Malware 101
This is the first of a series of articles on malware. The definition I personally believe fits Malware most is "software executed in ignorance of the user performing some unwanted activity". This article presents some of the most popular malware categories, including but not limited to Adware, Spyware and Ransomware. We are going to start this series of articles with the most profound type of malicious programs, Adware.
Adware refers to programs that deliver advertising content in a manner or context that is unexpected and unwanted by users. It is quite common for Adware to be confused with PUPs (potentially unwanted programs). However there exists a fine line between the two categories.
PUPs are programs which contain advertisements and are typically installed along with free software. The major difference with Adware is that the user is informed about their installation in the download agreement and therefore provides his consent. However, the majority of end-users fail to read the download agreement and end up installing unwanted programs.
On the other hand, Adware programs trick the user into thinking that he is installing a useful program while installing advertising components that the user is unaware of. The severity of Adware varies; the least dangerous ones present the user unsolicited advertisements typically in the form of banners or pop-up windows. Others, track the victim's browsing habits and collect data from the infected system, in order to present him with targeted advertisements. The most aggressive ones can hijack the victim's browser start page or default search engine and redirect them to adverting web pages.
Nowadays, there exist a large number of web sites like CNET, Brothersoft and Softonic that have custom installers for (typically) free programs that install PUPs along with the desired software. Next, we are going to go through the steps of a typical Adware infection from a custom installer for a free program.
In our example, the user wants to download the well-known browser Firefox. The user does not know where to download Firefox from, so he goes to Bing to search for it.
The user searches for "free firefox download".
Now notice that the first result Bing returned is "uk-download.com", whereas the software publisher's page (Mozilla) is second. The user without checking twice the results, clicks confidently on the first. The funny (and sad at the same time) thing about the webpage, is that it has earned the McAfee "Secure" certification. On the right image you can see a different version of Firefox this time from "downloadastro.com" which also comes wrapped with adware.
The user thinks he has just downloaded a legit version of Firefox, while what he really did was nothing else than infecting his system. If the user had uploaded the installer to Virus Total, he would be looking at this.
