Our good friends at Broomfield, Colo., security firm eSoft have found an interesting scam to trick Internet users into installing the Hotbar adware: a fake Firefox download site.
The eSoft researchers are theorizing that an affiliate of Pinball Publisher Network (PPB). is responsible. Pinball bought the Zango assets after that pestilent operation failed last spring.
However Sunbelt Software Spyware Research Manager Eric Howes did some more digging and found that PPN offers the download file on a site they own so affiliates can send customers victims there for downloads.
The PPN home page notes that PPN is itself distributing the custom Firefox installer that PPN put together and digitally signed from this web site:
The PPN setup wizard says that the distribution of Firefox is “sponsored” by Hotbar. We’re wondering what that means. In reality, they’re taking a distribution of Firefox and infecting it with adware.
eSoft blog piece here.
The real site to download a legitimate copy of the Firefox browser is here:
http://www.mozilla.com/en-US/firefox/
PPN made and signed the installer that both PPN directly and their affiliates indirectly are distributing. That’s why PPN is responsible for what’s going on at the affiliate site that eSoft found — the affiliates are only promoting a download created and hosted by PPN itself. PPN itself is running a web page that promotes the same bundleware install that the affiliate site is offering.