Adware: Real-life threat protection for merchants

0 Shares

Last month we looked at how our Service Operations Centre (SOC) Team helped a merchant get rid of a sneaky piece of trojan malware on their device. While most trojans will stay on a device unbeknown to the merchant, Adware, which we will look at this week, is a different enemy altogether. If you’re infected with Adware, chances are you know it! Adware makes up a large portion of our 5,270 automatic security actions and 576 SOC team interventions this month.

Note: An automatic security action is when our security tools directly deal with the malicious file by detecting, blocking, or quarantining the file. SOC team interventions are when our SOC team manually quarantines the file as it requires deeper human intervention.

The merchant we look at this month is subscribed to our Proactive Data Security (PDS) service. This means they will receive real-time threat protect from our SOC team. Meaning that when a threat is detected we will reach out and advise on the situation. On this call our agent speaks to a small roofing and tiling business that offers their services around the local area. The merchant’s device has unfortunately been infected with two pieces of adware.


What is Adware?

Kaspersky defines adware as “Generating revenue for its developers by automatically generating adverts on your screen”. Adware can be one of the most obstructive types of malware found on a device. It gets this reputation from prompting unwanted advertisements, pop-ups, and changes to your usual web browser.

Adware will usually find its way onto a computer or mobile device from a potentially unwanted programme.

Note: A potentially unwanted programme/application (PUP, PUA) is a programme that has made its way onto a device without the merchants’ permission.

Adware’s main goal when it has made its way onto a device is usually to make money for the cybercriminal. It does this by paying the attacker for each click or view on the advertisement. However, there are cases where this type of attack can be used to springboard more dangerous and malicious attacks e.g., spyware and ransomware.

Example of how adware may look on a device
Adware will infect a computer and cause popups on the users screen. Source.

Prior to the call our antivirus software took an automatic security action and made the decision to quarantine these files.

Note: To quarantine a file is to place it into a secure location on the device where it has no interaction with any other file or location on the host device. Our software provides its own quarantine location.

When the call begins, our agent lets the merchant know that these files have been quarantined, and what the files we’ll be looking at are, Littleinstaller.exe and Uninstall.exe. A file that is a component of a system optimiser and one that comes packaged in a freeware antivirus. Both seemingly harmless on the surface. The chart below examines the potential effects and costs of having these files on your computer.

Breaking down the effects and potential costs of adware on a computer.
Breaking down the effects and potential costs of adware on a computer.

Littleinstaller.exe

This executable file will usually go by Driverupdater.exe and is usually bundled in with other software installed without the merchant’s permission. Hence it’s categorised as a potentially unwanted program.

Driver updaters or ‘system optimisers’ will make the promise of cleaning up and speeding up your computer. It does this by deleting unused files and uninstalling programmes that may no longer be used. However, in most cases the boost to your computer’s device will be almost unmeasurable. The best course of action to take to achieve the same results is to manually clean up your device or to ask an IT professional to assist. Taking these actions can reduce the risk of loosing important files and programmes for your machine.

The adware in this case is specific to the system optimiser itself. Upon running a scan, the programme will alert you that it has cleaned up your computer but there are some issues that cannot be resolved without you upgrading to a pro or premium version of the software. The unfortunate aspect is that these scans can often be extremely exaggerated or completely fabricated. It prompts these messages to cause panic in the merchant, making them feel like they need to purchase a subscription to the software.

To show the source of adware
Littleinstaller.exe is usually in driver updater or system optimisers like this. Source.

The messages the user receives will become more and more frequent and have an increased tone of urgency as they go on. Messages like “Your computer is unsafe, upgrade now” are not uncommon.

The adware contained in these files typical relates to the software itself. However, it’s not unusual for it to reach other places on a computer. Browser hijacking, which changes the way a user interacts with their web browser is also a common occurrence.

Note: Spyware can be used to spy on a user’s activity on a device. This form of monitoring can lead to information being stolen or a user being blackmailed for the return of information e.g., credit card details.


Uninstall.exe

Having a generic name as this is a way malware can avoid any manual detection. On the surface, this looks like a file simply used to uninstall a programme. However, in this case, uninstall.exe was bundled with ByteFence Anti-Malware. The anti-malware programme is not malicious, but free anti-malware programmes like this do often come packaged with adware or other potentially unwanted programmes.

The biggest issue is that this is an anti-malware software that our merchant has downloaded in the hope that it will protect their device. This is often the case with freeware anti-virus or anti-malware software like the system optimiser discussed previously. The adware can use scare tactics to pressure the merchant into purchasing a paid or premium version of their software.

Note: Freeware is a piece of software that is provided at no monetary cost. The distributor or creator of the software is able to create its own licensing and rules for the software as it is not under any regulation.

It also gives the merchant a sense that their device is being protected all the while the programme itself is harming the computer. This is why we would always recommend having just one premium anti-virus installed per device. A reputable, premium antivirus will not contain adware or files similar to what was encountered on this call. It will also produce accurate and trustworthy results.


What’s the cost of adware?

Having free software that promises to perform a function is a very common practice for Businesses. The truth of it is that as these software’s are free they need a means of income and they do this through producing adware.

While in some cases the adware presented can be harmless and viewed on as more of an annoyance they can also lead to serious losses, in terms of finance and data.

In this case if our anti-virus protection had not of quarantined these files the merchant may have panicked and given into the prompts to buy a premium version of the software. Likewise, they may have continued to use an anti-virus that was not protecting the device like our premium anti-virus was.

Adware can also be a gateway for more malicious types of malware including ransomware and spyware.

Note: Ransomware and Spyware are two types of malware. Ransomware will encrypt your data and ask for a ransom (monetary or informational) to be paid for the return of data. While Spyware will collect your data and sell it onto the deep/dark web for monetary gain. Spyware can also be used by criminals to perform their own attacks.


Going forward

A key aspect of our calls with merchants is to ‘future proof’ them and educating business owners on the dangers of having these types of files and malware present on a computer.

  • Here our agent explained that going forward any potentially harmful files will be quarantined and explains this process. However, to completely steer clear of these files we take the steps to inform the merchant how to avoid finding these types of files in the future.

  • System optimisers will only marginally speed up a device if they do anything. We recommended that the merchant should manually clean their device. This can be a long, often complicated task so it is best to trust this process to an IT professional. This limits the chance of deleting important or critical files.

  • It’s also important to note that having programmes like this installed can often lead to the slowdown of the computer. It’s quite ironic! This can happen as they come packaged with other potentially unwanted programmes/applications. To avoid this, we recommended installing software only from trusted software vendors.

  • Our agent also took the steps to advise on ByteFence Anti-Malware. While this isn’t a harmful file on its own, freeware anti-virus/malware are often packaged with adware. Our suggestion here is to use only one anti-virus/malware software per device from a trusted software vendor. In this case, as the merchant is subscribed to our PDS service, they receive access to our premium-grade anti-virus protection.

Issue Encountered

Action Taken by SOC

Outcome

The merchant had been infected with two files that appeared to have been legitimate, trustworthy programmes (trojans). As these appeared to have been legitimate the merchant may have been interacting with them on a frequent basis

Pre-call, our anti-virus protection took the measure to quarantine these files.

On the call, we advised the merchant what these files are, how they might have affected the merchant’s use of the computer, and how we can fully remove them from the device.

After our call, the merchant would have been adware and malware-free.
The device became more secure with the removal of both files.

We also took the steps to fully remove the ByteFence Anti-Malware. The merchant will now be operating with our own premium-grade anti-virus protection.

These pieces of malware are just a small percentage of the 2,558 unique pieces of malware our security tools and SOC team have successfully identified this month. On top of this, another 806 merchants have decided to opt into the excellent real-time virus protection service we offer.

Missed our last look at the the work of the SOC team? Check it out here.

Like this Article?

Subscribe to receive more tips & news about Cyber Security, Compliance and a lot more!

  • Sysnet Global Solutions will use the information you provide on this form to be in touch with you regarding non-promotional as well as promotional material by email and phone. If you agree to same, then please select the ‘I consent’ box after reading the terms and conditions listed below in relation to consent. You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, update your preferences for communications, content etc. by clicking on the update my preferences button in any email we send you or by contacting us at marketing@sysnetgs.com We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms. We use Pardot as our marketing automation platform. By clicking below to submit this form, you acknowledge or agree that the information you provide will be transferred to Pardot for processing in accordance with their Privacy Policy and Terms