Software designed to display banners, redirect users to advertising sites, and harvest marketing data, such as which websites the victim visits.

One feature of such programs is that they do not generally manifest themselves: There is no icon in the system tray, and no notifications about installed files. Adware programs do not usually come with an uninstall procedure; they employ borderline virus technologies for secret embedding and operation in the victim’s computer system.

Such software often reconfigures the browsers and operating system for advertising purposes without prior notification. For example, it can modify shortcuts to browsers on the desktop, schedule the opening of advertising sites, set a new start page and default search engine in the browser, and tamper with search engine results.

Programs whose main function is to download and/or install advertising content or other advertising apps are also classified as adware.

Penetration

Adware programs penetrate user devices in various ways:

  • Embedding in freeware and shareware.
  • Getting downloaded from external servers without user permission.
  • Masking as media files, office documents, or other file types that do not generally contain executable code.
  • Unauthorized installation when visiting infected sites.

In most cases, adware programs are not linked to the apps with which they were distributed. Therefore, they remain on the user’s computer even after the utilities by which they entered the operating system are deleted.

The basic purpose of adware distributed inside shareware is to earn money from showing ads: Clients pay an advertising agency to display their ads, which in turn pays the developers of such programs.

Adware can employ technologies used in malware, including penetration of the victim computer through browser vulnerabilities, and the use of Trojans designed to install hidden software (Trojan-Downloader or Trojan-Dropper).

Ad serving

Cybercriminals deliver ads in various ways, including:

  • Downloading advertising texts, images, audio or video materials from external servers to the target device.
  • Redirecting search requests to an advertising site.
  • Unauthorized opening of web pages.
Data harvesting

Besides ad serving, many advertising systems also collect information about the computer and the victim:

  • IP address of the computer,
  • operating system and browser version,
  • list of websites visited by the user,
  • list of installed applications,
  • browser settings,
  • search history, and
  • other data usable in future ad campaigns.

Note: Do not confuse adware (which collects information solely for advertising purposes) with Trojan spyware.