EMule is a very popular P2P exchange program, it is not strange that some take advantage of it to infect or benefit in some way. I am not referring to malware that can spread from computer to computer, but to sites that take advantage of the brand of the program.
An example of this is www. emulate .orgThis fake site copies the design of the original page and even in the title they dare to put that they are the official site:
The official site is www.emule-project.net Fraudulent site copying the original design
All links of the false page are the same and include an onclick element to offer different downloads, if accessed from Windows a 229 KB modified installer (VT 31/44), an apparently unmodified old version is downloaded from other operating systems:
Download in Windows XP
This modified installer belongs to Pinball Corporation, a well-known facility payments affiliate located in the blacklist many antivirus for distributing software with adware and spyware. In the blog I have already mentioned it in a post about fake Firefox and Ares downloads:
Once it runs, they are first downloaded and installed extra applications like unwanted bars for the browser and then the eMule:
Unwanted downloads during installation
On the net there are many pages of this type that take advantage of the reputation of the most popular programs, in some cases they install extra software and in others they request some kind of activation to obtain money. A few days ago he also commented on the VLC case and the complaint that one of the developers published on his blog, due to the large number of fraudulent sites that deceive users with false downloads.
This particular one is striking for the copy of the design that clearly seeks to confuse visitors who want to download the program, the official site is www.emule-project.net.
Thanks Gregory for sending it.
Malware that installs eMule to spread.