TROUBLED INTERNET PIONEER Yahoo is promoting its own download portal by listing it as the first result when users search for certain software packages. Furthermore, its custom downloader application promotes a browser plug-in that borderlines on adware.
Searching on Google for "download TeamViewer" results in a list of web sites from which the popular remote assistance application can be obtained. The first of these web sites is, understandably, teamviewer.com.
However, searching for the same keywords at Yahoo will present the user with a link to downloads.yahoo.com, the company's software download portal, as the first result.
The same thing happens when searching for other programs too, though not for all. It's not yet clear if Yahoo is doing this on purpose or not, but it certainly looks suspicious and might be considered unethical.
However, even more disturbing is how the programs are distributed by the company. Users will be offered to download a small executable file named, for example, "TeamViewer_Setup.exe", which is not the application's real installer.
Instead, it is a middle-man-type downloader application that pushes Yahoo's toolbar and some other component called "SocialRibbons" onto users.
"The SocialRibbons install is interesting - if you're not familiar with it, it's a browser plugin that inserts their affiliate code into the URLs of merchants' sites you happen shop at, then picks up the the affiliate commission when you make purchases at those sites," explain the security researchers at GFI Software who noticed this behavior.
Socialribbons advertises itself to users by claiming that it donates part of the affiliate commission earned with their help to charities. However, it fails to mention what percentage gets donated and what merchant web sites are involved in the program.
According to GFI researchers, the plug-in also collects basic demographic information and monitors web surfing behavior for advertising purposes without clearly notifying users.
"All in all, there's a fair amount of additional content you're installing via these promoted search links that you wouldn't receive if installing from the sites of the program creators. It would perhaps be worth pointing out to relatives unfamiliar with promoted search engine results that you don't always get the 'official' site as the first clickable link at the top of the pile - especially when the search engine you're using is placing links it has a connection with above the rest," says Christopher Boyd, a senior security researcher at GFI. µ
Now you can watch documentaries about horribly disfigured people whenever you like
Brad to the bone
Being in a minority of one doesn't make you right
WeWork needs a rework