Spyware Detail

Summary

Hijacker of homepages and searches using an IE toolbar.

Alias

W32/Istbar.CK@dl [F-Prot]
Trojan-Downloader.Win32.IstBar.gu [Kaspersky]
Adware-ISTbar [McAfee]
W32/Istbar.MY [NORMAN]
ISTbar/AUpdate is also known as DownloadPlus and SearchBarCash-Hijacker. ISTbar/MSCache is also known as MSUpdates\MSCache.
Spyware/ISTbar[Panda]
TrojanDownloader.Win32.IstBar.t[Kaspersky]
Win32/PMagic.A!Trojan[Computer Associates]
Trj/W32.IST[Panda]
TrojanDownloader.Win32.IstBar.e[Kaspersky]
TrojanDownloader.Win32.IstBar.p[Kaspersky]
Trojan Horse[Panda]
Adware/nCase[Panda]
Win32/IstBar.ce!Downloader[Computer Associates]
Trojan-Downloader.Win32.IstBar.gen[Kaspersky]
TrojanDownloader.Win32.IstBar.gen[Kaspersky]
TrojanDownloader.Win32.IstBar.p
actalert.exe

Vendor Description

"Integrated Search Technologies is a leading Internet marketing solutions provider, specializing in effectively targeting valuable customers at the moment they are most interested in a particular product or service.
IST targets the customers through several different delivery methods such as highly effective toolbars xxxtoolbar.com and plug ins available for Internet Explorer. IST has developed products aim at the surfer such as an addictive toolbar for Internet Explorer giving access to rich content, and a highly effective affiliate program aimed at the webmasters or anyone that is willing to cash-in on their traffic by distributing IST products. Products aimed at the surfer : Toolbar. Products for the webmaster : Toolbarcash" - web site.

Category

Adware:  Software that displays pop-up/pop-under advertisements when the primary user interface is not visible, or which do not appear to be associated with the product.

Browser Helper Object:  (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.

Downloader:  A program that downloads and may execute or install software without user permission.

Hijacker:  Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.

Toolbar:  A group of buttons which perform common tasks. A toolbar for Internet Explorer is nomally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects.

Trojan:  Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.



Variants

ISTbar/AUpdate installs a TinyBar variant to implement its toolbar. The hijacker is aimed at my-internet.info and blazefind.com; distribution is managed by searchbarcash.com, its controlling server. ·

ISTbar/MSCache also uses TinyBar, along with a Browser Helper Object called mscache.dll used to load updates. The controlling server is www2.skoobidoo.com. ·

ISTbar/XXXToolbar an update based around pornography. It uses its own toolbar based on the Pugi toolbar. The hijacker is aimed at its controlling server xxxtoolbar.com, and slotch.com; distribution is controlled by toolbarcash.com.

· ISTbar.AUpdate · ISTbar.MSCache · ISTbar.XXXToolbar · ISTbar.CSearch · ISTbar.MCInstL · TrojanDownloader.Win32.IstBar.aj · TrojanDownloader.Win32.IstBar.ap · TrojanDownloader.Win32.IstBar.bm · TrojanDownloader.Win32.IstBar.bp · TrojanDownloader.Win32.IstBar.i · TrojanDownloader.Win32.Istbar.bu · TrojanDownloader.Win32.Istbar.dh · TrojanDownloader.Win32.Istbar.dr · TrojanDownloader.Win32.Istbar.bo · TrojanDownloader.Win32.Istbar.bx · TrojanDownloader.Win32.Istbar.cl · TrojanDownloader.Win32.Istbar.u · SlotchBar ·

View Full Details