Download Valley


Download Valley is a cluster of software companies in Israel, producing and delivering adware to be installed alongside downloads of other software. The primary purpose is to monetize shareware and downloads. These software items are commonly browser toolbars, adware, browser hijackers, spyware, and malware. Another group of products are download managers, possibly designed to induce or trick the user to install adware, when downloading a piece of desired software or mobile app from a certain source.
Although the term references Silicon Valley, it does not refer to a specific valley or any geographical area. Many of the companies are located in Tel Aviv and the surrounding region. It has been used by Israeli media as well as in other reports related to IT business.
Download managers from Download Valley companies have been used by major download portals and software hosts, including Download.com by CNET, Softonic.com and SourceForge.

Economy

The smaller adware companies SweetPacks and SmileBox were purchased by the larger company Perion Networks for $41 million and $32 million. iBario claimed to be worth $100 million in early 2014. Conduit was valued at $1.4 billion by JP Morgan in 2012.
Revenues are frequently near $100 million to several $100 million for large companies, with much lower operating and net income.
All these numbers are highly volatile since technical and legal preconditions quickly change profit opportunities. In 2013 and 2014, changes in web browsers to prevent unwanted toolbar installs and a new policy by Microsoft towards advertising lead to the expectation that the main profit methods of the companies would soon work no longer. The Perion stock lost roughly two-thirds of its value during 2014, from over $13.25 in January to $4.53 on 29 December.

Adware

Many of the products may be designed in a way to install while not being solicited by the user who downloads the desired product, and to create revenue from software usually distributed as free. For this, they may use invasive and harmful techniques.
To achieve installs, such installers may:
  • not show information on potentially harmful actions, or hide it in fine print and EULAs, where they are overlooked by most users expecting only their desired program.
  • use deceptive menus, suggesting the adware to be the main program or part of it, or pretending to show the main program's EULA, to obtain an "accept" click to install unwanted software.
  • request rights for full system access, suggesting to be necessary for the main program's installation.
  • install unwanted software without asking or although the user rejected an install.
  • use hacks and exploits for unauthorized access to confidential data and system modifications.
Installed adware frequently attempts to hide its identity, prevent disabling, removing, or restoring previous settings, spy on the user's system and browsing habits, download and install further unwanted software, or open backdoors for possibly malicious attacks.
Many security software vendors list these products in the category of potentially unwanted programs or grayware and offer detection and removal. This category is distinct from genuine malware and is used for software from companies that can, as opposed to criminal underground programmers, threaten with or practice litigation.
In 2013, the Download Valley company iBario was accused by security software vendor Trend Micro, of distributing the Sefnit/Mevade malware through an installer and being related to a Ukrainian company considered immediately responsible for the malware.

Security software circumvention

An unnamed Download Valley executive admitted to the Wall Street Journal that some companies employ teams of up to 15 developers to break through security suites that try to block their software.

Companies linked to the term