Spyware Detail

Alias

Adware/ISearch[Panda]
Trj/Downloader.NL[Panda]
command [Webroot]
CmdService [CounterSpy]
Spyware.ISearch [Symantec]

Category

Adware:  Software that displays pop-up/pop-under advertisements when the primary user interface is not visible, or which do not appear to be associated with the product.

Browser Helper Object:  (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.

Downloader:  A program that downloads and may execute or install software without user permission.

Error Hijacker:  Any software that resets your browser's settings to display a new error page when a requested URL is not found. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.

Spyware:  Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed. See also Adware.

Toolbar:  A group of buttons which perform common tasks. A toolbar for Internet Explorer is nomally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects.



Reasons For Retention

(Testing completed on 03.03.05) Based on eTrust PestPatrol® Spyware Scorecard v2.0, ISearch Toolbar violates the following criteria:

First, Installs without providing explicit opt-out option from any site or other application. ISearch downloads additional software, like BetterInternet, without user permission.

Second, changes browser settings, for example the default search provider, home or error page(s) etc., without user permission at time of change. ISearch fronts as IExplorer, enabling it to hook inbound and outbound traffic. ISearch persistently opens itself without user permission--every time a new session of Internet Explorer is opened (every time IE is opened). Additionally, ISearch changes the 404 error page without user permission.

Third, Silently connects to an unintended location to transmit personal information.

Fourth, Installs or updates without user permission or knowledge at time of installation. After ISearch is installed and the computer rebooted, ISearch pulls in additional software.

Fifth, Uninstaller leaves components running after reboot. ISearch Toolbar installs software that cannot be uninstalled. For example, randomly named excutables were installed (like during our testing 03.03.2005) with names like lkmkrlj.exe and others with names similar to Windows processes like calc.exe continue to run after uninstall. After uninstalling the ISearch Toolbar using the uninstaller found in Windows Add/Remove programs and rebooting the computer, a small search bar appeared in the lower-left side of the screen that would popup from time to time. Other executables continued to run after reboot, like those aforementioned.

View Full Details