Computer work
Cisco Talos researchers have accused French software firm Tuto4PC of distributing malware.iStock

Security researchers at Cisco Talos have claimed a malicious piece of software, one that can be used to harvest personal details, is currently installed on roughly 12 million computers across the globe.

In an in-depth analysis report, the researchers accuse a French firm called Tuto4PC of developing the software in question – names 'OneSoftPerDay' – claiming it is capable of filling machines with adware, spyware and even coming with a form of 'backdoor' access that could potentially allow remote access to infected computers.

According to the Tuto4PC website, the firm offers tutorials that users can download for free in exchange for installing a piece of ad-displaying software – however Talos is now warning this comes pre-loaded with a dangerous cocktail of malicious files. Test samples found infections in the United States, Australia, Japan, Spain, the UK, France and New Zealand, Talos said.

Once the programme is downloaded the research found that the software behaves like malware and installs a stealthy Trojan virus called 'Wizz' – which comes in many varieties, all of which are problematic in some way.

These files are able to harvest information and even takes measures to avoid detection from anti-virus software or security scanning tools, according to the Talos team.

"Through successfully infecting our machine with the initial "OneSoftPerDay" we then fell victim to the "WizzByPass" backdoor module which then downloads additional adware on our machine - all without any user interaction," the researchers reveal in a blog post. "Based on the overall research, we feel that there is an obvious case for this software to be classified as a backdoor. At minimum it is a potentially unwanted program (PUP). There is a very good argument that it meets and exceeds the definition of a backdoor."

Based on Talos' investigations, Tuto4PC's download network consisted of nearly 12 million PCs in 2014. "There are no confirmed numbers available but we believe this number could have increased," Talos noted.

In any case, this is not the first time Tuto4PC has been reprimanded for suspected internet malpractice. It was previously slammed by French regulators for installing unwanted software on PCs back in 2012.

A legal response

In response to the Talos blog post, Tuto4PC chief executive, Franck Rosset, strongly denied claims his firm is distributing software for malicious reasons. In a statement issued to SecurityWeek, he said: "The Talos blogpost is inaccurate in describing Tuto4PC as a shady malware distribution enterprise. We are currently working with our lawyers in order to evaluate the action we can take against Talos' inexact (negative) presentation of our business.

"Due to some undue blocking by antiviruses that recently blocked Tuto4PC adware (some of them have also an adware business model), we are using a bypass technology so that people can easily download our programs and adware. Although the bypass software is extremely efficient, it has no other purpose or use than helping the Tuto4PC adware download.

"There is no malware activity and Talos cannot prove or show any malware use of the program — with more than 10 million installed, if there was to be any malware activity, obviously there should be some user complaints."