Just as unsolicited email has been given the name of SPAM, unsolicited applications, especially those that present advertising, pop-ups or even redirects to web sites you do not want, adware is unfortunately alive and well. In fact, it is so alive that it was named the number-one threat for the first quarter of 2008. How is that possible? With all the anti-virus, anti-spyware and pop-up blockers, how does this stuff get on your computer? In many cases you put it there. “What? I am infecting my own machine?” you say. Yes, adware is being installed in many cases due to the choices you make with your computer. How is that possible? In the course of this article I will explain.

What is Adware?
As I discussed in many past articles in the newsletter, adware is a word coined to categorize software that either has only the intention of displaying advertisements on your system, in some cases for products and services that would violate your companies Internet use policies or even laws for a “safe” workplace. Adware or advertising software is software specifically designed to delivery advertisements for trips, insurance, videos, even prescription drugs. In some cases they deliver just the advertisement, annoying, but innocuous. In other cases, they can contain a payload that allows your system to be infected with malware, or malicious software that is designed to damage or disrupt a system, such as a virus or a Trojan horse.

Adware causes Malware Infections?
Yep! Adware was the worst offender for causing malware infections in the first quarter of 2008 according to Panda Software’s PandaLabs. Their report indicates that Adware was the cause of 28.58 percent of all computer infections, which makes it number one with a bullet on the list of leading infection agents for the first quarter of 2008. Trojan horse infections were a close second with 25.56 percent of all infections. But adware is just a pain, right? Not really. Adware has entered that area of now being called a type of malware itself, because it can be used to make your computer do things beyond your control and without your approval. Even though adware typically shows ads while users surf the Web, which is annoying enough, it can easily compromise the computer's security or performance.

How did my machine fall prey?

It can happen very easily. You load a piece of software you want or need, perhaps a mouse driver or maybe an instant messenger client. You did not read the screen (like this one to the right) and clicked “yes”! The next thing you know, you have things running on your system that you did not know were there. How did it happen? Well, when you run a default installation, you need to read ALL of the information that is displayed. If you click next, you are often agreeing to let the software install components on your machine that you would never load on purpose. Even after all this time, it still amazes me that companies with good reputations in the marketplace still bundle unwanted software and components with their programs. An example I used in the past was America Online’s popular Instant Messenger program. If you performed a default installation of standard AIM, this program will try to setup email you do not want, load a browser you do not want and put shortcuts in every nook and cranny on your computer. AOL, Yahoo! and others still do this. Thankfully AOL now has a product that is built for business messaging (AIMPro, through a partnership with WebEx) that does not (at least as of this writing) install the items noted in their “consumer” product. Remember, if you choose a “default” install of anything, someone else is making the choice of what to install on your PC, where to put it and how to configure it!
 

What Were the Most Active Threats Q12008?
According to industry sources, the two most active infections in the first quarter of 2008 were adware. Comet topped the list. What does Comet do? Comet is an unwanted (and possibly annoying) screensaver or animated cursor program. Once installed on your PC, Comet will import a large number of malicious Trojans and adware programs on your computer. In addition to the unwanted clandestine payload, Comet also shows advertising content. A simple uninstall of Comet may well fail as through the use of hidden files, it's possible that Comet will reappear after reboot. Following close behind were NaviPromo, the Bagle worm variants, SaveNow, Starware, Zango and Virtumonde.

Where Can I Find Out More?
There are many sites on the web that give some very good information on adware and malware and on removers. Just make sure you have a valid up to date virus scanner, an adware/malware detector / remover and keep your system and applications patched to the current levels. Remember that updates for the operating system, anti-virus and spyware detection and removal software are often driven by new definitions of malicious software and the patching of known threats that are being exploited by that adware and malware. Be careful what you download. Some adware will even tell you that you have an infection and you can clean it, just click here! When you click the link, the payload of malware is installed on your system, not the promised removal tool, so use only well known software from legitimate sources. Once your system is up to date and you have removed the junk that is gumming up your system, make sure you run the program you are using to detect these program at least once a week, if not daily. You will be amazed at the speed increase you will see without all this unwanted “software” clogging your machine’s performance! If you have questions or comments about this article, contact me (JohnBoline@hagerman.com).


All product names / logos, company names / logos are copyrights of their respective holders. John Boline is an MCSE, CNE, USE and a member of the Network Professional Association. The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Entire contents © 2008 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden.