Download Valley

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Download Valley is a cluster of software companies in Israel, producing and delivering adware to be installed alongside downloads of other software.[1] The primary purpose is to monetize shareware and downloads. These software items are commonly browser toolbars, adware, browser hijackers, spyware, and malware. Another group of products are download managers, possibly designed to induce or trick the user to install adware, when downloading a piece of desired software or mobile app from a certain source.

The term does not refer to an actual geographical region or valley, but is a pun based on Silicon Valley, and the common practice of using downloads to deliver bundled software to users. Many of the companies are located in Tel Aviv and the surrounding region. It has been used by Israeli media,[2] as well as in other reports related to IT business.[3]

Download managers from Download Valley companies have been used by major download portals and software hosts, including[4] by CNET, and SourceForge.


The smaller adware companies SweetPacks and SmileBox were purchased by the larger company Perion Networks for $41 million and $32 million. iBario claimed to be worth $100 million[5] in early 2014. Conduit was valued at $1.4 billion by JP Morgan in 2012.[6]

Revenues are frequently near $100 million to several $100 million for large companies (Perion: $87 million in 2013,[7] Conduit: claimed $500 million in 2012[6]), with much lower operating and net income (Perion: $3.88 million operating, $310.000 net income in 2013).

All these numbers are highly volatile, since technical and legal preconditions quickly change profit opportunities. In 2013 and 2014, changes in web browsers to prevent unwanted toolbar installs and a new policy by Microsoft towards advertising[8] lead to the expectation that the main profit methods of the companies would soon work no longer. The Perion stock lost roughly two thirds of its value during 2014, from over $13.25 in January to $4.53 on December 29.[9]


Many of the products may be designed in a way to install while not being solicited by the user who downloads the desired product, and to create revenue from software usually distributed as free. For this, they may use invasive and harmful techniques.

To achieve installs, such installers may:[10][11]

  • not show information on potentially harmful actions, or hide it in fine print and EULAs, where they are overlooked by most users expecting only their desired program.
  • use deceptive menus, suggesting the adware to be the main program or part of it, or pretending to show the main program's EULA, to obtain an "accept" click to install unwanted software.
  • request rights for full system access, suggesting to be necessary for the main program's installation.
  • install unwanted software without asking or although the user rejected an install.[12]
  • use hacks[13] and exploits[14] for unauthorized access to confidential data and system modifications.

Installed adware frequently attempts to hide its identity, prevent disabling, removal or restoring of previous settings, spy on the user's system and browsing habits, download and install further, unwanted software or open backdoors for possibly malicious attacks.

Many security software vendors list these products in the category of potentially unwanted programs[15][16] (PUP, also PUS or PUA[17]) or grayware[18] and offer detection and removal. This category is distinct from genuine malware and used for software from companies who can, as opposed to criminal underground programmers, threaten with or practice litigation.

In 2013, the Download Valley company iBario was accused, by security software vendor Trend Micro, of distributing the Sefnit/Mevade malware through an installer and being related to a Ukrainian company considered immediately responsible for the malware.[19][20]

Security software circumvention[edit]

An unnamed Download Valley executive admitted to the Wall Street Journal[8] that some companies employ teams of up to 15 developers to break through security suites that try to block their software.

Companies linked to the term[edit]

  • Babylon (software), translation software, toolbars and redirected search engines.
  • Conduit (company), a DIY mobile app platform.
  • Genieo Innovation, user tracking software and adware. Installer used automated clicks by to bypass security permission dialogs.[13] Acquired by Somoto Israel Ltd. in 2014.[21]
  • iBario,[5] responsible for InstallBrain downloader/installer and accused of having spread the Sefnit/Mevade malware (see above).
  • IronSource, being responsible for the InstallCore and MobileCore download managers, as well as numerous adware products distributed through them, such as Funmoods and FoxTab.
  • Perion Network, engagement/monetization for web and mobile based digital businesses.
  • Somoto
  • Superfish,[22] advertising company that ceased operating under this name in 2015 after a controversy about its product as pre-installed on Lenovo laptops, during which the United States Department of Homeland Security advised uninstalling it and its associated Root certificate, because they made computers vulnerable to serious cyberattacks.

See also[edit]


  1. ^ Hate Pop-Up Ads? Microsoft Tries Drawing Line in the Sand - Wall Street Journal, 4 June 2014
  2. ^ Game over in Download Valley? Haaretz, Inbal Orpaz, Orr Hirschauge, August 22, 2013
  3. ^ Conduit Diversifies Away From 'Download Valley' Wall Street Journal, Orr Hirschauge, updated May 15, 2014
  4. ^ 3. IronSource, Downloads Ltd Calcalist, Assaf Gilad. April 15, 2013
  5. ^ a b Meet iBario, Israel's $100 million Internet empire Times of Israel, David Shamah, May 19, 2014
  6. ^ a b Conduit, Israel’s First Billion Dollar Internet Company Pandodaily, Mick Weinstein, April 9, 2012
  7. ^ Perion Network Perion Network on Wikipedia
  8. ^ a b Hate Pop-Up Ads? Microsoft tries drawing line in the sand Wall Street Journal, Orr Hirschauge, June 4, 2014
  9. ^ Perion stock, chart page
  10. ^ Download Wrappers and Unwanted Software are pure evil Scott Hanselman, February 12, 2014
  11. ^ Caught Adding Malware to Nmap & Other Software
  12. ^ CNET Joins the Dark Side, its Attempts to Fill Your Computer With Crapware Groovypost, Austin Ruthruff, July 21, 2013
  13. ^ a b Genieo installer tricks keychain Malwarebytes unpacked, Thomas Reed, August 31, 2015
  14. ^ DYLD_PRINT_TO_FILE exploit found in the wild Malwarebytes unpacked, Thomas Reed, August 3, 2015
  15. ^ Potentially Unwanted Program borrows tricks from malware authors, Malwarebytes unpacked (blog), Jérôme Segura, December 31, 2014
  16. ^ Potentially Unwanted Programs, Spyware and Adware McAfee Whitepater, October 2005
  17. ^ What is a potentially unwanted application? ESET Home Support, September 2014
  18. ^ Grayware: Casting a Shadow over the Mobile Software Marketplace Symantec, Dick O'Brien, February 26, 2014
  19. ^ When Adware Goes Bad: The InstallBrain and Sefnit connection Trend Micro, July 7, 2014
  20. ^ Research Ties Sefnit/Mevade Malware To Ukraine/iBario in Israel Trend Micro, updated August 8, 2014
  21. ^ Genieo develops artificial intelligence for analyzing Internet users' behavior Globes, Aviv Levy, 27 July 2014
  22. ^ Hirschauge, Orr (December 25, 2013). "Another blow to Israel's 'Download Valley' as Google bans toolbars". Retrieved 2015-09-11. Among the companies in Download Valley most likely to be hurt by the change are the startups Revizer, Superfish, CrossReader and the Client Connect division of the company Conduit ...