Second Wave of Adware Pounds Web Surfers

New adware companies are increasingly targeting Facebook, Twitter, and other popular social networking sites as a means of distribution. The share-friendly environment of such sites is ideal for spreading adware and trackware through third-party applications, which often hide their true intent.

The Origins of Adware

Adware is software that displays targeted ads when downloaded. It often comes bundled with downloadable games, movies, music files, or software programs, but it usually isn't listed as part of the download. Once on your system, the app tracks your online behavior and serves up ads based on that behavior. The ads may appear as shopping assistants, targeted ads, pop-up or pop-under windows, highlighted keywords, search toolbars, floating ads, or other annoying extras.

Old-style adware hit its peak around 2003; by 2005 it was common in several downloads and at sites around the Web. Installation methods included bombarding Website visitors with pop-ups, issuing prompts to install ActiveX controls or other software, posing as license acquisition installs for programs such as Windows Media Player, and offering deals in a bundle with peer-to-peer apps.

In late 2005, citing deceptive advertising and computer trespassing, state attorneys general and the Federal Trade Commission began cracking down on adware purveyors. By 2007, adware giant Zango and other major players in the industry had either folded or joined a new software market.

But the talent at Zango dispersed to companies like Loudmo and Pinball Publishing Network, to cultivate a new adware target: social networking sites. Teaming up with third-party app creators, the adware developers embed snoopy code into games and apps that users share with friends and followers.

Many of today's adware distribution strategies deal exclusively with popular social networking sites--specifically Facebook and Twitter--that rely heavily on third-party content.

On Facebook, adware offerings appear masked as games, dating apps, videos, media players, and "sponsored" distributions for real open-source programs such as Mozilla Firefox and Open Office. On Twitter, adware affiliates spam software bundles, such as a free (but adware-tainted) FLV Di­­rect player, so that they show up in common Twitter searches.

Adware distributors also exploit Facebook's ‘Like' function to spread their adware programs virally. Recently, a status up­­date appeared on Facebook stating "Poor girl commits suicide after dad posted this on her wall." When you click the link to read the page, an "age verification tool" pops up, and you have to download a gaming program (actually masked adware) to get to the story--which is unrelated to Facebook. If you fall for this scheme, friends will see that you "liked" the story.

Many users are un­­aware that these apps contain a hidden installation of ad-supported software (the main description of the download doesn't mention it). Companies that create these applications fail to clearly disclose their purpose, which is to collect data and present users with advertisements for the company's financial gain.

Who's Behind It

Eric Howes, spyware research manager for GFI Software, a network security firm, warns users to watch out for apps, games, and video files from companies such as Circle Development, ComScore, Future Ads LLC, Game Vance, Loudmo, Pinball Publisher Network, PlaySushi, and Vomba Network. The software isn't inherently malicious, but adware companies tend not to disclose their intentions up front, and data tracking without consent is a privacy issue.

Though the TrustE privacy seal of ap­­proval supposedly "only awards privacy seals to Websites that give you proper notice of its privacy practices," according to TrustE.com, Howe says GFI has found several TrustE seals on Websites of known adware distributors.

To protect yourself from spyware and adware, keep your ad-blocker and antivirus programs up-to-date. Most basic programs will catch adware as it downloads, as long as you have installed the most recent version of the utility on your system. Keeping Windows and Adobe apps current is important, as well: Many adware programs ask you to download a doctored version of these programs that is tainted with adware.

If you click through to one of the ads sponsored by an adware company, check the URL. Often it contains the name of the company, meaning that the data gets sent back to the company when you click one of its ads.

Take the time to read the privacy poli­cies and terms of service for third-party apps before downloading them. A program's description might not allude to adware, but its accompanying privacy policy may mention that targeted ads through trackware are a component of the download package. If you do end up with adware, you can easily uninstall most such programs by using the ‘Add/Remove software' function in Windows.

Illustration by Gary Neill

Subscribe to the Security Watch Newsletter

Comments