OpenCandy was an
adware
Adware, often called advertising-supported software by its developers, is software that generates revenue by automatically displaying Online advertising, online advertisements in the user interface or on a screen presented during the installatio ...
module and a
potentially unwanted program
A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by security and parental control products. Such software ma ...
classified as
malware
Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
by many anti-virus vendors.
They flagged OpenCandy due to its undesirable side-effects.
It was designed to run during installation of other desired
software
Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications.
The history of software is closely tied to the development of digital comput ...
. Produced by
SweetLabs, it consisted of a
Microsoft Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
library
A library is a collection of Book, books, and possibly other Document, materials and Media (communication), media, that is accessible for use by its members and members of allied institutions. Libraries provide physical (hard copies) or electron ...
incorporated in a
Windows Installer
Windows Installer (msiexec.exe, previously known as Microsoft Installer, List of Microsoft codenames, codename Darwin) is a software component and application programming interface (API) of Microsoft Windows used for the Installation (computer ...
. When a user installed an application that had
bundled the OpenCandy library, an option appeared to install software it recommended based on a scan of the user's system and
geolocation
Geopositioning is the process of determining or estimating the geographic position of an object or a person.
Geopositioning yields a set of Geographic coordinate system, geographic coordinates (such as latitude and longitude) in a given map datum ...
. Both the option and offers it generated were selected by default and would be installed unless the user unchecked them before continuing with the installation.
[
OpenCandy's various undesirable side-effects included changing the user's homepage, desktop background or search provider, and inserting unwanted toolbars, plug-ins and extension add-ons in the browser. It also collected and transmitted various information about the user and their Web usage without notification or consent.]
Development
The software was originally developed for the DivX
DIVX (Digital Video Express) is a discontinued digital video format. Created in part by Circuit City, it was an unsuccessful attempt to create an alternative to video rental in the United States. The format's poor reception from consumers resu ...
installation, by CEO Darrius Thompson. When installing DivX, the user was prompted to optionally install the Yahoo! Toolbar
Yahoo! Toolbar is a browser plugin. It is available for Internet Explorer, Firefox and Google Chrome browsers.
Yahoo! Toolbar has been around for more than 10 years and has evolved since its inception.
Originally aimed at being a bookmark and pop ...
. DivX received $15.7 million during the first nine months of 2007 from Yahoo and other software developers, after 250 million downloads.[
]
Windows components
Components that the program used may have differed but here are some similar names based on versions of the software.
Files dropped
*OCComSDK.dll
*OCSetupHlp.dll
*Fusion.dll
Processes
*spidentifier.exe
* rundll32.exe
DNS and HTTP queries
*tracking.opencandy.com.s3.amazonaws.com
*media.opencandy.com (website not available)
*cdn.opencandy.com
*cdn.putono5.com
*tracking.opencandy.com
*api.opencandy.com
*www.arcadefrontier.com
Software known to have included OpenCandy
* AC3Filter
* Auslogics Disk Defrag
* CamStudio
CamStudio is an open-source screencasting program for Microsoft Windows released as free software. The software renders videos in an Audio Video Interleave, AVI format. It can also convert these AVIs into Flash Video format, embedded in SWF f ...
(since version 2.7 r316)
* CDBurnerXP (depending on version; alternate download without OpenCandy available; confirmed 2017-03-01)
* FileZilla
FileZilla is a free and open-source, cross-platform FTP application, consisting of FileZilla Client and FileZilla Server. Clients are available for Windows, Linux, and macOS. Both server and client support FTP and FTPS (FTP over SSL/TLS), whil ...
(present in 2013)Format Factory
__NOTOC__
FormatFactory is an Adware, ad-supported freeware multimedia converter that can convert video, audio, and picture files. It is also capable of ripping DVDs and CDs to other file formats, as well as creating .iso images. It can also joi ...
* Foxit Reader
Foxit PDF Reader (formerly Foxit Reader) is a multilingual freemium PDF (Portable Document Format) tool that can create, view, edit, digitally sign, and print PDF files. Foxit Reader is developed by Fuzhou, China-based Foxit Software. Early ve ...
(6.1.4 – 6.2.1)
* FreeFileSync
FreeFileSync is a program used for file synchronization. It is available on Windows, Linux and macOS. The project is backed by donations. Donors get access to a Donation Edition that contains a few additional features such as an auto-updater, par ...
(dropped April 2018)
* FrostWire
* GOM Player
GOM Player is a media player for Microsoft Windows, developed by GOM & Company. With more than 100 million downloads, it is also known as the most used player in South Korea. Its main features include the ability to play some broken media files ...
* ImgBurn (since version 2.5.8.0, though only on the version of the installer distributed directly from imgburn.com; the version distributed from the official mirror sites is adware-free)
* mIRC
mIRC is an Internet Relay Chat (IRC) client for Windows with an integrated scripting language allowing the creation of extensions. The software was first released in 1995 and has since been described as "one of the most popular IRC clients avai ...
Sigil
A sigil () is a type of symbol used in magic. The term usually refers to a pictorial signature of a spirit (such as an angel, demon, or deity). In modern usage, especially in the context of chaos magic, a sigil refers to a symbolic represen ...
(dropped in version 0.5.0 and later)
* Trillian (dropped 5 May 2011)μTorrent
μTorrent, or uTorrent (see pronunciation), is a proprietary adware BitTorrent client owned and developed by Rainberry, Inc. The " μ" (Greek letter " mu") in its name comes from the SI prefix "micro-", referring to the program's small memo ...
* WinSCP
WinSCP (''Windows Secure Copy'') is a file manager, SSH File Transfer Protocol (SFTP), File Transfer Protocol (FTP), WebDAV, Amazon S3, and secure copy protocol (SCP) client for Microsoft Windows. The WinSCP project has released its source code ...
(through August 2012)
Workarounds
There were workarounds to bypass OpenCandy by running some installers with a /NOCANDY parameter on the command line
A command-line interface (CLI) is a means of interacting with software via command (computing), commands each formatted as a line of text. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user ...
, which was up to the installer to support or not.
References
{{DEFAULTSORT:Opencandy
Windows adware
Windows malware
Defunct software companies of the United States