Adware: Delivery Methods

Adware: Delivery Methods

What is adware?

Adware is software, with the main goal to deliver advertisements to the user. Sometimes the means used by the adware leads to a different classification, like f.e. browser hijacker, but they will still be adware.

Browser hijackers

There are many kinds of adware if you look at the way the advertisements are being delivered. Most of them will qualify as browser hijackers.

You can be hit with advertisements while surfing, which may lead you to believe that they originate from the site you are visiting, while they are not. These can come in the form of pop-ups or pop-unders, but they might just as well seem embedded in the site itself.

For example, there are adware programs that change pieces of text on the site you are visiting, into links that show pop-ups or tooltips, when you hover over them with your mouse. Most of the above will come in the form of browser extensions/add-ons.

adware3

Then there are adware programs that change your start-page, search-engine or even by changing the shortcuts on your computer, that open your browser(s).

Other means to hijack you to a site of the adware’s choice are proxies, alterations to your hosts-file and dns-hijacks.

adware1

Others

DNS hijacks have been known to be done on poorly protected routers as well. The DNS hijacks can even take place on some routers, even if they are properly password protected.

Another method outside the browser is using the Windows Task Scheduler to show advertisements on set intervals or certain occasions.

LSP hijackers put themselves in your TCP/IP stack enabling themselves to alter, or add to, the content of your internet traffic.

adware2

Detection

Malwarebytes Anti-Malware will detect adware, albeit some are classified as PUPs (Potentially Unwanted Programs), usually because they show the user a EULA during install, or more in general, gives the user a choice to decline.

Some terms explained

Pop-ups: an ad-created new browser window or tab that has focus, i.e. shows up in the foreground.

Pop-unders: as above, only the window stays in the background or the tab is without focus,

DNS-hijack: changes the servers that handle your Domain Name System that “translates” the domain-name into a physical address. So, effectively, it sends you to a different site than the one you requested.

Proxy: adds an extra step between the surfer and the destination. They can be used to alter content or redirect the user.

Hosts: the hosts file is a list of domains coupled with IP addresses. Since it preceeds DNS it can be used as a hijacker, and has been known to be abused to block access to computer security related sites.

Text popups: a link that opens a popup box containing advertisements, usually prompted by a mouse-over.

Summary

Adware uses some very different methods to reach the same goal: make the advertisements getting noticed on your screen.

Malwarebytes Anti-Malware uses different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

 

Thanks to Julia for her help

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.