Malicious adware shifting focus to data harvesting — BitDefender study

Makers of adware - software that pushes unwanted ads to a computer - may have just become more invasive by focusing on stealing the user's personal data.   This was one of the findings of a study by security vendor BitDefender, which said the data harvesting business appears to be more profitable for adware creators.   "(G)reed and the desire to get most money with the least of effort have given adware an ugly and dangerous turn," it said.   Otherwise, it said adware would have helped small software developers get some income from the applications they make.   BitDefender noted rogue adware applications rigged with spyware components collect various data about users, their systems and online habits under the protective umbrella of a EULA (end user license agreement) or privacy policies agreed upon by users.   Few people read the terms and conditions before agreeing, it pointed out.   Also, BitDefender said spyware-rigged ads may be placed into a software installer window with opt-in check boxes for changing (hijacking) the start page, changing the search engine, installing toolbars  and the acceptance of the license agreement and/or privacy policy statement to redirect user towards certain products or services.   2nd quarter adware   BitDefender said a study of adware in the second quarter of 2012 showed many tend to collect personal data:   - Gen:Variant.Adware.Solimba, a generic detection that flags potentially unwanted installation of third-party software along with the product the user is trying to install. It tries to download executable files from the ad network, depending on campaigns but also collects user-data. It affects Windows from Windows 2000 to Windows 7.   - Gen:Variant.Adware.Hotbar is still significantly active since 2011. It can install a browser toolbar to force commercial pop-up messages on PC screens - and monitor users’ online activities to create profiles based on search habits and country of origin to redirect searches towards a German virtual store.   - Gen:Variant.Adware.Graftor poses as a legitimate software application but is a detenction for rogue antivirus products as well as more complex attacks, including distributed denial of service and even holding the victim’s data at ransom.   - Trojan.Sirefef hijacks the results of web searches to sites with adware. To stay hidden, it deploys a rootkit component, and creates a new thread with its malicious code every time the user opens an application.   "If in most case adware applications are annoying but harmless, they become dangerous and privacy invasive when someone integrates spying modules in their code. Not all freeware and shareware come bundled with spyware or that all products collecting data from the users use it illegally or for the wrong reasons," it said.   Worse, malware also consumes system resources such as RAM or bandwidth when it siphons information to its command and control center via the victim’s Internet connection.   "They may even download other pieces of malware, monitor other locally installed applications, sniff instant messaging or read cookies," BitDefender said.   Expected to benefit from this are rogue companies, rogue online shops, rogue affiliate marketers and rogue programmers who develop these adware applications to sell them.   But it also noted developers have their investment returned including development, maintaining and upgrade on the one hand; producers or sellers of the promoted services and goods with lesser advertising fees, on the other.   "Advertising is a highly profitable business. After all, it’s advertising that contributed to the explosive growth of the Internet, and it’s also suitable for software application. Aggressive and unscrupulous advertising builds up more revenue in shorter timeframes," it said. — ELR, GMA News