4 min read

Adware Shifts Focus from Advertising to Data Harvesting

Loredana BOTEZATU

August 02, 2012

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Adware Shifts Focus from Advertising to Data Harvesting

Adware ” the annoying software most people know to irritate them with distracting ads ” is increasingly taken on a more invasive form and often bundled with spyware as creators seek to tap the potential riches of the data harvesting business, according to Bitdefender research.

Just like web advertising boosted the amount of user-generated content in the dot-com era, so has it done with software applications. The integration of advertising and pay-per install programs in freeware applications as a means of monetization has been just like a breath of fresh air for small software developers around the world. However, greed and the desire to get most money with the least of effort have given adware an ugly and dangerous turn. This report is a summary of the most prominent, most dangerous adware components that can impact on the user, their computers or both.

Malicious adware distribution for Q2, 2012:

Gen:Variant.Adware.Solimba is a generic detection that flags potentially unwanted installation of third-party software along with the product the user is trying to install. Representative for Adware.Solimba is an executable file written in C# and acts as a downloader. It tries to fetch executable files from the ad network, depending on campaigns. This adware has potentially malicious behavior, as it collects user-data. Adware.Solimba affects Windows running system ranging from Windows 2000 to Windows 7.

Gen:Variant.Adware.Hotbar has been among the top ranking e-threats in Germany in 2011. Although fairly old, Adware.Hotbar is still significantly active. It can install a browser toolbar to force commercial pop-up messages on PC screens. Adware.Hotbar was also found monitoring users` online activities to create profiles based on search habits and country of origin to redirect searches towards a German virtual store. It has been seen spiking around national holidays as well.

Gen:Variant.Adware.Graftor poses as a legitimate software application. Variant.Graftor is a generic detection for multiple families of mostly Trojans amongst which the notorious Vundo malware family. This Vundo Trojan, for instance, is a persistent family of adware that advertises Rogue Antivirus products, but are also responsible for more complex attacks, including distributed denial of service and even holding the victim’s data at ransom.

Other complex threats were also found to enable adware-type malware installation. Trojan.Sirefef, for example, hijacks the results of web searches to sites with adware. To stay hidden, it deploys a rootkit component, and creates a new thread with its malicious code every time the user opens an application. Sirefef is highly versatile: it`s a multi-component e-threat that allows its masters to launch a wide range of attacks, from installing rogue AV software on the infected PC to generating pay-per-click advertising revenue for its owners.

If in most case adware applications are annoying but harmless, they become dangerous and privacy invasive when someone integrates spying modules in their code. Not all freeware and shareware come bundled with spyware or that all products collecting data from the users use it illegally or for the wrong reasons.

Rogue adware applications rigged with spyware components collect all sorts of information about users, their systems and online habits under the protective umbrella of a EULA or privacy policies agreed upon by users. Few people read the terms and conditions before agreeing.

If read, some of these privacy policies stipulate the terms and conditions under which their authors can create a system profile that may be shared with third parties as long as the identity of the user is not added to that system profile. Dissociating the information from the owners is supposed to give the user the comfort of privacy. Some EULAs also announce that it can be amended without informing the user. Can we really know for sure what will become of our data?

So, collecting and fairly handling this kind of data, including names, e-mail addresses and other private data is way more difficult than simply forcing a commercial pop-up on a user.

Spyware-rigged ads may also be placed into a software installer window with opt-in check boxes for changing the start page (hijacking it), changing the search engine, installing toolbars and the acceptance of the license agreement and/or privacy policy statement to redirect user towards certain products or services.

As a rule adware generates revenue for its authors either by determining the user to buy a certain product via ad placement or by putting together a unique profile of a system through monitoring user`s local and online activities. Locally they look for hardware components or software choices, and online for browsing or online shopping habits. And the latter can evolve into a malicious and intrusive practice.

As spyware, apart from stealing data, the malware eats up system resources such as RAM or bandwidth when it siphons info to its command and control center via the victim`s Internet connection. They may even download other pieces of malware, monitor other locally installed applications, sniff instant messaging or read cookies.

Who would have something to win over this practice? Many – it would be rogue companies, rogue online shops, rogue affiliate marketers and rogue programmers who develop these adware applications to sell them. Developers have their investment returned including development, maintaining and upgrade on the one hand; producers or sellers of the promoted services and goods with lesser advertising fees, on the other. Data harvesters who might choose to sell the collected data to third parties.

How big is this business? Advertising is a highly profitable business. After all, it`s advertising that contributed to the explosive growth of the Internet, and it`s also suitable for software application. Aggressive and unscrupulous advertising builds up more revenue in shorter timeframes. This is why adware takes up a significant part of the worldwide malware top, with Adware.Solimba ranking as the 22nd most prominent threat in the world.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read