Every day, there are 100,000 new variants of malware detected around the world, according to security expert Graham Clulely, writing for We Live Security.
‘Adware’, software which delivers unwanted adverts, might seem among the least threatening – after all, we’re bombarded with adverts as soon as we log on, and legitimate companies constantly harass us to install their toolbars, or make their page our home page.
ESET’s security programmes classify such software as a lower risk, than, say, a Trojan which logs keystrokes, and users can choose to enable such ‘potentially unwanted applications’.
But the sophistication, and hi-tech evasion techniques displayed by malicious adware such as Win32/Boaxxe, analyzed by ESET researcher Joan Calvet here, show that not only can ‘adware’ be far from innocent, the newest ‘badware’ is also highly sophisticated, reacting to search queries to deliver its tainted results.
“Boaxxe.BE, is an impressive malware family with numerous sub modules, which takes lots of precautions to stay stealthy,” says Calvet, “For example, it won’t redirect users to ads when the user clicks on common websites (Wikipedia, Facebook,..), or the maintenance of its own DNS cache in order to avoid relying on the too-noisy Windows cache.”
Adware, in general, will rarely slow your PC – the software is small, light, and discreet. But controlling what adverts you see should be important to any user – sometimes, the software can redirect users to infected sites, as in this We Live Security report here.
Legally, adware is also a very, very grey area – much adware arrives as part of a ‘free’ program, then proves hard to uninstall. Companies such as OpenCandy do legitimate business – often distributed as part of ‘toolbars’ offered by other companies – but are controversial, with Microsoft among others having flagged versions of their software as malicious.
Diagnose the condition
Spotting if you are infected is actually quite hard – the internet is already full of annoying adverts, which many of us don’t want to see. Sophisticated malware such as Win32/Boaxxe will also ‘tailor’ adverts to your searches (described by ESET researcher Joan Calvet as ‘user-generated click fraud’ – but much adware is less subtle. If you ever see ads popping up on your desktop, or within apps other than your browser, or different sites appear than the one you expect when you type in a URL, you probably have a problem.
Check your bookmarks and favourites
Look in your bookmarks and favourites folders in your browser – all look familiar? If not, worry. Changing home pages, adding new bookmarks and favourites are all signs of adware – often the semi-legitimate kind – but if you suddenly find a new set of bookmarks, it might be worth a visit to Control Panel to see if new programs have appeared, and uninstall them.
Spring clean your browser
Ensure your browser is set up to block installation of extensions by default, and to block pop-up adverts. Even sophisticated malware can’t do magic – while Win32/Boaxxe is laden with advanced stealth techniques, it can be seen if you check through your browser – and know what you’re doing. ESET researcher Joan Calvet says, “It’s worth mentioning that Win32/Boaxxe.BE installs its Chrome and Firefox extensions as visible, and thus they will appear in the extensions panel.” It’s worth checking this panel regularly anyway, as a precaution – if you see programs you don’t recognize, kill them. Calvet warns, however, that Boaxxe is no ordinary adware, “You cannot rely on the extension name to check if it is legitimate – it will not warn you that it is being installed, and you may have to use Developer Mode to check the extension ID on Chrome Store.”
‘Freeware’ is rarely a free lunch
If a program is free, that sounds great – but it should set alarm bells tingling. Often adware is delivered as part of ‘free’ software, with your ‘consent’ to this buried deep within a licence agreement. Think hard about whether you really need software – and read reviews on other sites, not the owner’s before downloading.
Hard to kill – but worth it
If your PC has been around a while, uninstalling software can be a daunting task – there’s often pages of it. But adware can be killed. Look for publishers you don’t recognize, software whose name you don’t remember – but Google first, before hitting the button. Some companies install ‘helper’ apps which are perfectly legitimate – such as Apple’s Bonjour, which arrives alongside iTunes – so it pays to select targets carefully.
Actually read licensing agreements
We don’t suggest keeping a lawyer on hand, but be careful with software that claims to be ‘free’ – open the licensing agreement and search for words such as “information” and “advertising”. Read about the developer – and read reviews before installing. Intrusive adware usually causes a storm of internet fury – so if freeware does come with unwanted ‘passengers’, it’s often not hard to find out.
Toolbars are tools you don’t need
Not content with providing cybercriminals with many of the ‘entry points’ they use to attack PCs (as reported by We Live Security here), Java also ‘offers’ users a toolbar for the unpopular search engine Ask, each time they install one of its many, many security updates. Untick this box. Ask is laden with far more adverts than Google. Toolbars often offer little service to the user bar ‘binding’ them to one search tool or email provider.
If your browser asks for permission for an app, read it
Both Chrome and Firefox will warn you if an app is installing an extension in your browser – don’t ignore these warnings. Adware is often installed this way, so read the warning, and if you don’t recognize or want the program, say no. This does not apply, however, to stealthy malware such as Boaxxe.32, which arrives in disguise, so it’s worth visiting your extensions folder often, just to check you’re not carrying any stowaways.
Most anti-adware is, in fact, adware
The worst possible thing you can do is to search for ‘anti-adware’ software – the web is loaded with such ‘free’ software, most of which is adware, often worse than the adware you already have. It is like attempting to cure yourself of a cold by injecting yourself with the ebola virus. There are some legitimate, and good, programs – PC Decrapifier does a good job but most such ‘free’ tools are traps, pure and simple.
Author Rob Waugh, We Live Security