Lavasoft has updated its popular malware and spyware detection and removal tool Ad-Aware. Rather than a dramatic redo, version 8.1 builds on the improvements made in the previous version. The new version is faster, has better removal abilities, and introduces a behavioral detection engine.
Called Genotype, Ad-Aware's heuristic-based behavioral detection engine isn't explicitly called out in the interface. However, I noticed that files that had been flagged falsely as threats in earlier versions were no longer called out as such, and the Quick Scan was able to complete in about three minutes, as opposed to 10 minutes in the previous version. These are empirical observations, of course, but this version's improvements should be easy to see for longtime users of Ad-Aware.
Removal techniques have also been improved. Lavasoft is calling the new system Neutralizer, although it's not called out as such in the program interface. What users will see is a "family" of grouped similar threats, such as cookies, the category of the threat, and the action taken. The program defaults to the Recommended action, which means you need to click on the drop-down menu to the right of the listing to see what action will be taken on a per-threat basis. The big action buttons introduced in version 8 still reside at the bottom of the window, which feels further than necessary--it'd be better to have the action button closer to where the mouse already is, at the top of the window.
There is one big change to the interface in v8.1. At the bottom left corner of the window, there's a toggle to switch between Simple mode and Advanced mode. Simple mode is for users who are set-it-and-forget-it types, with fewer options displayed. Advanced mode allows for deeper settings customization. There's also a gaming mode, so that full protection continues to run while you play games or watch videos, but detected threats won't interrupt your entertainment until you're done.
Ad-Aware's new Advanced mode, presenting more options by default.
(Credit: Screenshot by Seth Rosenblatt/CNET)Fans of personalization get more skin action in this version, too. In addition to the included skins, the community support offered at MyLavaSoft now includes community-sourced translations and skins.
However, fans of the free version do not get all the features available in the paid upgrades. Antivirus is only for paying customers, and while rootkit detection is present, behavior-based heuristics and real-time registry protection are not. Ad-Aware Free cannot scan networked drives, and even a basic feature like the scheduler remains off-limits in the free version. The Ad-Aware toolbox for system tweaks is only available in the Pro version. I encountered a pop-up for the upgrade, although Lavasoft told me that this was an infrequent occurrence. Ad-Aware Plus is available for $26.95, and Ad-Aware Pro is $39.95, and both have a 30-day trial.
Instead of hacking into major online sites to embed malware, malicious hackers are going in through the front door by exploiting security holes in systems for delivering ads.
It happened just days ago, for instance, to the Web site of The New York Times. The newspaper company informed readers on Sunday about a rogue ad that was popping up on its site. The ad warned visitors to NYTimes.com that their computer may be infected with a virus and redirected them to a site that purports to scan the computer and offers to sell antivirus software.
This is common behavior for what is known as fake security alerts, or "scareware," designed to trick people into paying for something they don't need. Use of this type of scam is on the rise.
Typically, the site hosting the rogue alerts has been compromised, or a worm, like Conficker, distributes the alerts directly to computers.
On his blog Input & Output, Seven Scale CEO Troy Davis offers an analysis of the scareware ad that appeared on NYTimes.com.
(Credit: Troy Davis)"I think there is a problem with ad networks, in general," said Graham Cluley, a Sophos security researcher. "The problem really is with Web sites handing over control of some of their content to third parties."
The rogue ad on NYTimes.com was delivered by an unknown ad delivery firm after the newspaper agreed to run an ad for a week from a company posing as Internet telephony provider Vonage, according to New York Times spokeswoman Diane McNulty. Initially, a legitimate-looking ad was running, but that was switched with the fake antivirus alerts, possibly on Friday, she said.
"In the future, we will not allow any advertiser to use unfamiliar third-party vendors," McNulty is quoted as saying. (McNulty did not respond to e-mail questions posed by CNET News on Monday and Tuesday.)
Several news organizations were targeted in the rogue ad scam, according to a New York Times statement.
One of them was SFGate.com, the site for the San Francisco Chronicle, a Chronicle spokeswoman told The New York Times. (Calls from CNET News were not returned on Monday and Tuesday.) "We did get hit with something over the weekend," Kelly Harville, a vice president of marketing at the newspaper, is quoted as saying.
"This isn't uncommon," said Michael Caruso, founder and chief executive of Clickfacts. Scammers "come in looking like one thing. They spoof the email addresses, even get good references for their credit and run a car ad. It happened with a Lexus ad a couple of weeks ago...They change the content out at the content delivery network."
ClickFacts, which started out helping advertisers defend against click fraud, also offers an ad scanning service for Web sites and ad networks that audits ad content for things like malware. For instance, ClickFacts is monitoring the ads that appear on News Corp.'s Fox site, which previously was hit by rogue scareware, Caruso said.
"We proactively scan the ads before they are delivered and then continuously scan them from many IP ranges around the world to make sure they're not launching adware," he said.
Many ad networks are scanning ads manually, but ad content can easily be changed after a manual scan is done, Caruso said. In addition, he said, a malicious ad "could be placed in anywhere" because sites often have other companies sell their ad inventory.
For example, two years ago Trojan horse software was discovered in banner ads that an ad network was serving up via Yahoo's Right Media Exchange to MySpace, Photobucket, Bebo, and other high-traffic sites.
The rogue ads pose a number of problems. First, they can download malware to a computer once the ad is clicked on. The malware can include Trojans, back doors, and keystroke loggers and can be used by the scammers to commandeer the computer to send spam or launch attacks on other computers, according to Cluley.
Then, if someone falls for the ruse and provides credit card and other billing information, the scammers have sensitive financial data that can be used for identity fraud.
"Identity theft is the purpose behind the ads," said Caruso.
Updated at 5:50 p.m. PDT September 14 with explanation from The New York Times.
The New York Times' Web site is grappling with problems created by an "unauthorized advertisement," but it is unknown how the ads managed to appear on the site and whether the site had been compromised.
The rogue ad warns readers that their computer may be infected with a virus and redirects them to a site that purports to offer antivirus software, according to a note posted to the newspaper's Media & Advertising section:
Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser.
The site, best-antivirus03.com, is a so-called hijacker that uses fraudulent strategies to promote fake security software, according to security site GeekPolice.net.
One CNET reader described how the pop-up ad essentially hijacked his browser, preventing him from navigating away from the site.
"They took me to an 'antivirus site,' which kept attempting to scan my computer and install software. Using the back button kept reloading the virus page," the reader said. "It was not possible to close the page, necessitating a force quit."
Update with explanation from The New York Times:
The New York Times said the offending ad was provided by someone posing as a national advertiser with a legitimate-looking advertising product. Over the weekend that ad being served up was swapped out so that the offending ad would appear, the Times said.
"As soon as we were made aware of the situation, we took aggressive steps, suspending all third-party advertisements on the site," Diane McNulty, executive director of Community Affairs and Media Relations, said in a statement. "We now know how it occurred and have taken steps to prevent a similar situation from happening."
Botnets increasingly used to perpetrate click fraud, Click Forensics reports.
(Credit: Click Forensics)Thanks in part to armies of compromised computers, click fraud reached an all-time high in the fourth quarter.
Click fraud lets Web sites increase revenue from ads supplied by services such as Google's AdSense or the Yahoo Publisher Network, though those companies take measures to screen out bogus links so advertisers don't have to pay. But that doesn't stop people from trying, according to a new report from Click Forensics, a company that monitors for click fraud and sells detection services.
"The overall industry average click fraud rate grew to 17.1 percent for the fourth quarter of 2008. That's up from 16.0 percent in the third quarter of 2008 and from the 16.6 percent rate reported for the fourth quarter of 2007," the company said Wednesday.
Humans can click on ads, but increasingly fraudsters turn to botnets, the swarms of computers taken over through remote attacks that can do fraudsters' bidding without computer users' knowledge.
"Traffic from botnets was responsible for 31.4 percent of all click fraud traffic in the fourth quarter of 2008. That's up from the 27.6 percent rate reported for the third quarter of 2008 and the 22.0 percent rate reported for the fourth quarter of 2007," Click Forensics said.
Microsoft and the Attorney General's office in Washington state said on Monday they have filed a handful of lawsuits over pop-up ads that scare consumers into paying for software that supposedly fixes critical errors on a PC.
The lawsuit filed by the Attorney General's office alleges a Texas firm sent incessant pop-up ads that falsely claimed the computer had critical errors in its registry and directed people to a Web site where they could download free scanning software to find the problems.
This is an example of the pop-up that consumers received from a Texas firm sued for allegedly spreading "scareware."
(Credit: Washington Attorney General's office)The software then reports 43 critical problems and offers to sell a fix for $39.95. However, the software, dubbed "Registry Cleaner XP," does nothing but lull the consumer into a false sense of security, officials said.
It's a "blatant rip off of consumers," Washington State Attorney General Rob McKenna said in a news conference. Consumers were "duped into downloading a fake scan (of the computer) and then duped into paying for software they don't need."
The pop-ups take advantage of a function called Windows Messenger (not to be confused with Microsoft's instant-messaging program Windows Live messenger) that was designed to allow network administrators to send alerts to Windows PCs on a network. The functionality was turned off in Windows XP Service Pack 2, said Richard Boscovich, senior attorney for Microsoft's Internet Safety Enforcement Team.
The messages often would be displayed repeatedly, with one IP address receiving more than 200 in one day, the complaint alleges.
... Read more
A new type of Internet-based attack is spreading in which Flash-based ads seize control of a Web surfer's clipboard and paste in a link to a malicious site in the hopes that it will be spread from there into e-mails, blogs, and instant messages.
The ads have been spotted on MSNBC.com, Newsweek.com, and Digg.com, and victims have reported on numerous forums and blogs that they appear to be fake alerts that a virus has been detected on the computer and offer to clean it up, according to antivirus vendor Sophos.
The malicious link, which includes "xp-vista-update" in the URL, is copied into the clipboard and can not be over-written by copying new text to the clipboard. Users must reboot the computer to remove the link, The Register reports.
The malware appears to affect Mac, Windows, and Linux machines and Firefox, Internet Explorer, and Safari browsers, according to ZD Net's Zero Day blog.
Chris Thornton, who created the "ClipMate" clipboard extender for Windows, gave an interesting description of the situation on his Clipboard Extender Dot Com blog:
"Someone wrote a little piece of Adobe Flash code to copy text to the clipboard. Then they put it in a loop, to do it once a second. Then they put it in an innocent-looking flash-based banner ad, with their harmful URL as the payload. Then they signed up for some advertising networks, and submitted their bad ad, presumably paying considerable $$$ to get it featured on sites that you and I visit regularly, such as MSNBC and Digg. And when someone has this ad loaded, they can copy all they want, but everything they paste will be just that URL. So if you are writing an e-mail to Aunt Millie, telling her to look at your eBay auction located at (paste), or to download Picasa to organize her photos - download here (paste), she's going to get the virus when she visits the bad site."
- prev
- 1
- next
