MoneyTree
Category: Cookie
Risk:
Low Risk
* Low risk threats pose a very low risk or no immediate danger to your computer or your privacy, however these types of applications may profile user online habits, but only according to specific privacy policies stated in the applications End-User License. These types of threats generally borderline on being a threat to being a standard application that has a complex license agreement that you knowingly installed.
Description: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website. MonyeTree is loaded by ActiveX drive-by-download in pages operated by mtree (domains such as mtreexxx.nl), which are often redirected to by pop-up advertisements, 404 pages at porn hosts and misspelled domains. MonyeTree may also install a Browser helper Object (BHO). MonyeTree may also use direct EXE file downloads to distribute the same dialers; this process does not leave an ActiveX control loaded. MoneyTree variants: MoneyTree/NSUpdate: installs nsupdate.dll and NSupd9x.inf in the Downloaded Program Files folder. MoneyTree/NSLite: installs nslite.dll and nslite.inf in the Downloaded Program Files folder. MoneyTree/UniDist: installs UniDist.ocx and UniDist.inf in the Downloaded Program Files folder. MoneyTree/MultiDist: installs MulDist.ocx and MulDist.inf in the Downloaded Program Files folder. MoneyTree/DyFuCA: installs dyfuca.ocx and dyfuca.inf in the Downloaded Program Files folder. This variant typically installs the InternetOptimizer parasite. The DyFuCA variant typically installs the InternetOptimizer threat which is an error page hijacker for Internet Explorer.
Alias: None
Signatures: None Listed
Copyright @2006 THR Computer Solutions: MoneyTree