went off over the July 4th holiday. After the last episode it was inevitable that the pests would come crawling back, but so soon? I plucked two files and installed them to get the details, but I saw at least a dozen more files that are likely to have the same installer. Here’s what I found out so far.

This carefully crafted license puts adware disclosures out of sight and doesn’t mention all the software installed.

Different company, same scam. This time, the supposed distributor is Media Decompressor Company, or at least that’s the name in the license. A user downloads one of their files using BitTorrent; often the content is an adult-oriented video. Running the file brings up a dialog with soothing legalese on the first screen; clicking “I Agree” rewards the user with the content and the adware bundle. If the user scrolls down in the license, they will see that this program installs the 180Search Assistant from 180Solutions, Golden Retriever from ShopAtHomeSelect, and Internet Optimizer from Avenue Media. The license text shown to the user only has links to the 180Solutions license; for the others it just mentions that they are installed but says nothing about their license terms.

CDT rides again, with 180Solutions in tow. Several pieces of 180Solutions adware are installed by the bundle. 180Solutions purchased a company named CDT in March 2005. The payload for this latest bundle is immediately retrieved from servers under the control of CDT and/or 180Solutions, from domains owned by the same companies:,,, and If the “Media Compressor Company” exists at all, it delegates responsibility to CDT/180Solutions very early in the install process.

The license doesn’t disclose all the bundled software. Adware named MediaGateway is installed without notice. This is an extremely important omission. MediaGateway is the creation of from CDT, and now a 180Solutions responsibility. The license(broken link) says that “You grant CDT permission to add/remove features and/or functions to the existing software and/or service, or to install new applications, at any time, in its sole discretion with or without your knowledge and/or interaction.” In the past, CDT has used this back door to install even more spyware and adware without any notification to the user. Yet in this case, MediaGateway wasn’t even mentioned in the license!

The content violates ShopAtHomeSelect policies. In the last episode, the folks at Belcaro said ShopAtHomeSelect cannot be distributed with any sort of adult content. Yet six weeks later, Belcaro’s product is again being bundled with adult videos. Linda Muniz, Belcaro’s VP of Technology, reiterated this week that “ShopAtHomeSelect does NOT condone distribution of our CashBack software through adult sites.” It makes you wonder though, how good is Belcaro’s enforcement?

The CDT bundle contradicts a 180Solutions promise. Back in the April afterglow of the CDT acquisition, 180Solutions’ Todd Sawicki said the company would stop bundling all non-180Solutions software within the next month. The calendar has flipped to July, and CDT is still bundling adware from other companies. It’s not going on in some sneaky back-door way either; the affiliate code for this bundle is “cdt1006” and Belcaro confirmed that CDT is the distributor of this bundle.

This bundle is wrong on so many levels, and the evidence surrounding it seems to point directly to CDT. I contacted 180Solutions for comment and provided detailed information about what I’d found, but they haven’t provided a response yet. I’m still hoping to get an answer though. One of the reasons 180Solutions gave for purchasing CDT was to clean up its distribution channels and this still seems in need of a good scrubbing. Does CDT even have rights to the content they are distributing? My guess would be no, but we’ll have to wait for an answer from them.

Want another perspective on the potent nastiness of this bundle? Here’s a scan from Microsoft Antispyware showing the first of several screens documenting the aftermath:

Seems like the whole adware industry has us on a treadmill: 1) Find and expose the latest outrageous adware bundle. 2) Wait for the inevitable answer, “We didn’t know but we’ve fixed it now.” 3) Find another outrageous bundle the next month.

In short: Lather, Rinse, Repeat. Skip the shampoo, what we need is a permanent. Permanent fix, that is. If they can’t provide it, we need to find someone who can. Every incident like this shows the failure of self-regulation and makes external controls–such as legislation–easier to sell.

Comments? Questions? Please make a post in the Site Feedback section of our forums.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles