AdWare crosses the line

16 Dec 2004

minute read

Authors

Roel Schouwenberg

Malware has evolved a step further. AdWare has been compared to Trojan code for quite some time, but now we’re seeing AdWare behaving like a file infector. This is something new.

A variant of the infamous CoolWebSearch family is infecting legitimate files in a way that when the infected file gets run, the AdWare file gets loaded too.

This means that you need to disinfect the legitimate file. If you delete the AdWare, but don’t cure the file infection, this will cause problems.

It will be interesting to see how most Anti-Spyware programs will cope with this issue, as their engines aren’t designed to disinfect executable files.

Authors

Roel Schouwenberg

AdWare crosses the line

Latest Posts

Latest Webinars

Reports

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

AdWare crosses the line

GReAT Ideas. Balalaika Edition

GReAT Ideas. Green Tea Edition

GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

GReAT Ideas. Powered by SAS: threat hunting and new techniques

ZeroLocker won’t come to your rescue

A Post-PC BlackHat?

Adobe Updates April 2014

Trust. Trust. Trust

Adobe’s First Patch Tuesday of 2014

XZ backdoor: Hook analysis

Assessing the Y, and How, of the XZ Utils incident

XZ backdoor story – Initial analysis

A hack in hand is worth two in the bush

QBot banker delivered through business correspondence

Latest Posts

Mobile malware evolution in 2024

The SOC files: Chasing the web shell

Exploits and vulnerabilities in Q4 2024

The GitVenom campaign: cryptocurrency theft using GitHub

Latest Webinars

Silent shields & digital dragons: MDR’s proactive protection

From chaos to control: streamlining detection engineering in Security Operation Centers

Сrimeware and financial cyberthreats in 2025

Global IT outages and supply chain attacks: 2024’s lessons and tomorrow’s cyberthreats

Reports

SideWinder targets the maritime and nuclear sectors with an updated toolset

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Subscribe to our weekly e-mails