Chapter 6: TOP SPYWARE THREATS

In this era of ever developing cyber crime and identity theft it is most important to keep updated with the ever-changing face of various and ingenious spyware applications. It is often said that prevention is equivalent to cure itself. Therefore, for better prevention we must know our foe better. For this reason, we have prepared a list of the 20 most menacing spyware applications.

1. CoolWebSearch Spyware
2. Autosearch
3. BargainBuddy
4. Claria
5. Cydoor
6. About: Blank
7. CommonName
8. Hotbar Spyware
9. IGetNet
10. MyWay Search Bar
11. NewDotNet
12. Opensite Spyware
13. WinLogin.exe (W32.NetSky.D / W32/Backdoor)
14. Mediaaccess.exe
15. Wtoolsa.exe
16. Wsup.exe
17. MoneyTree Dialer
18. Wtoolss.exe
19. Neo Toolbar
20. PIB Toolbar

Here is a brief description on each of the Top spyware threats.

CoolWebSearch Spyware

The CoolWebSearch Spyware tops the list of the most menacing spyware applications and for very good reasons. It is said to be highly intricate, complicated, and deceitful browser hijackers of all. It is actually a group of vicious and various spyware applications. It launches a new variant every other week and they are firstly, difficult to detect and secondly, impossible to uninstall. Only a sophisticated anti-spyware application can be effective at the most. These are some of the most effective variants of this application: CoolWebSearch/ DataNotary, CoolWebSearch/ BootConf, CoolWebSearch/ MSInfo, CoolWebSearch/ SvcHost and CoolWebSearch/ DNSRelay.

The common symptoms of CoolWebSearch Spyware includes hijacking of browser, it redirects to an affiliated to this application. It is also responsible of including pornographic sites in the favorite menu. It also inserts a new and unwanted toolbar into the browser. And as a side effect it would slow down your computer causing frequent reboot.

Autosearch

In January, 2004 Autosearch spyware came to notice for the first time. A homepage and browser hijacker by nature Autosearch can install an unnecessary toolbar within Internet Explorer. As a side effect it would slow down your computer. Whenever a wrong URL is typed it would invariably redirect the user to www.tunders.com. This application is known to endeavor almost 57k space of the hard disk.

BargainBuddy

The different variants of Bargainbuddy are Bargains, Versn, Adp, Apuc, Apuc2, Ikena, Transponder, and Cashback. BargainBuddy is mostly installed by direct download, Limewire, and Net2Phone CommCenter.

Claria

Claria was formarly known as "Gator". It is regarded as one of the most threatening spyware applications of the cyber world. Claria is known to insert advertisements in the user's browser with a flood of pop-ups. This application is known to endeavor almost 13Mb space of the hard disk.

Cydoor

Cydoor is a miserable menace as it constantly pops-up and displays unwanted advertisements. As if it was not enough to poke the user it actually re-routes the web requests and registers the user's web surfing habits. This application is known to endeavor almost 3.4Mb space of the hard disk. What is more to say is that it is virtually impossible to uninstall under the Windows uninstaller. And they do not provide any uninstaller with the application too. If you are affected by Cydoor please do not assume that you are the only one. Users from a hoard of countries

About:Blank

About:Blank is nothing but a variant of the CoolWebSearch morphing spyware. This is the most troublesome spyware as it is virtually impossible to uninstall. This meticulous spyware was found to be hyperactive during the 2004s, especially in the month of October.

CommonName

This application or spyware is a browser hijacker by nature. Its main job profile is to insert superfluous toolbars into your Internet Explorer and this in turn displays links to paid web pages. It registers your cyber movement and it re-routes the user's web requests to MSN or Yahoo, and AskJeeves. According to the company, over 22 million desktop computers are running their software. CommonName is known to engage about 16Mb of hard drive space.

Hotbar Spyware

This application known as Hotbar spyware inserts its toolbar as its activity once installed unknowingly. It remains in your browser and registers each and every site you ever visited as well as each step taken for your visit to that site. Ultimately, as often a good spyware does, it sends all the information back to the party that had sent this application in the first place. The concerned party then floods you with pop-ups. This application takes around 20 Mb of your hard disk space.

IGetNet

IGetNet uses around 1Mb of the user's hard drive space. It basically acts as a browser hacker. Generally, it re-routes the user's web requests to MSN or Netscape's search engines. The main function of this spyware is to monitor the user's activity and re-routes the user to certain advertisers and search engine.  It should be worthy quoting that, "IGetNet is easily recognizable because it changes your IE address bar (which is usually blank) to read "Enter Keyword or Web Address Here". In addition, if you type auto.search.msn.com, search.netscape.com, or ieautosearch in the Address field, you will be re-routed to http://www.igetnet.com."

MyWay Search Bar

MyWay Search Bar also comes under the name of MyWay Toolbar, My SpeedBar. This spyware is installed in your system as a toolbar and an application to block pop-ups. But what is does secretly is reportedly alleged as privacy hacking.  MyWay shares the memory of the user's browser, creates additional windows while the user is surfing, detects events, and above all logs activity and reports to the affiliated concerns. It comes in a direct download format with certain software viz. Kazaa.

NewDotNet

The functionality of this artifact does not stick on to the majority Internet principles. New.net has the ability to disguise and hide within some basically hazardless applications, like RealPlayer, Grokster, BearShare, KaZaA, iMesh, Babylon, Radlight, and Audiogalaxy. In fact,New.net is the dealer of domains which are not sustained in the official DNS system. They also are publisher of a spyware software that uses these domains. The domains that are provided by new.net are: .xxx, .club, .shop, .ltd, .inc, .mp3, .tech, .law, .family, .sport, .med, and .travel.

Opensite Spyware

Opensite is the latest spyware that affected the web recently. Its prime job is to advertisements. The operation is based on keywords in the address bar. It has the ability to change the default home page.

WinLogin.exe (W32.NetSky.D / W32/Backdoor)

A couple of awfully frequent trojan horses attached with this spyware are W32.NetSky.D and W32/Backdoor. These spyware are known bug computers and make indiscriminate beeping sounds, establish new-fangled registry entries, and guzzle network and CPU resources.

Following contents are generally present within the e-mails containing these spyware: 
Re: Here, Re: Hi, Re: Your details, Re: Your software, Re: Your picture, Re: Hello, Re: Approved, Re: Your letter, Re: Word file, Re: Document, Re: Thanks, Re: Your bill, Re: Excel file, Re: Your product, Re: Message, Re: Document, Re: Your music, Re: Your text, Re: Here is the document, Re: Your document, Re: Your archive, Re: Details, Re: Your website, Re: My details, Re: Your document etc.

Mediaaccess.exe

Mediaaccess.exe contains the product LoaderX Module with a file name Access. This is related to the WindUpdates.com scourge. This application also affects the user once it is downloaded. Generally, it accompanies the software MediaAccessK.exe.

Wtoolsa.exe

Wtoolsa.exe comes under the description of HuntBar. This application is not in a habit of consuming huge CPU space or time. It installs the application without the notion of the user.

Wsup.exe

Wsup.exe comes under the description of HuntBar. This application is not in a habit of consuming huge CPU space or time. It installs the application without the notion of the user.

MoneyTree Dialer

This application comes with the file named optimize.exe. It comes under the category of Trojan and secretly dials toll numbers. MoneyTree is basically used to download porn sites and dialers at a premium rate. This application uses ActiveX control to perform its task.
 
Wtoolss.exe

This software comes under the description of Huntbar. Its principles are extremely inexhaustible and it is not correlated to the legal software like WinTools.com. WinTasks 5 Pro is an effective application for controlling this bugging software.

Neo Toolbar

This application comes under file name tbps.exe. It generally installs itself with the adware Neo toolbar. File named msqsb.dll and tbpssvc.exe could be also found once this software is installed. WinTasks 5 Pro is an effective application for eradicating this software.

PIB Toolbar

This application appears under the file name pib.exe. This spyware acts as a toolbar. The main purpose of this application is to monitor the user's Internet surfing procedure and logs everything that has been ventured. It then reverts back this logged data to the individual responsible for scripting this bug. Another function of this application is sending regular advertising pop-ups. This application is a risky preposition and should be eliminated whenever it is traced. This application is not in a habit of consuming huge CPU space or time.