2. Maybe. Or more likely users are mistakenly installing these applications because the offer screen is made to look exactly like the EULA acceptance dialog seen in every other installer.
But we don't expect this to be fixed. Anti-malware vendors have stepped in and are improving their definitions to catch this garbage but it's very much a cat/mouse game. (IM has been detected a few times, btw.) IM is very aware of this "threat" and designed their system around random domain names to mitigate detection issues as they arise. (Think about it -- Does IM, a legitimate company, really need to use fcgoatcalear.us and fcvalcsoi.us domain names? Come on.)
3. No idea where you got this information, given InstallMonetizer bundled software shows no actual EULA. The only EULAs shown during install are ones provided by the package author and the offer advertisers. Can you clarify this point, please?
5. Yeah, I saw the company slip in the "Open-source software is a community product and you may not use our co-bundles with it" line. What a slap in the face of those who use commercially-permissive OSS libraries in their software...
Note that Paul's response said that they "are going to start" uploading hashes.
Also, transmitting MAC addresses and IP addresses in the clear really isn't anything to write home about -- that's how all TCP/IP packets are transmitted over ethernet, after all. The real question is what they do with that data on the server side. If they so desire, they could change that behavior far more easily, and retroactively apply that transform to all the data they've retained.
Not even 'usually', it doesn't exit your LAN at all, once it hits your router, it is stripped and your data is packed with a different MAC address on the WAN (or any other layer 2 identifier depending on your connection), same for each hop after that.
If you use EUI-64 as your interface ID in IPv6, your MAC address is part of your IPv6 address. That said, no modern OS does that anymore, times 1% of IPv6-enabled users, so the closer term is "almost never".