Adware and Under-Wear - The Definitive Guide

Sorting Out the Underware

There are several major players in the field along with a raft of smaller, lesser-known programs and Websites that invade your computer and steal your business profits. The following is by no means comprehensive.

Sharing the Wares

A large portion of the "underware" out there is promulgated on the file-sharing networks such as Kazaa, Morpheus, Bearshare, Gnutella, Limewire, Grokster, Aimster, iMesh, Audiogalaxy, and others. You probably associate these P2P clients with music file downloads, but other types of files are available on some of these networks as well.

Unfortunately, these sites also abound in a myriad of adware, spyware, malware, and outright viruses that come along for the ride with your Faith Hill or Eminem downloads. One of the founders of Audiogalaxy wrote of his history with that P2P provider, from its beginnings as a free file-sharing network to its current incarnation as a spyware-ridden "service":

Other networks were less above board about the spyware they included with their file transfers. Today, anyone who uses any of these file-sharing clients puts themselves at serious risk of allowing potentially damaging crudware onto their computers. It's worth noting that some noble programmers have created several ad-free versions of some of these clients, including Kazaa, Grokster, iMesh, and others. Some, like Grokster and iMesh, have embraced them and made them part of their sites; others, like Kazaa, are actively attempting to discredit and shut down these ad-free alternatives. "We mean to stamp it [KazaaLite] out," said Sharman CEO Nikki Hemming, whose company owns Kazaa.

Meanwhile, Kazaa continues to lead the way in spyware provision. Already Kazaa users run the risk of acquiring New.net, Onflow, WebHancer, msbb, TOPtext... and Cydoor ad- and spyware additions. For even more fun, they're bundling new and increasingly intrusive programming inside their client software. Brilliant Digital, a known source of adware, has struck an agreement with Kazaa to offer its "Altnet" video and audio content alongside Kazaa's own offerings.

The problem with Altnet is that there's a "sleeper" program bundled inside its downloads. On a specified day, the program will "wake up," and immediately activate Brilliant Digital's "SecureInstall" program the next time the user connects to the Kazaa network. Kazaa users will then be inundated with a wave of multimedia banner ads, and will be prompted to upgrade to a new, presumably cleaner version of Kazaa. Instead, they'll be connected to the Altnet P2P network. Worse, some users' computer resources will be conscripted into working in the Altnet network. Kontiki and RedSwoosh are doing something similar with the wares offered on their sites.

Kazaa is also a well-documented source of viruses; several viruses and worms specifically targeted for Kazaa users include Benjamin, Duload, and Kowbot. They all masquerade as MP3 or video files. Gnutella users have also been targets for worms.

Certainly the file-sharing sites are not the only sources for crudware, but they are major sources and need to be treated with caution.

There's a lengthy list of programs that qualify as one sort or another of "underware." I won't attempt to list every one of them, but here's the scoop on some of the most malicious and/or well-known villains in the field.

Gator

One of the most ubiquitous and successful spyware programs out there, Gator offers itself as a utility for filling out Internet forms -- just give your info to Gator the first time and the big green reptile will take care of every form you encounter thereafter.

Unfortunately, Gator's real purpose is to collect user information, track users' shopping habits, and provide them with tailored advertising content. After criticism from the Interactive Advertising Bureau, and an unsuccessful lawsuit, Gator claims to have crippled this part of its software while they worked for a "more acceptable" solution, however, Symantec still lists Gator's software as being infected with a trojan horse. Naturally, Gator claims no knowledge of any Trojans or security holes, but they do offer a software upgrade for "enhanced security."

Cexx.org, one of the premier Websites for fighting spyware, describes Gator as perpetrating "drive-by downloads" on unsuspecting users. "In this scheme, a normal banner or popup ad will attempt to install software (executable code) on the user's PC. Depending on the browser's security settings, the software will either download silently and without any user action, or present an install dialogue. Novice users may choose 'Yes' thinking the browser is asking to download a legitimate page-display plugin."

Gator also includes an even sneakier component, OfferCompanion, in its code. OfferCompanion not only lards down the user's browser with banner ads and sends information on you and your surfing habits back to Gator, but it also replaces ad banners from legitimate vendors with its own content. Naturally the legitimate, paying advertisers are outraged that their ads are being displaced without warning, often by ads from competitors or even from adult sites. "Among other things, this 'steals' advertising revenue from the legitimate owner of that Website, as their banner is inaccessible and covered up by the Gator ad." In July 2002, a federal judge ordered Gator to temporarily stop displaying advertising over Web publishers' pages without their permission, prompted by a lawsuit filed by the New York Times, the Washington Post, Dow Jones, and other publishers.

Gator has no problems with owning up to its shady practices, at least to a degree. In their own words:

Rosy, huh? Most advertisers who lose revenue from Gator's switcheroo don't think so.