OpenCandy
OpenCandy was an adware module and a potentially unwanted program classified as malware by many anti-virus vendors.[1][2][3][4] They flagged OpenCandy due to its undesirable side-effects.[5][6] It was designed to run during installation of other desired software. Produced by SweetLabs, it consisted of a Microsoft Windows library incorporated in a Windows Installer. When a user installed an application that had bundled the OpenCandy library, an option appeared to install software it recommended based on a scan of the user's system and geolocation. Both the option and offers it generated were selected by default and would be installed unless the user unchecked them before continuing with the installation.[7][8]
OpenCandy's various undesirable side-effects included changing the user's homepage, desktop background or search provider, and inserting unwanted toolbars, plug-ins and extension add-ons in the browser. It also collected and transmitted various information about the user and their Web usage without notification or consent.[1][9] After massive criticism of the software occurred, it was eventually discontinued in August of 2016.
Development
[edit | edit source]The software was originally developed for the DivX installation, by CEO Darrius Thompson. When installing DivX, the user was prompted to optionally install the Yahoo! Toolbar. DivX received $15.7 million during the first nine months of 2007 from Yahoo and other software developers, after 250 million downloads.[8]
Chester Ng, the former DivX business development director, is chief business officer and Mark Chweh, former DivX engineering director, is chief technology officer.[8]
Windows components
[edit | edit source]Components that the program used may have differed but here are some similar names based on versions of the software.
Files dropped
[edit | edit source]- OCComSDK.dll
- OCSetupHlp.dll
- Fusion.dll
Processes
[edit | edit source]- spidentifier.exe
- rundll32.exe
DNS and HTTP queries
[edit | edit source]- tracking.opencandy.com.s3.amazonaws.com
- media.opencandy.com (website not available)
- cdn.opencandy.com
- cdn.putono5.com
- tracking.opencandy.com
- api.opencandy.com
- www.arcadefrontier.com
Software known to have included OpenCandy
[edit | edit source]- AC3Filter[10][11]
- Auslogics Disk Defrag[12]
- CamStudio (since version 2.7 r316)[13]
- CDBurnerXP (depending on version; alternate download without OpenCandy available; confirmed 2017-03-01)[14]
- FileZilla (present in 2013)[15]
- Format Factory[16]
- Foxit Reader (6.1.4 – 6.2.1)[17]
- FreeFileSync (dropped April 2018)[18]
- FrostWire[19]
- GOM Player[20]
- ImgBurn (since version 2.5.8.0, though only on the version of the installer distributed directly from imgburn.com; the version distributed from the official mirror sites is adware-free)[21][22][23][24][25][26][27][28][29][better source needed]
- mIRC[30]
- MP3 Rocket[31]
- Orbit Downloader (confirmed 2015-10-24)[32]
- PDFCreator[33]
- PhotoScape[34]
- PrimoPDF[30]
- Sigil (dropped in version 0.5.0 and later)[35]
- Trillian (dropped 5 May 2011)[30]
- μTorrent[36]
- WinSCP (through August 2012)[37]
- FL Studio Installer[38]
Workarounds
[edit | edit source]There were workarounds to bypass OpenCandy by running some installers with a /NOCANDY parameter on the command line, which was up to the installer to support or not.[39]
References
[edit | edit source]- ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ ADW_OPENCANDY: Trend Micro page, 30 April 2016
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ a b c Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ a b c Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ [1] Archived 9 April 2016 at the Wayback Machine On the Help/Facts page
- ^ Discussions on pdfforge Forums Archived 4 March 2016 at the Wayback Machine
- ^ [2] PhotoScape – Virus and Malware
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Found in FL Studio 12.1.2 Installer – By Windows Defender: PUA:Win32/CandyOpen / OCSetupHlp.dll
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).