Earlier this month, after notification by several sources, TRUSTe undertook an investigation of a distributor installing comScore’s RelevantKnowledge on consumer machines through a security exploit. TRUSTe immediately launched an investigation, and with the help of Eric Howes and the team at SunBelt Software, and with the cooperation of comScore, was able to locate the exploit.
The blog post goes on to say that:
The RelevantKnowledge application was observed being installed via a security exploit amongst several other applications. The following describes the series of events observed:
The user visited an unauthorized distribution web site.
A series of hidden frames were loaded containing links to dozens of other websites, including sites containing code designed to test and trigger security exploits on the user’s machine.
by way of these exploits, a cascade of maliciously installed software was downloaded/installed onto the user’s machine without any form of consent. This software included RelevantKnowledge.
Faithful blog readers will recall (opens in new tab) the taped interchange on this subject at the ASC Conference (here, go forward to 32 minutes). Listening to that interchange is elucidating.
Let us ponder the fact that this was through TopInstalls, and hence, a widespread exploit-based install, first observed in April by Ben Edelman and going on for at least two months.
Sunbelt’s Eric Howes is mentioned in TrustE’s blog entry, but Ben Edelman has also been a major contributor (opens in new tab)to the comScore watching.