Download Valley is a cluster of software companies in Israel, producing and delivering adware to be installed alongside downloads of other software. [1] The primary purpose is to monetize shareware and downloads. These software items are commonly browser toolbars, adware, browser hijackers, spyware, and malware. Another group of products are download managers, possibly designed to induce or trick the user to install adware, when downloading a piece of desired software or mobile app from a certain source.
Although the term references Silicon Valley, it does not refer to a specific valley or any geographical area. Many of the companies are located in Tel Aviv and the surrounding region. It has been used by Israeli media [2] as well as in other reports related to IT business. [3]
Download managers from Download Valley companies have been used by major download portals and software hosts, including Download.com [4] by CNET, Softonic.com and SourceForge.
The smaller adware companies SweetPacks and SmileBox were purchased by the larger company Perion Networks for $41 million and $32 million. iBario claimed to be worth $100 million [5] in early 2014. Conduit was valued at $1.4 billion by JP Morgan in 2012. [6]
Revenues are frequently near $100 million to several $100 million for large companies (Perion: $87 million in 2013, Conduit: claimed $500 million in 2012 [6] ), with much lower operating and net income (Perion: $3.88 million operating, $310.000 net income in 2013).
All these numbers are highly volatile since technical and legal preconditions quickly change profit opportunities. In 2013 and 2014, changes in web browsers to prevent unwanted toolbar installs and a new policy by Microsoft towards advertising [7] lead to the expectation that the main profit methods of the companies would soon work no longer. The Perion stock lost roughly two-thirds of its value during 2014, from over $13.25 in January to $4.53 on 29 December. [8]
Many of the products may be designed in a way to install while not being solicited by the user who downloads the desired product, and to create revenue from software usually distributed as free. For this, they may use invasive and harmful techniques.
To achieve installs, such installers may: [9] [10]
Installed adware frequently attempts to hide its identity, prevent disabling, removing, or restoring previous settings, spy on the user's system and browsing habits, download and install further unwanted software, or open backdoors for possibly malicious attacks.
Many security software vendors list these products in the category of potentially unwanted programs [14] [15] (PUP, also PUS or PUA [16] ) or grayware [17] and offer detection and removal. This category is distinct from genuine malware and is used for software from companies that can, as opposed to criminal underground programmers, threaten with or practice litigation.
In 2013, the Download Valley company iBario was accused by security software vendor Trend Micro, of distributing the Sefnit/Mevade malware through an installer and being related to a Ukrainian company considered immediately responsible for the malware. [18] [19]
An unnamed Download Valley executive admitted to the Wall Street Journal [7] that some companies employ teams of up to 15 developers to break through security suites that try to block their software.
Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process. The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if the user clicks on the advertisement. Some advertisements also act as spyware, collecting and reporting data about the user, to be sold or used for targeted advertising or user profiling. The software may implement advertisements in a variety of ways, including a static box display, a banner display, a full screen, a video, a pop-up ad or in some other form. All forms of advertising carry health, ethical, privacy and security risks for users.
A Browser Helper Object (BHO) is a DLL module designed as a plugin for the Microsoft Internet Explorer web browser to provide added functionality. BHOs were introduced in October 1997 with the release of version 4 of Internet Explorer. Most BHOs are loaded once by each new instance of Internet Explorer. However, in the case of Windows Explorer, a new instance is launched for each window.
SpywareBlaster is an antispyware and antiadware program for Microsoft Windows designed to block the installation of ActiveX malware.
PDFCreator is an application for converting documents into Portable Document Format (PDF) format on Microsoft Windows operating systems. It works by creating a virtual printer that prints to PDF files, and thereby allows practically any application to create PDF files by choosing to print from within the application and then printing to the PDFCreator printer.
Browser hijacking is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own. These are generally used to force hits to a particular website, increasing its advertising revenue.
Zango,, formerly ePIPO, 180solutions and Hotbar, was a software company that provided users access to its partners' videos, games, tools and utilities in exchange for viewing targeted advertising placed on their computers. Zango software is listed as adware by Symantec, and is also labeled as a potentially unwanted program by McAfee. Zango was co-founded by two brothers: Keith Smith, who served as the CEO; and Ken Smith, who served as the CTO.
Google Pack was a collection of software tools offered by Google to download in a single archive. It was announced at the 2006 Consumer Electronics Show, on January 6. Google Pack was only available for Windows XP, Windows Vista, and Windows 7.
Christopher Boyd, also known by his online pseudonym Paperghost, is a computer security researcher.
Adaware, formerly known as Lavasoft, is a software development company that produces spyware and malware detection software, including Adaware. It operates as a subsidiary of Avanquest, a division of Claranova.
Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.
A browser toolbar is a toolbar that resides within a browser's window. All major web browsers provide support to browser toolbar development as a way to extend the browser's GUI and functionality. Browser toolbars are considered to be a particular kind of browser extensions that present a toolbar. Browser toolbars are specific to each browser, which means that a toolbar working on a browser does not work on another one. All browser toolbars must be installed in the corresponding browser before they can be used and require updates when new versions are released.
Babylon is a computer dictionary and translation program developed by the Israeli company Babylon Software Ltd. based in the city of Or Yehuda. The company was established in 1997 by the Israeli entrepreneur Amnon Ovadia. Its IPO took place ten years later. It is considered a part of Israel's Download Valley, a cluster of software companies monetizing "free" software downloads through adware. Babylon includes in-house proprietary dictionaries, as well as community-created dictionaries and glossaries. It is a tool used for translation and conversion of currencies, measurements and time, and for obtaining other contextual information. The program also uses a text-to-speech agent, so users hear the proper pronunciation of words and text. Babylon has developed 36 English-based proprietary dictionaries in 21 languages. In 2008–2009, Babylon reported earnings of 50 million NIS through its collaboration with Google.
Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.
Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted program, adware, privacy-invasive software, grayware, or malware. They are best known for Genieo, an application of this type. They also own and operate InstallMac which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto, another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user". This sector of the Israeli software industry is frequently referred to as Download Valley.
The Conduit toolbar was an online platform that allowed web publishers to create custom toolbars, web apps, and mobile apps at no cost. It was developed by Conduit Inc. but demerged to Perion Network. Conduit had approximately 260,000 registered publishers who have collectively created content downloaded by more than 250 million end users. Web apps and pieces of content developed through Conduit's platform can be distributed and exchanged online via the Conduit App Marketplace. As of 2010, 60 million users consumed apps from the marketplace on a daily basis.
Mindspark Interactive Network, Inc. was an operating business unit of IAC known for the development and marketing of entertainment and personal computing software, as well as mobile application development. Mindspark's mobile division acquired iOS application developer Apalon in 2014, which was known for popular entertainment applications such as Weather Live, Emoji Keypad, and Calculator Pro.
Superfish was an advertising company that developed various advertising-supported software products based on a visual search engine. The company was based in Palo Alto, California. It was founded in Israel in 2006 and has been regarded as part of the country's "Download Valley" cluster of adware companies. Superfish's software is malware and adware. The software was bundled with various applications as early as 2010, and Lenovo began to bundle the software with some of its computers in September 2014. On February 20, 2015, the United States Department of Homeland Security advised uninstalling it and its associated root certificate, because they make computers vulnerable to serious cyberattacks, including interception of passwords and sensitive data being transmitted through browsers.
Conduit Ltd. is an international software company. From its founding in 2005 to 2013, its most well-known product was the Conduit toolbar, which was widely-described as malware. In 2013, it spun off its toolbar business; today, its main product is a mobile development platform that allows users to create native and web mobile applications for smartphones.
A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by security and parental control products. Such software may use an implementation that can compromise privacy or weaken the computer's security. Companies often bundle a wanted program download with a wrapper application and may offer to install an unwanted application, and in some cases without providing a clear opt-out method. Antivirus companies define the software bundled as potentially unwanted programs which can include software that displays intrusive advertising (adware), or tracks the user's Internet usage to sell information to advertisers (spyware), injects its own advertising into web pages that a user looks at, or uses premium SMS services to rack up charges for the user. A growing number of open-source software projects have expressed dismay at third-party websites wrapping their downloads with unwanted bundles, without the project's knowledge or consent. Nearly every third-party free download site bundles their downloads with potentially unwanted software. The practice is widely considered unethical because it violates the security interests of users without their informed consent. Some unwanted software bundles install a root certificate on a user's device, which allows hackers to intercept private data such as banking details, without a browser giving security warnings. The United States Department of Homeland Security has advised removing an insecure root certificate, because they make computers vulnerable to serious cyberattacks. Software developers and security experts recommend that people always download the latest version from the official project website, or a trusted package manager or app store.
WiperSoft is an anti-spyware program developed by Wiper Software. It is designed to help users protect their computers from such threats as adware, browser hijackers, worms, potentially unwanted programs (PUPs), trojans, and viruses. Currently available only for Microsoft Windows.
Among the companies in Download Valley most likely to be hurt by the change are the startups Revizer, Superfish, CrossReader and the Client Connect division of the company Conduit ...