Pay to install free software

I was dealing with customer escalations the other day and came across this interesting sample. If you believe the filename install_wrar380.exe it would install WinRar on your system, for some reason I didn’t believe it .

Upon execution, the installer displays a EULA. I have copied and pasted some of the detail below:

“THE COST OF EACH SMS FROM THE USER’S MOBILE PHONE IS TWO POUNDS. UNLESS OTHERWISE SPECIFIED, THE DOWNLOAD COST SHALL BE FOUR SMS.
Please read these USAGE CONDITIONS carefully and, if appropriate, use the download service which shall imply the express and complete acceptance of each and every one of these USAGE CONDITIONS. Otherwise, please close this website.
Netlink Network Corp. offers a PREMIUM high speed download service that is efficient and virus free. In exchange, the user shall first send two SMS under the conditions specified in clause 2.2 that defines the commercial conditions of the service”

These two sections really caught my eye. From what I understood I was going to be charged £8 in the form of 4 SMS text messages so that I can download WinRar. Alarm bells started to ring.

I clicked ‘I agree’ and was prompted for a code. To get this code, I would have to send 2 SMS text messages to 78*** (Number has been blanked out for security reasons) with the text body ‘CD’ and I would be charged £3 for each text message. This was different to what the EULA said, but as it was cheaper I wasn’t going to argue. Also note how the text is almost the same color as the background to make it difficult to see.

As I was interested to find out if it really would install WinRar, I went to my local mobile phone store and bought a mobile phone, put £10 on it and sent a text message to the number. To my surprise, I received a text back saying:

“SMS 1/3. Price per SMS: 3 Pounds. Total cost: 9 Pounds.”

It now cost me £9 instead of £6 to download some free software. This was also more than the £8 the EULA said it would cost me. I received a further 2 text messages and the final one was labelled 2/3 even though it was the 3rd. I guess they don’t have QA. You can see the text messages I received below:

I entered the code and clicked on the ‘Install’ button. The software downloaded WinRar and went on to install it for me.

I found the website which the sample came from and it displayed the following text at the bottom of the page:

“This website does not belong to any member´s program. This program should be used based on rules of intellectual property. You may obtain this program for free from the official homepage. Using or applying cracks, serials or keygens is strictly forbidden. This portal will not be held accountable for inappropriate use of the program. Your query has been sent succesfully. You will receive an answer shortly. Thank you for using our services. Due to technical issues, your query could not be sent. We apologize for the inconvenience”.

So they admit that you can download this software for free from its official homepage. They are clearly trying to trick the unsuspecting user to pay for free software.

I thought perhaps they have done this with other free software, I did some investigating and found several other websites which are registered to the same company and they offer several other pieces of free software for the small price of £6 or £9 as I found out.

I found installers for Messenger Plus! Live, WinZip, WinAce, 7Zip and several others. All of these can be downloaded for free from their official sites.

The websites are aimed at English, French and Spanish users. Luckily for our European friends, they can pay for the free software in Euro’s.

While navigating these sites, two different company names kept popping up. Netlink Network Corp and Soletto Group, S.A., I did some quick searching but couldn’t find any details on these companies.

Some of the domains had been registered as recently as late last month, so I believe we are likely to see more pop up.

I pulled all the executables I could find on the websites and added detection as SMSFraud.

Please be on the lookout for these in the future as you don’t want to pay for something which is already free.

Tags: freeware, mobile phone, mobiles, scam, sms, SMSFraud, text message