The Common Types of Computer Infections

Adware Fake Antivirus Ransomware Browser Hijacker

What is adware?

Also Known As: Potentially unwanted application (PUA) or Potentially unwanted program (PUP)

'Adware' is a term used to describe a program that displays intrusive ads and is considered privacy invasive. Today, the Internet is rife with potentially unwanted applications that install with free downloads. Most free software download websites use download clients - small programs offering the installation of advertised browser plug-ins (usually adware) with the chosen freeware.  Thus, reckless downloading of free software can lead to unwanted adware infections.

There are several types of adware: some may hijack users' Internet browser settings by adding various redirects; others may deliver unwanted pop-up ads. Some adware programs do not show any visible signs of infiltration, however, they are able to track users' Internet browsing habits by recording IP addresses, unique identifier numbers, operating systems, browser information, URLs visited, pages viewed, search queries entered, and other information. Moreover, most adware programs are badly programmed, and thus can disrupt the normal functioning of users' operating systems.

Adware Symptoms:

Slow web browser performance, annoying ads (searches, banners, text links, transitional, interstitial, and full page advertisements), browser redirects.

adware infections generating intrusive online ads

Screenshot of adware generating intrusive pop-up and banner ads:

adware generating pop-up ads sample 1 adware generating pop-up ads sample 2 adware generating pop-up ads sample 3 adware generating pop-up ads sample 4

Adware generating banner ads:

adware generating banner ads sample 1 adware generating banner ads sample 2 adware generating banner ads sample 3 adware generating banner ads sample 4

Distribution:

Adware is often included within freeware or shareware programs, and the installation of potentially unwanted applications can be caused by deceptive free software download clients and installers. Adware is also installed via fake Flash Player, Java, or Internet browser updates. Potentially unwanted programs are distributed by the use of misleading banners and other online ads.

Screenshots of free software installers used to propagate adware:

free software installer used to propagate adware sample 1 free software installer used to propagate adware sample 2 free software installer used to propagate adware sample 3 free software installer used to propagate adware sample 4

How to avoid adware infections?

To avoid installation of adware, Internet users should express great caution when downloading and installing free software. If your download is managed by a download client, be sure to opt-out of installation of any advertised browser plug-ins by clicking on a 'Decline' button. When installing previously downloaded freeware, always choose 'Advanced' or 'Custom' installation options, rather than 'Quick' or 'Typical', since choosing the default options can lead to unwanted installation of bundled adware.

Most Recent Adware Infections:

Most widespread Adware:

Adware Fake Antivirus Ransomware Browser Hijacker

What is a Fake Antivirus?

Also Known As: Rogue security software or Scareware

Fake Antivirus (also known as Scareware) is a term used to describe rogue security programs which imitate computer security scans and report non existent security infections to scare PC users into purchasing useless license keys. While such programs may appear beneficial on the surface, in fact they are misleading with the aim of tricking computer users into believing that their operating system is infected with high risk malware. Cyber criminals responsible for creating these bogus programs, design professional-looking user interfaces and security warning messages to make their fake antivirus programs appear trustworthy.

After successful infiltration, rogue antivirus programs disable the operating system's Task Manager, block execution of installed programs, and configure themselves to start automatically on system startup. PC users should realise that paying for a fake antivirus program  is equivalent to sending money to Cyber criminals. Moreover, by paying for these rogue programs, users risk divulging their banking or credit card information, thus leading to potential further thefts from their accounts. Users who have already purchased such bogus antivirus software should contact their credit card company and dispute the charges, explaining that they have been tricked into buying a fake antivirus program. While the main function of fake antivirus programs is to encourage users to visit websites where they will be advised to pay for nonexistent security threat removal, these rogue programs are also capable of launching additional malicious programs, stealing personal information, and corrupting stored files.

fake antivirus program sample 1 fake antivirus program sample 2 fake antivirus program sample 3 fake antivirus program sample 4

Fake Antivirus Symptoms:

Constant security warning popup messages in the task bar, reminders to purchase a full version to remove supposedly identified 'security infections', poor computer performance, blocked execution of installed programs, blocked Internet access.

Screenshots of rogue antivirus programs generating fake security warning messages:

rogue antivirus program generating fake security warning messages sample 1 rogue antivirus program generating fake security warning messages sample 2 rogue antivirus program generating fake security warning messages sample 3 rogue antivirus program generating fake security warning messages sample 4

Distribution:

Cyber criminals use various methods to distribute rogue antivirus programs. Some of the most widely used are malicious websites, infected email messages, and fake online security scanners.

Other fake antivirus distribution methods:

  • Search engine results poisoning
  • Exploit payloads
  • Fake antivirus downloads by other malware
  • Fake Windows security updates
  • Fake Facebook apps

Screenshots of a fake online security scanners and messages used to proliferate rogue antivirus programs:

fake online security scanner sample 1 fake online security scanner sample 2 fake online security alert sample 1 fake online security alert sample 2

How to protect your computer from fake antivirus programs?

Always keep your operating system and all the installed programs (Java, Flash, etc.) up-to-date and be sure your firewall is turned on. Use legitimate antivirus and anti-spyware programs. Express caution when clicking links in email messages or on social networking websites. Never trust online pop-ups that state your computer is infected with malware, and then offer installation of security software that could supposedly eliminate 'identified' security threats - these online messages are used by Cyber criminals to spread fake security scanners.

Most recent Fake Antiviruses:

Most widespread Fake Antiviruses:

Adware Fake Antivirus Ransomware Browser Hijacker

What is Ransomware?

Also Known As: Police Trojan or Computer-locking malware

Ransomware is malicious software that locks users' desktops and demands the payment of a sum of money (the ransom) to unlock it. There are two major types of ransomware infections. The first exploits the names of authorities (for example, the FBI) and makes fake accusations of various law infringements (for example, for downloading pirated software, watching prohibited pornography, etc.) in order to trick computer users into paying a fine for supposed law infringements.

Cyber criminals responsible for creating these rogue programs, employ users' computer IP information to present their victims with a localized variant of a screen blocking message. Ransomware infections are distributed via exploit kits - malicious programs that infiltrate users' operating systems by exploiting security vulnerabilities in outdated software.

Another type of ransomware infection only effect users' Internet browsers (Internet Explorer, Mozilla Firefox, Google Chrome, and Safari), and is known as Browlock. This type of ransomware uses Java script to block users' attempts to close their Internet browsers.

Computer users should be aware that none of the legal authorities around the world use computer screen blocking messages to collect fines for law violations.

Screenshots of ransomware infections exploiting the names of various authorities:

ransomware exploiting the names of authorities sample 1 ransomware exploiting the names of authorities sample 2 ransomware exploiting the names of authorities sample 3 ransomware exploiting the names of authorities sample 4

The second major type of ransomware infections are especially malicious, since they not only block users' desktops, but also encrypt data. This type of ransomware clearly states that it is an infection and demands payment of a ransom to decrypt users' files. This type of ransomware is relatively simple to remove, however, in the case of Cryptolocker, it is not possible to decrypt the files without the private RSA key. PC users who are dealing with this type of ransomware are advised to restore their encrypted files from a backup.

Screenshots of ransomware that encrypts users' files:

crypto ransomware sample 1 - ctb locker crypto ransomware sample 2 - cryptofortress crypto ransomware sample 3 - cryptowall crypto ransomware sample 4 - threat finder

Ransomware Symptoms:

A completely blocked desktop with a message demanding paying of a ransom in order to unblock the computer (or decrypt files) and avoid criminal charges.

Distribution:

Cyber criminals often use exploit kits to infiltrate users' operating systems and execute the desktop blocking message. Exploit packs contain multiple exploits of different types, and if an operating system and installed software is not fully patched, causes the browser to download ransomware infections. Commonly, exploit kits are planted on malicious or hacked websites. Recent research shows that Cyber criminals are also proliferating ransomware infections through ad networks (which specialize in advertising on pornographic websites) and spam campaigns.

How to avoid ransomware infections?

To protect computers from ransomware infections, users are advised keep their operating system and installed software up-to-date. Use legitimate antivirus and anti-spyware programs and do not click on links or open email attachments from untrusted sources. Avoid visiting pornographic websites and do not download files from P2P networks.

Most recent ransomware Infections:

Most widespread ransomware:

Adware Fake Antivirus Ransomware Browser Hijacker

What is a Browser Hijacker?

Also Known As: Redirect Virus or Hijackware

A browser hijacker is a program that infiltrates users' computers and modifies Internet browser settings. Most commonly, browser hijackers modify users' homepage and default search engine settings and can interfere with the proper operation of the Internet browser itself. The main purpose of these bogus programs is to generate revenue from deceptive ads or sponsored Internet search results presented within the websites they promote. The most common forms of browser hijackers are browser extensions, toolbars, and helper applications. Browser hijackers infiltrate users' Internet browsers through drive-by downloads, infected email messages, or by installation of free software downloaded from the Internet.

Computer users should realise that, today, most free software download websites use download clients - small programs used to monetize their free services by offering installation of advertised browser plug-ins (usually browser hijackers in the form of toolbars). By not paying close attention to the downloading steps, users can inadvertently install various browser hijackers. Some of the adware capable of modifying browser settings is bundled with rogue browser helper objects able to block users' attempts to change their homage and default search engine settings.

Recent research shows that most browser hijackers redirect Internet users to deceptive Internet search engines. These engines return erroneous results with little or no relevance to the original search terms; the actions are performed to generate revenue from user clicks on sponsored search results - clicks that lead to sales-focused or malicious websites. Moreover, these bogus programs are known to track users' Internet surfing habits by recording various personal information (IP addresses, web sites visited, search terms entered, etc.), and such behavior can lead to privacy issues or even identity theft.

Screenshots of browser hijackers that change browser's homepage and default search engine settings:

browser hijacker sample 1 browser hijacker sample 2 browser hijacker sample 3 browser hijacker sample 4

Browser Hijacker Symptoms:

  • Modified homepage and default search engine settings
  • Blocked attempts to change browser settings
  • Pop-up and banner ads in legitimate websites such as Google or Wikipedia
  • Poor computer performance

Screenshots of deceptive free software installers used in browser hijackers distribution:

free software installer used in browser hijacker distribution sample 1 free software installer used in browser hijacker distribution sample 2 free software installer used in browser hijacker distribution sample 3 free software installer used in browser hijacker distribution sample 4

Distribution:

Most commonly, browser hijackers are distributed using a deceptive software marketing method called bundling - they install with free software downloaded from the Internet. Adware capable of modifying browser settings is also known to be distributed using fake Java and browser update downloads.

How to avoid browser hijacker infections?

Always read the terms of use and privacy policy for any software that you download, and be especially careful when downloading free software. Do not click on pop-up ads that offer installation of free and 'useful' programs. Be very attentive when downloading and installing freeware: avoid installation of 'bundled' browser extensions by clicking on a 'decline' button; when installing free programs, use the 'advanced' or 'custom' installation options; and opt-out of installation of any bundled toolbars. In addition to these measures, ensure you keep your Internet browsers updated.

Most recent Browser Hijackers:

Most widespread Browser Hijackers: