{"id":23413,"date":"2018-08-13T10:10:08","date_gmt":"2018-08-13T14:10:08","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=23413"},"modified":"2019-11-15T06:34:35","modified_gmt":"2019-11-15T11:34:35","slug":"file-sharing-affiliate-programs","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/file-sharing-affiliate-programs\/23413\/","title":{"rendered":"Free files (with some ads)"},"content":{"rendered":"

You\u2019re always careful about opening e-mails from strangers<\/a>, extra cautious contemplating great deals<\/a>, and assiduously avoid adult content<\/a>. So how could you wake up one day to a bunch of new browser toolbars, an excess of ads, and PC optimizers you know you never installed? What went wrong?<\/p>\n

Odds are, the culprit is an affiliate service. Affiliates negotiate agreements with file-sharing services to replace desired files with installers that bundle the file you want with some other products: browsers, optimizers, adware<\/a>. The affiliate, in turn, pays for each download. Our experts dug in for the details of how it all works<\/a>.<\/p>\n

Why do people store files on such sites?<\/h2>\n

File-sharing sites that have affiliates are interested in gaining more users. So, in addition to storing content, they may offer a small amount of money to those who upload their files to the site. For example, one of the resources we studied pays users 4 rubles (about 6 cents) for every download of the uploaded file. It\u2019s not much, but it sweetens the deal.<\/p>\n

A user looking to make money on this will not only upload videos, books, music, and game mods to such a file-sharing site \u2014 he or she will also publish a link to it online, somewhere in a forum or fan page, for example, whose owners don\u2019t know anything about the affiliate.<\/p>\n

Downloading to download<\/h3>\n

Other users then find the link in the course of browsing through a forum or searching for rare content. The link takes them to the file-sharing site, which often looks like a legitimate cloud service, such as Google Drive. There, they find the file. It may look like an archive, a torrent file, an ISO image, or an HTML document.<\/p>\n

But what the user downloads after clicking on that file is an executable \u2014 the installation file hidden in a password-protected ZIP archive, say, or a file that looks as if it has two extensions (super-new-map.zip.exe). It often comes with detailed installation instructions: Unzip the archive contents, enter this password, etc. The complexity is meant to obscure the questionable nature of the file from browsers and antivirus software.<\/p>\n

And what is this installation file?<\/h3>\n

Here\u2019s what happens when the user has finished unzipping, entering passwords, and whatever else the downloaded archive requires, and finally launches the executable. First, the installer tells an affiliate server everything about the user\u2019s computer, including user name and list of launched tasks. The server responds with a list of affiliate programs that could potentially be installed on the computer. The response also contains the name of the file the user originally wanted to download.<\/p>\n

Then, for each affiliate program, the installer checks if the users\u2019 system has one of the security solutions that could spot that something weird is going on. The affiliate owners attempt to set everything up so as not to sound any alarms and get the user\u2019s attention.<\/p>\n

Only after all of that does the installer finally offer to download the desired file (and three to five affiliate programs \u201cwell-suited\u201d for your system). An Internet Explorer\u2013style download window pops up. In addition to the name of the original file the user desired, it lists everything else that will be downloaded, but in a very tiny, grayish font. In addition to that, most of the information is kept from view; you\u2019d have to resize the window to see all of the programs about to be installed. At this stage, the user could smell a rat, deselect all of the check boxes, and prevent the program from installing anything extra, but that would require attention \u2014 and supersharp vision.\"\"<\/a><\/p>\n

Ads and more ads \u2014 and a little bit of malware<\/h3>\n

When purveyors of a file-sharing service come to an agreement with a \u201cpartner,\u201d they think only of their own profit. In other words, they really don\u2019t care what happens to users\u2019 devices; the only thing they care about is getting paid.<\/p>\n

As a result, users download many dubious files through the \u201cpartners.\u201d It\u2019s mostly adware<\/a>. However, in 20% of cases, real malware is downloaded. By the way, in 5% of cases, the \u201cpayload\u201d will appear to be a common browser. (If that\u2019s what the user gets, they may consider themselves fortunate.)<\/p>\n\n

Safe download, no registration required<\/h3>\n

How can you download a useful file without getting useless trash (or worse) along with it? Here\u2019s our advice:<\/p>\n