Spyware and adware rogues' gallery

The ranks of spyware and adware expand daily, but some take root more often than others. Here are six of the usual suspects.

3: Name: Gator Advertising Information Network (GAIN)

Alias: Gator

Actions: Gator overlays ads onto Web pages, tracks what Web sites are visited by users, transmits information about products and services users are interested in, and monitors response to Gator-produced ads. This information is made available to advertisers.

Security issues: According to its privacy policy, Gator transmits information on system settings and configuration information -- software installed on the computer, and more -- as well as first name, country, city, five-digit ZIP code/postal code, and “non-personally identifiable information” entered into Web page forms, such as the first four digits of credit card numbers, which identifies the issuing bank but not the cardholder. Gator also auto-installs and/or updates other software components, such as rich media player applications, browser plug-ins, virtual machines, and run-time environments.

Other issues: Gator distributor Claria insists Gator is not spyware and has been involved in several court cases in attempts to prove this claim. Users report computers with Gator exhibit slowed performance and/or software crashes.

Transmission method: The Gator Advertising Information Network offers half a dozen applications that contain Gator, such as a desktop weather forecast program, a calendar, a computer clock synchronization program, the “Gator e-wallet,” and a program called Websecure Alert, which Gator documentation says “helps to protect your browser security by monitoring for unauthorized tampering with Internet Explorer’s security settings, and can help to protect your privacy by deleting your web surfing history on a regular basis.”

4: Name: Live Online Portal (LOP)

Aliases: C2

Actions: This family of spyware applications reset user’s default start and search pages to lop.com or one of 200 Live Online Portal (LOP) affiliates such as ifiz.com, iguu.com, samz.com, sckr.com, scrk.com, and sfux.com. LOP resets start and search pages back to lop.com if user attempts to change them, adds shortcuts to advertisers’ sites on desktop and links in favorites/bookmarks, and adds new IE toolbar called Accessories, with yet more advertising links.

Security issues: LOP can download and execute arbitrary code from its server.

Other issues: Overall performance is slowed. Mobile users may get frequent dial-up connection requests if their computers are not online when LOP wants to perform some action. Computers may freeze for a few minutes after these connection requests are refused by user. LOP program may demand answers to series of riddles before allowing itself to be manually uninstalled. LOP program may demand answers to series of riddles before allowing itself to be manually uninstalled.

Transmission method: LOP’s most infamous installation method is to create pop-up loops (pop-ups opening pop-ups) featuring ads for MP3 search and download tools. One false or frustrated click in the midst of the pop-up plethora and the machine is infected. LOP has also been bundled as a legitimate music/software download search tool with various freeware software offerings.

 

5: Name: Cydoor

Aliases: None

Actions: Cydoor produces the usual complement of pop-up ads and many pop-under ads.