Adware is the intrusive and unsolicited display of adverts to computer users. Clicking on them can lead to infection by even worse malware. Here’s what you need to know to stay safe.
What is Adware?
Adware is a form of malware that makes money for the threat actors in a drip-feed fashion. They push adverts to people’s infected computers or hijack search results in browsers. They get paid either for displaying the adverts or from user interactions with adverts or search results, such as clicking a button or link.
Adware is not a new threat. It has been around for literally decades, with examples dating back to 1995. Of course, it has evolved since it first appeared. Some adware applications use deception to obtain user agreement to their installation, with confusing or misleading installation options. Other examples don’t ask for any permission at all and install themselves silently.
Sometimes adware is delivered by trojan software. The user thinks they are installing a software package—either a free software application or an illegal copy of a commercial program they’ve downloaded from a torrent site—unaware that they are also installing the adware as well.
Adware programs may:
- Change your home page.
- Switch your browser to use a new search engine.
- Inject false results in search engine results.
- Force-feed bogus advertisements into the legitimate ad-serving mechanisms of web pages.
- Use registry hacks and other persistence coding tricks to make it difficult to reverse the changes and remove the adware.
The threat actors are effectively working for commission. They are abusing pay-per-click or pay-per-view advertising schemes. An advertising network that is legitimate and above board should have vetting and fraud detection systems in place to prevent such wilful misuse. Less diligent advertising networks may turn a blind eye, or deny knowledge of this type of abuse on their platform.
And those types of shady advertising networks are going to have equally shady clients. So the content of the adverts can be fraudulent, indecent, or a cyber threat in its own right. Often, they try to get the victim to install malicious software—virus removal tools or “pc speed-up” software are common deceptions. Inevitably they carry further threats like ransomware or rootkits.
What Are the Threats From Adware?
Adware impacts the user experience with distracting and often offensive adverts. Adware can slow down internet access and browser responsiveness, and it prevents the user from doing what they want. The user has the choice of how they use their computer removed from them. Home page settings and search engine choices are subverted and genuine search results are removed and replaced with doctored versions.
Adware programs may not be as malignant as trojans, ransomware, and rootkits, but they can open the door to these very threats by promoting fake adverts from other threat actors who are trying to spread their own malware.
How Does Adware Spread?
Adware can take many forms. It may be a program that runs in your operating system like any other application, or it might be a browser-based script, extension, or toolbar.
A common method used to install adware programs uses botnets or other malware distribution systems that are made available—at a small per-install cost—by other cybercriminals. Because of this, an adware infection may signify you have other more serious threats on a computer.
Torrent sites and other downloading sites are a target for the threat actor. They upload tainted versions of software and wait for people to download them. Somewhat obviously, adware authors will also use bogus adverts to make people unwittingly install their adware software. One common trick is to display prompts to install plug-ins such as Java or Flash Player in order to use a website the victim is trying to visit.
Sometimes seemingly useful and innocent browser extensions are written by the threat actors and uploaded to the official Chrome or Firefox software stores. Google and Mozilla try to identify and remove extensions that have hidden payloads, and they have had some significant successes with this. But it is an on-going battle, with the authors of the malicious software using new techniques to get around the automated checks of the app stores. This is similar to the on-going battle between virus authors and anti-virus software companies.
Another technique is for the threat actors to use a shell company to buy an existing browser extension that has a good reputation. They then take over the authorship of that extension and add their malicious code to it. This then infects anyone who downloads the tainted extension. It is also pushed out as an update to everyone who already has the extension installed.
How to Avoid Infection
- As always, an up-to-date end-point-protection suite incorporating anti-virus and anti-malware should be used. It’s not a universal silver bullet but it is your first line of defense and will weed out many types of threat.
- Avoid downloading and installing software from anywhere other than official sites such as the software company’s genuine website. Don’t download cracked software, password crackers, or pirated games.
- Sites that offer unauthorized online streaming of sports events often ask the user to install a plug-in to access or enable the stream. These almost always include malware such as adware.
- When you’re installing software don’t click “next”, “next”, “next” without reading each installation screen. Carefully read the installation text and deselect third-party advertising components. Additional toolbars and other extras are often enabled by default, so take the time to read the screens and de-select the items that are “bundled extras.”
- Before installing a browser extension do some easy research and read the user reviews. If the extension has suspicious—or overtly malicious—behavior someone will leave a comment about it.
- Periodically review the list of extensions you have installed. When was the last time you used them? Remove any that you don’t use regularly.
- Don’t believe pop-up warnings about software updates, fixes for your “broken” software, or ways to speed up your computer while you’re browsing the web. The website you are on has no means of knowing if your computer is running slowly or needs optimization. They are trying to trick you into installing adware or some other form of malware.
Advertising revenue of one form or another is the lifeblood of the internet. And cybercriminals are fully aware of this. If there’s money to be made, they want in on the game. And true to form, they want to bend the rules so they always win.