Monday, 02 May 2016 11:17

Tuto4PCs might be pushing backdoor access with their software

Written by

Reading time is around minutes.

Three years ago today DecryptedTech published an article calling out a software distribution company for installing Bitcoin mining software on subscribers’ systems. We highlighted the danger of the trust people put in web services by allowing agent software to run on their systems in order to use a service. Now we hear about a French company Tuto4PC that has taken this one step further and included some nasty little surprises in a utility they require for use of their free tutorial service. The discovery was made by Cisco’s Talos Security Intelligence group and, of course, is being refuted aggressively by the guys at Tuto4PC.

The story goes something like this Tuto4PC is a company that claims to provide tutorials for free as long as people agree to install a small adware component. Not all that big of a deal on the surface and one that is fairly common with freeware. Where things differ is that the utility is much more pervasive than a simple browser toolbar. It has some very uncommon methods of updating and installing software in the background without user interaction. The software has a remote component, gathers information about the user and the system it is on and also has a built in anti-malware bypass function to make sure that is can keep running. Even without the other massive red flags, this last part is certainly not a normal method of operation and in some cases can violate certain regulations.

Talos feels that this level of interaction and obfuscation puts the software firmly malware category and they are even listing it as having full backdoor functionality. This is a classification that we would certainly agree with from what we are seeing. There is no reason for an ad component to need to allow for remote installations, by-passing anti-malware, or to collect system/personal data. The software is currently installed on 12 million PCs around the globe which is a pretty big install base and we suspect one that might have already been compromised.

Tuo4PC is outraged by this classification and has stated that they are looking at legal options right now. In a statement made to SecurityWeek Tuto4PC Group CEO Franck Rosset stated: “We are currently working with our lawyers in order to evaluate the action we can take against Talos’ inexact (negative) presentation of our business.” This is a great way to deal with an issue being found in your software and is sure to get you results (sarcasm). Right now Tuto4PC looks like a kid caught in the act and trying to turn the tables around. Their other claim that if their software was used to install Malware someone would have said something is also very thin considering the fact that they built in a tool to get around anti-malware application. Their excuse for having that is laughable as well. They claim it is just to help users install their software as they have seen anti-malware applications blocking it… Sounds to me like the anti-malware applications got something right (for once).

We are sure that this incident will continue to cause outrage at Tuto4PC, but the attempt to try any legal action against Talos is laughable. Tuto4PC should just own up to the issue and correct it by removing the offending (and potentially illegal) applications from their ad component. Sadly, that is not what is going to happen. As always be careful what you agree to when grabbing that free software or video.

Read 5621 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.