Spyware Detail

Summary

Opens popups. Crashes IE randomly. S eems to add itself to Norton Firewall allow list. Tries to read your name from: RealName, Settings \Software\Microsoft\Internet Account Manager\Accounts\ SMTP Display Name, InstallUser, BusinessTitle, JobTitle, vCard. Various versions will redirect (hijack) search engine results, searches from your address bar, and even error pages. Some versions add advertising links to web pages and display popup ads.

Alias

SearchFu/123Search
iPend
TrojanNotifier.Win32.EES.a[Kaspersky]
Spyware/ClientMan[Panda]
Win32/MadFind!Trojan[Computer Associates]
Win32.Madfind.A[Computer Associates]
Adware/Madfinder[Panda]
Trojan.Win32.Small.i[Kaspersky]
Win32/Siboco.B!Trojan[Computer Associates]
Win32.Siboco.B[Computer Associates]
Trj/Small.AQ[Panda]
Win32/MadFind.BH!Trojan[Computer Associates]
Backdoor/Armageddon.20!Server[Computer Associates]
Trojan Horse[Panda]

See Also

GroksterFavoriteMan

Category

Backdoor:  A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

Browser Helper Object:  (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.

Notifier:  Any tool designed for stealth notification of an attacker that a victim has installed and run some pest. Such notification might be done by FTP, SMS, SMTP, or other method, and might contain a variety of information. Often used in combination with a Packer, a Binder and a Downloader.

Trojan:  Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.



Variants

ClientMan/Helper: The first version. Includes two Browser Helper Objects Adds yellow advertising links to pages. · ClientMan/Tagger: Second version. Files include taggerbho.dll, fixtitle.exe, getbuys.exe · ClientMan/2in1: Current version. Files include 2in1.dll, dnsrep.dll, urlcli.dll, msvrfy.dll, gstylebho.dll · ClientMan.2in1 · ClientMan.Helper · ClientMan.Tagger · ClientMan.DNSRep · ClientMan.b99 · ClientMan.bho1 · ClientMan.bho2 · ClientMan.MSMC ·

View Full Details