Download Valley

The smaller adware companies SweetPacks and SmileBox were purchased by the larger company Perion Networks for $41 million and $32 million. iBario claimed to be worth $100 million[http://www.timesofisrael.com/meet-ibario-israels-100-million-internet-empire/ Meet iBario, Israel's $100 million Internet empire] Times of Israel, David Shamah, 19 May 2014 in early 2014. Conduit was valued at $1.4 billion by JP Morgan in 2012.[http://pando.com/2012/04/09/conduit-israels-first-billion-dollar-internet-company/ Conduit, Israel’s First Billion Dollar Internet Company] {{Webarchive|url=https://web.archive.org/web/20141209035112/http://pando.com/2012/04/09/conduit-israels-first-billion-dollar-internet-company/ |date=9 December 2014 }} Pandodaily, Mick Weinstein, 9 April 2012

Revenues are frequently near $100 million to several $100 million for large companies (Perion: $87 million in 2013, Conduit: claimed $500 million in 2012), with much lower operating and net income (Perion: $3.88 million operating, $310.000 net income in 2013).

All these numbers are highly volatile since technical and legal preconditions quickly change profit opportunities. In 2013 and 2014, changes in web browsers to prevent unwanted toolbar installs and a new policy by Microsoft towards advertising[https://blogs.wsj.com/digits/2014/06/04/hate-pop-up-ads-microsoft-tries-drawing-line-in-the-sand/ Hate Pop-Up Ads? Microsoft tries drawing line in the sand] Wall Street Journal, Orr Hirschauge, 4 June 2014 lead to the expectation that the main profit methods of the companies would soon work no longer. The Perion stock lost roughly two-thirds of its value during 2014, from over $13.25 in January to $4.53 on 29 December.{{Cite web|url=https://www.perion.com/investors/stock-performance/|title=Stock Performance}}

Many of the products may be designed in a way to install while not being solicited by the user who downloads the desired product, and to create revenue from software usually distributed as free. For this, they may use invasive and harmful techniques.

To achieve installs, such installers may:[http://www.hanselman.com/blog/DownloadWrappersAndUnwantedSoftwareArePureEvil.aspx Download Wrappers and Unwanted Software are pure evil] Scott Hanselman, 12 February 2014[http://insecure.org/news/download-com-fiasco.html Download.com Caught Adding Malware to Nmap & Other Software] insecure.org

• not show information on potentially harmful actions, or hide it in fine print and EULAs, where they are overlooked by most users expecting only their desired program.
• use deceptive menus, suggesting the adware to be the main program or part of it, or pretending to show the main program's EULA, to obtain an "accept" click to install unwanted software.
• request rights for full system access, suggesting to be necessary for the main program's installation.
• install unwanted software without asking or although the user rejected an install.[https://www.groovypost.com/howto/avoid-computer-bloatware-from-cnet-download-com-crapware/ CNET Joins the Dark Side, its Download.com Attempts to Fill Your Computer With Crapware] Groovypost, Austin Ruthruff, 21 July 2013
• use hacks[https://blog.malwarebytes.org/mac/2015/08/genieo-installer-tricks-keychain/ Genieo installer tricks keychain] Malwarebytes unpacked, Thomas Reed, 31 August 2015 and exploits[https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/ DYLD_PRINT_TO_FILE exploit found in the wild] Malwarebytes unpacked, Thomas Reed, 3 August 2015 for unauthorized access to confidential data and system modifications.

Installed adware frequently attempts to hide its identity, prevent disabling, removing, or restoring previous settings, spy on the user's system and browsing habits, download and install further unwanted software, or open backdoors for possibly malicious attacks.

Many security software vendors list these products in the category of potentially unwanted programs[https://blog.malwarebytes.org/fraud-scam/2014/12/potentially-unwanted-program-borrows-tricks-from-malware-authors/ Potentially Unwanted Program borrows tricks from malware authors], Malwarebytes unpacked (blog), Jérôme Segura, 31 December 2014[http://www.mcafee.com/cn/resources/white-papers/wp-potentially-unwanted-programs-spyware-adware.pdf Potentially Unwanted Programs, Spyware and Adware] {{Webarchive|url=https://web.archive.org/web/20150102155121/http://www.mcafee.com/cn/resources/white-papers/wp-potentially-unwanted-programs-spyware-adware.pdf |date=2 January 2015 }} McAfee Whitepater, October 2005 (PUP, also PUS or PUA[http://kb.eset.com/esetkb/index?page=content&id=SOLN2629 What is a potentially unwanted application?] ESET Home Support, September 2014) or grayware[https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f4bba089-caa2-424c-af82-d1dae0963c20&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments Grayware: Casting a Shadow over the Mobile Software Marketplace] Symantec, Dick O'Brien, 26 February 2014 and offer detection and removal. This category is distinct from genuine malware and is used for software from companies that can, as opposed to criminal underground programmers, threaten with or practice litigation.

In 2013, the Download Valley company iBario was accused by security software vendor Trend Micro, of distributing the Sefnit/Mevade malware through an installer and being related to a Ukrainian company considered immediately responsible for the malware.[http://blog.trendmicro.com/trendlabs-security-intelligence/when-adware-go-bad-the-installbrain-and-sefnit-connection/ When Adware Goes Bad: The InstallBrain and Sefnit connection] Trend Micro, 7 July 2014[http://blog.trendmicro.com/research-ties-sefnitmevade-malware-ukraine-ibario-israel/ Research Ties Sefnit/Mevade Malware To Ukraine/iBario in Israel] Trend Micro, updated 8 August 2014

An unnamed Download Valley executive admitted to the Wall Street Journal that some companies employ teams of up to 15 developers to break through security suites that try to block their software.

• Babylon (software),{{Cite web|url=https://www.bitdefender.com/premium-services/|title=Bitdefender Premium Technical Services|website=Bitdefender}} translation software, toolbars and redirected search engines.
• Conduit (company)/Perion Network, a DIY mobile app platform. Conduit and Perion merged in 2013.{{Cite web|url=https://techcrunch.com/2013/09/16/conduit-worth-1-4bn-acquires-email-startup-perion-worth-153m/|title=Conduit, Worth $1.4BN, Merges With Email Giant Perion (Worth $153M) To Take Its Place On NASDAQ|first=Mike|last=Butcher|date=16 September 2013}}
• Genieo Innovation, user tracking software and adware. The installer used automated clicks to bypass security permission dialogs. Acquired by Somoto Israel Ltd. in 2014.[http://www.globes.co.il/en/article-somoto-acquires-genieo-for-34m-1000958565 Genieo develops artificial intelligence for analyzing Internet users' behavior] Globes, Aviv Levy, 27 July 2014
• iBario, responsible for InstallBrain downloader/installer and accused of having spread the Sefnit/Mevade malware (see above).
• IronSource, being responsible for the InstallCore and MobileCore download managers,{{Cite web|url=https://jewishbusinessnews.com/2014/08/11/israeli-ironsource-raises-85-100-million-from-ten-investors/|title=Israeli IronSource raises $85-100 million from Ten investors|first=Ilan|last=Shavit|date=11 August 2014 }} as well as numerous adware products distributed through them, such as Funmoods{{Cite web|url=https://www.pcrisk.com/removal-guides/6756-remove-funmoods-toolbar|title=Funmoods Toolbar|website=www.pcrisk.com|date=6 July 2021 }} and FoxTab.[https://www.installcore.com/technology/ Installcore Installation technology and list of features]
• Somoto
• SimilarWeb, founded in Tel Aviv in 2007, acquired the popular open-source browser extension Stylish in 2017 and added spyware that collected the browsing history and personal information of its 1.8 million users, resulting in the extension being removed and blocked as a security risk by Google Chrome and Mozilla Firefox.[http://www.alphr.com/security/1009689/stylish-spyware-google-chrome-extension Google and Firefox pull the Stylish browser extension that tracked your every move] - alphr, 9 July 2018[https://nakedsecurity.sophos.com/2018/07/06/chrome-and-firefox-pull-history-stealing-browser-extension/ Chrome and Firefox pull history-stealing browser extension] - Sophos, 5 July 2018
• Superfish,{{Cite web|title = Another blow to Israel's 'Download Valley' as Google bans toolbars|url = http://www.haaretz.com/business/.premium-1.565275|website = Haaretz.com|accessdate = 11 September 2015|last = Hirschauge|first = Orr|date = 25 December 2013|quote = Among the companies in Download Valley most likely to be hurt by the change are the startups Revizer, Superfish, CrossReader and the Client Connect division of the company Conduit ...}} advertising company that ceased operating under this name in 2015 after a controversy about its product as pre-installed on Lenovo laptops, during which the United States Department of Homeland Security advised uninstalling it and its associated Root certificate, because they made computers vulnerable to serious cyberattacks.

• Adware
• Browser hijacking
• Freeware
• Malware
• Silicon Wadi
• Spamming
• Spyware

{{reflist|2}}

Category:Adware

Category:Spyware companies

Category:Software companies of Israel

Category:Online advertising