Login
Login

OpenCandy

{{Short description|Adware module classified as malware}}

{{Use dmy dates|date=March 2020}}

OpenCandy was an adware module and a potentially unwanted program classified as malware by many anti-virus vendors.{{citation

|title=PUP.Optional.OpenCandy

|publisher=Malwarebytes

|url=https://blog.malwarebytes.com/detections/pup-optional-opencandy/

|access-date= 3 February 2018}}{{citation

|title=OpenCandy

|publisher=Sophos

|url=https://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OpenCandy/detailed-analysis.aspx

|access-date= 3 February 2018}}{{citation

|title=ADW_OPENCANDY

|publisher=Trend Micro

|url=https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/adw_opencandy

|access-date= 3 February 2018}}{{citation

|title=Virustotal analyses of OpenCandy

|publisher=Virus Total

|url=https://virustotal.com/en/file/81196839f19269ce807e43c8b9669459dc833d6fd2d510646fc0bebc0e0ef2eb/analysis/#comments

|access-date= 3 February 2018}} They flagged OpenCandy due to its undesirable side-effects.{{citation

|date=16 April 2017

|title=Controversial Advertising Program Now Being Embedded in More Software

|last= Richards

|first= Gizmo

|publisher=Tech Support Alert

|url=https://www.techsupportalert.com/content/controversial-advertising-program-now-being-embedded-more-software.htm

|access-date= 2 February 2018}}[http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ADW_OPENCANDY ADW_OPENCANDY:] Trend Micro page, 30 April 2016 It was designed to run during installation of other desired software. Produced by SweetLabs, it consisted of a Microsoft Windows library incorporated in a Windows Installer. When a user installed an application that had bundled the OpenCandy library, an option appeared to install software it recommended based on a scan of the user's system and geolocation. Both the option and offers it generated were selected by default and would be installed unless the user unchecked them before continuing with the installation.{{citation

|date=11 November 2008

|title=OpenCandy brings ad market to software installs. What?

|last=Needleman

|first=Rafe

|publisher=CNET news

|url=http://www.cnet.com/tech/services-and-software/opencandy-brings-ad-market-to-software-installs-what/

|access-date=2009-08-18}}

OpenCandy's various undesirable side-effects included changing the user's homepage, desktop background or search provider, and inserting unwanted toolbars, plug-ins and extension add-ons in the browser. It also collected and transmitted various information about the user and their Web usage without notification or consent.{{Cite web|date=2016-01-24|title=What is OpenCandy and How to remove it?|url=https://appuals.com/remove-opencandy/|access-date=2022-01-31|website=Appuals.com|language=en-US}} After massive criticism of the software occurred, it was eventually discontinued in August of 2016.

Development

The software was originally developed for the DivX installation, by CEO Darrius Thompson. When installing DivX, the user was prompted to optionally install the Yahoo! Toolbar. DivX received $15.7 million during the first nine months of 2007 from Yahoo and other software developers, after 250 million downloads.{{citation

|title=OpenCandy inserts recommendations when you install software

|date=10 November 2008

|last=Marshall

|first=Matt

|url=https://venturebeat.com/2008/11/10/opencandy-recommends-software-when-youre-installing-stuff/

|access-date = 2009-08-18}}

Chester Ng, the former DivX business development director, is chief business officer and Mark Chweh, former DivX engineering director, is chief technology officer.

Windows components

Components that the program used may have differed but here are some similar names based on versions of the software.

=Files dropped=

  • OCComSDK.dll
  • OCSetupHlp.dll
  • Fusion.dll

=Processes=

=DNS and HTTP queries=

  • tracking.opencandy.com.s3.amazonaws.com
  • media.opencandy.com (website not available)
  • cdn.opencandy.com
  • cdn.putono5.com
  • tracking.opencandy.com
  • api.opencandy.com
  • www.arcadefrontier.com

Software known to have included OpenCandy

{{div col|colwidth=30em}}

  • AC3Filter{{cite web|url=http://www.ac3filter.net/wiki/OpenCandy/|title=OpenCandy|date=7 December 2023 }}{{cite web|url=http://www.ac3filter.net/wiki/Antivirus_notes/|title=Antivirus notes|date=7 December 2023 }}
  • Auslogics Disk Defrag{{cite web|url=https://forum.eset.com/topic/1783-inquiry-about-detection-of-auslogics-defrag-free-edition/|title=Inquiry about detection of Auslogics Defrag Free Edition – ESET NOD32 Antivirus|date=22 January 2014 }}
  • CamStudio (since version 2.7 r316){{cite web|url=http://www.videohelp.com/software/CamStudio/version-history#history|title=Complete Version history / Release notes / Changelog}}
  • CDBurnerXP (depending on version; alternate download without OpenCandy available; confirmed 2017-03-01){{Cite web|url=https://cdburnerxp.se/help/Intro/faq|title = CDBurnerXP: FAQ}}
  • FileZilla (present in 2013){{Cite web|url=https://malwaretips.com/threads/sourceforge-net-adds-adware-installers-provided-by-ask-com.17247/ | title= FileZilla OpenCandy|access-date=2013-07-24}}
  • Format Factory{{cite web|url=http://www.pcfreetime.com/|title=Format Factory – Free media file format converter}}
  • Foxit Reader (6.1.4 – 6.2.1){{cite web|url=http://forums.foxitsoftware.com/forum/portable-document-format-pdf-tools/foxit-reader/18349-does-foxit-reader-free-6-1-4-0217-have-malware|title=Does Foxit Reader free 6.1.4.0217 have malware? |publisher=Foxit Corporation Forums}}
  • FreeFileSync (dropped April 2018){{cite web|url=https://www.freefilesync.org/faq.php|title=FreeFileSync|last=Zenju}}
  • FrostWire{{cite web|url=http://www.frostwire.com/|title=FrostWire: Downloader, BitTorrent Client and Media Player}}
  • GOM Player{{cite web|url=https://www.gomlab.com/|title=GOMlab.com include technical information and download link of GOM Player, GOM Audio, GOM Video Converter and GOM Remote.}}
  • ImgBurn (since version 2.5.8.0, though only on the version of the installer distributed directly from imgburn.com; the version distributed from the official mirror sites is adware-free){{cite web |url=http://www.imgburn.com/index.php?act=changelog |title=The Official ImgBurn Website: Change log |author=LIGHTNING UK! |website=www.imgburn.com |quote=Changed: No longer bundling/offering the Ask.com toolbar in the setup program, OpenCandy now handles product offerings during installation. |date=2013-06-16 |access-date=2017-10-03}}{{cite web |url=http://www.imgburn.com/index.php?act=download |title=The Official ImgBurn Website: Download |author=LIGHTNING UK! |website=www.imgburn.com |date=2013-06-16 |access-date=2017-10-03}}{{cite web |url=http://forum.imgburn.com/index.php?/topic/24395-md5-doesnt-match-any-downloadable-installers/ |title=MD5 doesn't match any downloadable installers – ImgBurn General |website=forum.imgburn.com |date=2016-10-29 |access-date=2017-10-03}}{{cite web |url=http://forum.imgburn.com/index.php?/topic/24265-wrong-hash/ |title=Wrong hash? – ImgBurn Support |website=forum.imgburn.com |date=2016-06-23 |access-date=2017-10-03}}{{cite web |url=http://forum.imgburn.com/index.php?/topic/24503-wrong-hash-2/ |title=Wrong Hash 2 – ImgBurn Support |website=forum.imgburn.com |date=2017-01-31 |access-date=2017-10-03}}{{cite web |url=https://fileforum.betanews.com/detail/ImgBurn/1128426215/1 |title=ImgBurn |website=fileforum.betanews.com |quote=CLEAN INSTALL! No OpenCandy bundled. |date=2013-06-17 |access-date=2017-10-03}}{{cite web |url=http://www.softpedia.com/get/CD-DVD-Tools/Data-CD-DVD-Burning/ImgBurn.shtml |title=ImgBurn Download: Changelog |website=Softpedia |quote=no more 'opencandy' adware! |date=2017-03-31 |access-date=2017-10-03}}{{cite web |url=http://www.free-codecs.com/imgburn_download.htm |title=Codecs.com {{!}} Downloads for ImgBurn 2.5.8 |website=www.free-codecs.com |quote=Download ImgBurn 2.5.8 – without OpenCandy! |date=2016-06-20 |access-date=2017-10-03}}{{cite web |url=http://www.majorgeeks.com/files/details/imgburn.html |title=ImgBurn |website=www.majorgeeks.com |quote=This is a clean, no OpenCandy version. |date=2016-06-23 |access-date=2017-10-03}}{{better source needed|date=February 2022}}
  • mIRC{{cite news |last=gizmo |first=richards |url=http://www.techsupportalert.com/content/controversial-advertising-program-now-being-embedded-more-software.htm |title=Controversial Advertising Program Now Being Embedded in More Software |work=Gizmo's Freeware |date=2014-02-08 |url-status=live |archive-url=https://web.archive.org/web/20140807095841/http://www.techsupportalert.com/content/controversial-advertising-program-now-being-embedded-more-software.htm |archive-date=2014-08-07 |access-date=2014-08-30 |quote=OpenCandy (OC) is a relatively new advertising product that more and more software developers are bundling with their programs. It can now be found in the installers of dozens of popular programs including IZArc, mirC, PrimoPDF, Trillian Astra and more.}}
  • MP3 Rocket{{cite web|url=http://www.herdprotect.com/signer-mp3-support-146c2e323177663b9df87fff1b9c31d8.aspx|title=MP3 Support Analysis – herdProtect}}
  • Orbit Downloader (confirmed 2015-10-24)[http://www.orbitdownloader.com/what-is-opencandy.htm] {{Webarchive|url=https://web.archive.org/web/20160409142939/http://www.orbitdownloader.com/what-is-opencandy.htm |date=9 April 2016 }} On the Help/Facts page
  • PDFCreator[http://forums.pdfforge.org/discussion/comment/19987#Comment_19987 Discussions on pdfforge Forums] {{webarchive|url=https://web.archive.org/web/20160304120454/http://forums.pdfforge.org/discussion/comment/19987 |date=4 March 2016 }}
  • PhotoScape[https://photoscape.en.lo4d.com/virus-malware-tests] PhotoScape – Virus and Malware
  • PrimoPDF
  • Sigil (dropped in version 0.5.0 and later){{cite web|last=Schember|first=John (21 January 2012)|title=Sigil 0.5.0 Released|url=http://sigildev.blogspot.com.au/2012/01/sigil-050-released.html|access-date=2012-03-17|archive-url=https://web.archive.org/web/20160424115403/http://sigildev.blogspot.com.au/2012/01/sigil-050-released.html|archive-date=24 April 2016|url-status=dead}}
  • Trillian (dropped 5 May 2011)
  • μTorrent{{cite web|url=https://forum.utorrent.com/topic/90702-malware-on-install/|title=Malware on Install|date=29 March 2014 }}
  • WinSCP (through August 2012){{Cite web|url=http://winscp.net/eng/docs/opencandy|title=WinSCP – OpenCandy|access-date=2014-04-03|url-status=dead|archive-url=https://web.archive.org/web/20140407065014/http://winscp.net/eng/docs/opencandy|archive-date=7 April 2014}}
  • FL Studio InstallerFound in FL Studio 12.1.2 Installer – By Windows Defender: PUA:Win32/CandyOpen / OCSetupHlp.dll

{{div col end}}

Workarounds

There were workarounds to bypass OpenCandy by running some installers with a /NOCANDY parameter on the command line, which was up to the installer to support or not.{{cite web |title=OpenCandy explained: what you need to know about the technology |url=https://www.ghacks.net/2012/08/06/opencandy-explained-what-you-need-to-know-about-the-technology/ |website=www.ghacks.net |access-date=12 May 2021 |date=2021-08-06}}

References

{{Reflist}}

{{DEFAULTSORT:Opencandy}}

Category:Windows adware

Category:Windows malware

Category:Defunct software companies of the United States