|
Spyware
Installation Methods [ Findings | Discussion | Disclosures ] This page indexes installation methods used by spyware programs and other unwanted software. |
Related Projects 180solutions & Affiliate Commissions WhenU Violates Own Privacy Policy Documentation of Gator Advertisements and Targeting |
| Installer | Description / documentation / analysis |
| Installation through security holes | |
| Java and MSXML Exploits - example | Installs ComScore RelevantKnowledge, Deskwizz/Searchingbooth, Look2me, and WebBuying. Exploit occurs at the ExitExchange banner farm. Exploit installs software from the TopInstalls and SearchClickAds bundlers. |
| IFRAME Exploit - example | Installs 180solutions, BlazeFind, BookedSpace, CashBack by BargainBuddy (eXact Advertising), ClickSpring, CoolWebSearch, DyFuca, Hoost, IBIS Toolbar, ISTbar, Power Scan, SideFind, TIB Browser, WebRebates, WinAD, WindUpdates, and more. |
| CHM Exploit - example |
AlwaysUpdatedNews exploit and installation. Exploit is syndicated through the targetnet.com ad network (operated by Mamma Media (Nasdaq: MAMA)) onto multiple distribution web sites. Exploit installs 180solutions, Clearsearch, Direct Revenue, DyFuca, eXact Advertising, IBIS WebSearch, MySearch (Ask Jeeves), SurfSideKick, ShopAtHomeSelect, TSA, WindUpdates, and more. |
| CHM Exploit - example |
Pacimedia exploit and installation. Exploit is syndicated through the Yieldmanager.com ad network. Exploit installs 180solutions, ContextPlus, eXact Advertising, Integrated Search Technologies, MediaAccess, New.net, Powerscan, SearchAccuracy, ShopAtHomeSelect, Sidefind, SurfSidekick, YourSiteBar, and more. |
| WMF Exploit - example |
Exploit is syndicated through the Exitexchange.com ad network. Exploit installs: 180solutions (bypassing the S3 installation prompt), Ad-w-a-r-e, Adservs, Integrated Search Technologies, Internet Optimizer, Media Tickets, New.net, Quicklinks, Surfsidekick, Tagasaurus, Targetsaver, Toolbar888, Ucmore, Webhancer, Web Nexus, WinFixer, and more. |
| Ebates | Video showing Ebates installed through security holes. Ebates subsequently claims affiliate commissions on users' online purchases. |
| Others | On file / forthcoming. |
| Installations even if users specifically decline | |
| Grokster | Installs SearchLocate/SideBar and TVMedia even if users press "cancel" to reject Grokster's license agreemnt decline installation. |
| Installations not disclosed by bundled software | |
| Ask Toolbars | Installs an Ask toolbar without any notice whatsoever and without giving users any opportunity to grant or deny consent. |
| Misleading popups | |
| Ask Jeeves | Installs AJ software with a single click. On-screen disclosure is confusing and incomplete -- a single 41-word sentence with six verbs. Fails to mention toolbar to be added to user's web browser. |
| CDT | Falsely claims "In order to view this site, you must click yes." Repeatedly displays installation prompts even if users decline. |
|
Claria | Various. Recruiting users via ads shown by exploit-installed spyware. Installing Claria without on-screen mention of the word "pop-up." |
| Falsely claims "You have an out of date browser" and suggests its software as a remedy. | |
| PacerD | Offers "free browser enhancements" without mention of advertising, privacy, reliability, or speed effects. Installs 180solutions, AdDestroyer, Ad Power Zone, Apropos Media, Desktop Traffic, Direct Revenue, multiple programs from eXact Advertising, Elitebar, IBIS WebSearch, PeopleOnPage, Shop At Home Select, Surf Side Kick, TopConverting, and Virtual Bouncer. See also PacerD installations via a security hole exploit. |
| Windows media popups - example |
Falsely claims "You must agree to our terms and conditions." Installs 180solutions, Addictive Technologies, AdMilli, BargainBuddy, begin2search, BookedSpace, BullsEye, CoolWebSearch, DealHelper, Direct Revenue, DyFuca, EliteBar, Elitum, Ezula, Favoriteman, HotSearchBar, I-Lookup, Instafin, Internet Optimizer, ISTbar, Megasearch, PowerScan, ShopAtHome Select, SearchRelevancy, SideFind, TargetSavers, TrafficHog, TV Media, WebRebates, WindUpdates, and Winpup32. |
| Others | On file / forthcoming. |
| Companies facilitating infections | |
| Bundles - Peer-to-peer filesharing | |
| eDonkey | Installs Webhancer, GloPhone, Web Search Toolbar, New.net. Narrow license window shows 3-5 words per line. Multiple licenses merged into a single scroll box. Failure to disclose even general functions of some software to be installed. |
| Grokster |
Installs Claria, 411 Ferret/ActiveSearch, AdRoar, Altnet/BDE, BroadcastPC, Cydoor, Direct Revenue, Flashtrack, MyWay/Mybar, SearchLocate/SideBar, Topsearch, TVMedia, WebRebates, and more. Installs SearchLocate/SideBar and TVMedia even if users press Cancel to decline installation. |
| iMesh | Installs AskJeeves (MySearch) toolbar, but never uses the word "toolbar" in its installation disclosure and first mentions a "search bar" fueature at page 27 of a 56-page license. Broken links in license agreement. |
| Kazaa |
Installs Claria, Cydoor, Instafinder, My Search Toolbar, various desktop icons. Analysis of terms and presentation of Claria's license, as shown by Kazaa. Shows or references a total of 22,606 words of licenses filling 182 on-screen pages. |
| Kiwi Alpha | Installs multiple programs including 180solutions. Bundled programs are disclosed only in a lengthy scroll box, without any other warning as to what will be installed. For example, the disclosure of installation of 180solutions occurs at page 15 of a 54-screen license agreement. |
| Morpheus | Installs Direct Revenue. Restrictions on permitted removal methods. Purported grant of permission to remove other programs. Failure to disclose certain information collected. |
| Bundles - Screen savers | |
| 3D Flying Icons | Installs 180solutions, DyFuca, Internet Optimizer, MediaAccess, Neo/TIBS/WebSearch, ShopAtHome Select, and TaskAd. Some bundled programs are not disclosed at all. Others are disclosed only through a link at bottom of installer's license agreement. |
| Others | Forthcoming. |
| Bundles - Games | |
| Dope Wars | Installs Claria. Prominent terms make no mention of effects on privacy. |
| Others | Forthcoming. |
| Bundles - based on user request for third-party software that does not actually exist | |
| Softdlspro | Promises a Flappy Bird app for Windows, but installs adware from Blinkx among others. |
| Softdlspro | Promises a Snapchat app for Windows, but installs adware from Blinkx among others. |
| IronSource | Promises a Snapchat app for Windows, but installs myriad adware. |
| Bundles - delivering adware when a user requests third-party software widely available without bundled adware | |
| IronSource | Offers Google Chrome, but installs myriad adware along with Chrome. |
| Misleading banner advertisements | |
| 180solutions |
180solutions's Misleading Installation Methods - Ezone.com. 180solutions's Misleading Installation Methods - Dollidol.com. |
| Ask Jeeves | Ask Jeeves Toolbar Installations via Banner Ads at Kids Sites. More on file / forthcoming. Current Practices of IAC/Ask Toolbars - Advertising at kids sites, via "deceptive door opener" offers. |
| Claria | Claria's Misleading Installation Methods - Ezone.com. More on file / forthcoming. |
| Hotbar | Hotbar Installs via Banner Ads at Kids Sites. |
| Others | On file / forthcoming. |
| Installations without an uninstaller in Control Panel | |
| Claria | Dope Wars - No uninstaller provided. Defective removal instructions. |
| Others | On file / forthcoming. |
The practices described and linked above are but a few of the misleading ways that unwanted programs arrive on users' computers. I am currently working to document other such methods and to post such documentation. Please send suggested additions.
Misleading installations are but one way that spyware harms users. This page omits discussion of the consequences of spyware on computer privacy, security, speed, and reliability. This page also omits discussion of spyware practices hindering detection and removal.
My interest in spyware originally arose in part from a prior consulting engagement in which I served as an expert to parties adverse to Gator in litigation. See Washingtonpost.Newsweek Interactive Company, LLC, et al. v. the Gator Corporation. More recently, I have served as an expert or consultant to other parties adverse to spyware providers.
Last Updated: February 18, 2015 - Sign
up for notification of major updates and related work.