Every
day, there are 100,000 new variants of malware detected around the
world, according to security expert Graham Clulely.
‘Adware’, software which delivers unwanted adverts, might
seem among the least threatening – after all, we’re bombarded with
adverts as soon as we log on, and legitimate companies constantly harass
us to install their toolbars, or make their page our home page.
ESET’s security programmes classify such software as a lower risk,
than, say, a Trojan which logs keystrokes, and users can choose to
enable such ‘potentially unwanted applications’.
But the sophistication, and hi-tech evasion techniques displayed by malicious adware such as Win32/Boaxxe, analyzed by Researchers
show that not only can ‘adware’ be far from innocent, the newest
‘badware’ is also highly sophisticated, reacting to search queries to
deliver its tainted results.
“Boaxxe.BE, is an impressive malware family with numerous sub
modules, which takes lots of precautions to stay stealthy,” says Calvet,
“For example, it won’t redirect users to ads when the user clicks on
common websites (Wikipedia, Facebook,..), or the maintenance of its own
DNS cache in order to avoid relying on the too-noisy Windows cache.”Adware, in general, will rarely slow your PC – the software is small, light, and discreet. But controlling what adverts you see should be important to any user – sometimes, the software can redirect users to infected sites.
Legally, adware is also a very, very grey area – much
adware arrives as part of a ‘free’ program, then proves hard to
uninstall. Companies such as OpenCandy do legitimate business – often
distributed as part of ‘toolbars’ offered by other companies – but are
controversial, with Microsoft among others having flagged versions of
their software as malicious.
Diagnose the condition
Spotting if you are infected is actually quite hard – the
internet is already full of annoying adverts, which many of us don’t
want to see. Sophisticated malware such as Win32/Boaxxe will
also ‘tailor’ adverts to your searches (described by ESET researcher
Joan Calvet as ‘user-generated click fraud’ – but much adware is less
subtle. If you ever see ads popping up on your desktop, or within apps
other than your browser, or different sites appear than the one you
expect when you type in a URL, you probably have a problem.
Check your bookmarks and favourites
Look in your bookmarks and favourites folders in your
browser – all look familiar? If not, worry. Changing home pages, adding
new bookmarks and favourites are all signs of adware – often the
semi-legitimate kind – but if you suddenly find a new set of bookmarks,
it might be worth a visit to Control Panel to see if new programs have
appeared, and uninstall them.
Spring clean your browser
Ensure your browser is set up to block installation of
extensions by default, and to block pop-up adverts. Even sophisticated
malware can’t do magic – while Win32/Boaxxe is laden with advanced
stealth techniques, it can be seen if you check through your browser –
and know what you’re doing. ESET researcher Joan Calvet says, “It’s
worth mentioning that Win32/Boaxxe.BE
installs its Chrome and Firefox extensions as visible, and thus they
will appear in the extensions panel.” It’s worth checking this panel
regularly anyway, as a precaution – if you see programs you don’t
recognize, kill them. Calvet warns, however, that Boaxxe is no ordinary
adware, “You cannot rely on the extension name to check if it is
legitimate – it will not warn you that it is being installed, and you
may have to use Developer Mode to check the extension ID on Chrome
Store.”
‘Freeware’ is rarely a free lunch
If a program is free, that sounds great – but it should set
alarm bells tingling. Often adware is delivered as part of ‘free’
software, with your ‘consent’ to this buried deep within a licence
agreement. Think hard about whether you really need software – and read
reviews on other sites, not the owner’s before downloading.
Hard to kill – but worth itIf your PC has been around a while, uninstalling software can be a daunting task – there’s often pages of it. But adware can be killed. Look for publishers you don’t recognize, software whose name you don’t remember – but Google first, before hitting the button. Some companies install ‘helper’ apps which are perfectly legitimate – such as Apple’s Bonjour, which arrives alongside iTunes – so it pays to select targets carefully.
Actually read licensing agreements
We don’t suggest keeping a lawyer on hand, but be careful
with software that claims to be ‘free’ – open the licensing agreement
and search for words such as “information” and “advertising”. Read about
the developer – and read reviews before installing. Intrusive adware
usually causes a storm of internet fury – so if freeware does come with
unwanted ‘passengers’, it’s often not hard to find out.
Toolbars are tools you don’t needNot content with providing cybercriminals with many of the ‘entry points’ they use to attack PCs (as reported by We Live Security here), Java also ‘offers’ users a toolbar for the unpopular search engine Ask, each time they install one of its many, many security updates. Untick this box. Ask is laden with far more adverts than Google. Toolbars often offer little service to the user bar ‘binding’ them to one search tool or email provider.
If your browser asks for permission for an app, read it
Both Chrome and Firefox will warn you if an app is
installing an extension in your browser – don’t ignore these warnings.
Adware is often installed this way, so read the warning, and if you
don’t recognize or want the program, say no. This does not apply,
however, to stealthy malware such as Boaxxe.32, which arrives in
disguise, so it’s worth visiting your extensions folder often, just to
check you’re not carrying any stowaways.
Most anti-adware is, in fact, adware
The worst possible thing you can do is to search for ‘anti-adware’ software – the web is loaded with such ‘free’ software, most of which is adware, often worse than the adware you already have. It is like attempting to cure yourself of a cold by injecting yourself with the ebola virus. There are some legitimate, and good, programs – PC Decrapifier does a good job but most such ‘free’ tools are traps, pure and simple.
The worst possible thing you can do is to search for ‘anti-adware’ software – the web is loaded with such ‘free’ software, most of which is adware, often worse than the adware you already have. It is like attempting to cure yourself of a cold by injecting yourself with the ebola virus. There are some legitimate, and good, programs – PC Decrapifier does a good job but most such ‘free’ tools are traps, pure and simple.
No comments:
Post a Comment