Lavasoft News - October 2006

Spyware Newsbits

New Targets in Detection [September 2006]

Name Description
Adware.AdwarefilterToolbar May be installed by a Trojan downloader/dropper and provides no uninstaller. It advertises the AdwareFilter client, which is rogue anti-spyware.
Adware.Agent A family of uncategorized generic adware applications. The generic adware may cause pop-ups and/or other types of advertisements to appear on the computer where installed.
Adware.Allsum May expose the user on an infected computer to pop-ups and advertisements. Search queries may be logged.
Adware.Baidubar Adware.Baidu is an Asian toolbar that force installs a BHO. It does not have an uninstaller and it is very hard to remove. May advertise random products.
Adware.CasClient Operates in stealth and causes pop-ups to spawn on the host computer. May also record queries entered into Internet Explorer.
Adware.FunWeb Installs a toolbar on all user accounts. Its uninstaller is hidden and it may cause advertisements to appear on the host system.
Adware.Koolbar Installs and operates in stealth on the host system. It may cause pop-ups to appear and other advertisements to appear. No EULA provided.
Adware.LetsCool Changes the wallpaper and installs a hidden BHO. The uninstaller provided does not remove the hidden BHO. It may cause pop-ups or other kinds of advertisements.
Adware.LinkOptimizer Operates in stealth and does not provide a functional uninstaller. It may cause advertisements to pop-up, and it also may redirect search queries.
Adware.LoopAd May cause pop-ups or other advertisements to spawn on the computer where installed.
Adware.MyToolbar Performs automatic updates and installs on all user accounts. May cause pop-ups or other forms of advertisements to spawn on the computer where installed.
Adware.Podcast Installs itself using downloaders that download in stealth mode and installs Podcast. It then, pretty frequently, causes pop-ups and other advertisements to spawn.
AdWare.Safety Bar May be installed from a Trojan downloader. It advertises other scam products and tries to get the user to buy these.
Adware.Soso May cause pop-ups or other advertisements to spawn.
Adware.WeirWeb Installs and operates in stealth. May expose the user of an infected system to adware and pop-ups. No uninstaller is provided.
Diaremover Rogue anti-spyware that attempts to scam the user into buying the product. Diaremover installs false positives that it finds and claims they are very critical hits. Uses downloaders and droppers to install itself in stealth on a compromised system. The uninstaller only works partially, and may even reinstall the software later on.
Win32.Backdoor.Hackarmy A backdoor tool that allows for a remote user to exploit the infected system. Known ports include (but are not limited to) 6667.
Win32.Backdoor.Sality Has two modules: one keylogger and one backdoor. The backdoor may be used to control an infected system from a remote computer.
Win32.Hacktool.Craagle A tool that searches for illegal serials on sites that are potentially harmful to the system that visits them.
Win32.Keylogger.Skin A commercial keylogger. It records all keystrokes and active windows to C:\sessions.log (unless of course that has been changed).
Win32.Trojan.IZD A Trojan that installs a backdoor on the compromised system.


TAI - Threat Assessment Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.


Threat Analysis (TA) Index

Home  arrow

Spyware infections prompted almost one million U.S. households to replace their computers in the first half of 2006.
-Consumer Reports, State of the Net 2006

The total loss from all cases of fraud referred to the FBI's Internet Crime Complaint Center in 2005 was $183.12 million, with an average loss of $424 per complaint. This is up from $68 million in total losses a year earlier.

This month's issue of Lavasoft News is being read by... drum roll please... 872,054 people.
Worm Graphic
Term of the Month
WORM - Did you know that WORM is an acronym for "write once, read many"? A computer worm is a self-replicating computer program, similar to a computer virus. Unlike viruses, however, worms self-propagate and so do not require other programs or documents to spread. Worms typically spread through e-mail or other file transmission capabilities found on networked computers.
Real Testimonial
Thanks for removing "VirusBurst" on my PC. I tried several ways to get rid of that low-down nag. Spybot had detected it, but wasn't able to kill it. HijackThis removed it - and it was still there. The next day there was an update for Ad-Aware. After this it was that easy!! No spyware, no virus. Good work. I appreciate your reliability.
R. Busch, Berlin, Germany, 25/09/06
Adware Trends
A new report by an online security vendor shows that in August 2006, there were roughly 450 "adware families", with more than 4,000 variants.
    Industry experts say that as the amount of new viruses and worms drop off, criminal malware is given room to rise. Spyware, Trojans and phishing are the cyber-crime of choice in 2006.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Page footer