Adware Stalks Torrents, Social Networks
Just as malware attacks have saturated nearly every element of online content distribution, adware continues to follow suit.
Even as the legal fate of P2P torrent aggregation site ThePirateBay.org remains in limbo, adware slingers are attempting to ride the site's coattails to channel message-cluttering ads to PirateBay's over 3.6 million users.
In a blog post to Webroot's Threat Blog, researcher Andrew Brandt highlights the details of the campaign, dubbed BittorrentBooster, which promises to speed PirateBay users' abilities to downloaded torrent files if they're willing to sign up for an online account and agree to the terms of service. The terms dictate that users are willing to affix signature-borne advertising messaging to all of their outgoing and incoming e-mails, as well as all of the posts that they make to blogs, forums and social networking sites.
And oh yeah, pay $3-5 per month for the privilege of doing so.
For starters, Brandt points out that factors that determine at what speed someone can download a torrent - such as network congestion - can't be improved in the manner that the BittorrenBooster program proposes to speed performance.
Beyond that, after you sign up for the service, which requires that your computer is running on Windows 2000 XP or Vista, the EULA also requires you to tolerate browser pop-up ads and be willing to have the service change your default browser search settings. And the text of the original e-mail and messaging post ads that you've agreed to pass along will be based on the search terms you use, and "may include commercial, adult, personal ads, classified ads" or other types of unspecified content.
On top of all that, Brandt reports that the people behind the campaign have already used a large number of fraudulently registered PirateBay accounts to advertise the BittorrentBooster program via the aggregation site's feedback, and tons of downloadable .torrent files -- which file-sharers using the site enlist to initiate P2P download sessions.
While a lot of people would look at this one and make the observation that if you're using P2P file-sharing sites that ignore copyright laws and open you up to a whole range of potential security issues, you probably deserve to get infected with adware.
But consider how many people merely know someone who does, or uses the same social network or forum as they do, who may get caught up in subsequent malware schemes delivered over said message-based ads.
Adware has always played a major role in propagating the entire cybercrime revolution. I guess it's not that surprising that it continues to do so and advance at a similar pace as the attacks themselves.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.