A couple of weeks ago, my wife needed to download VLC on her Windows laptop. She searched Google for “download VLC” and used the first link she found.

This “link” was, in fact, an AdWords advertisement for vlcdownload.net. This site provides a version of VLC, but includes Hotbar, which is adware.

It was only noticed because the installer happened to hang at “Installing Hotbar”. I found a posting on VLC’s forums in which someone else mentioned finding this.

The site doesn’t always provide the adware-infected version of VLC. It seems to be based on how you arrive at their site, so people looking for it will think it’s an innocent download site, while unsuspecting users will search Google and get the adware-infected version.

As of today, the site is still advertising on Google.