Quarterly Webroot Report Identifies the Ten Most Significant Emerging Spyware and Adware Threats

Two Threats on List, EliteBar and ISTbar, Currently Under Intense Scrutiny By FTC

Boulder, CO., November 14, 2005

As part of its ongoing research efforts to inform and protect businesses and consumers from the dangers of spyware, Webroot Software has issued the results of its latest quarterly review of the top 10 most significant spyware and adware threats. The list was published last week in Webroot's State of Spyware report.

Two of the spyware threats included on Webroot's list, EliteBar and ISTbar, are currently under intense scrutiny by the Federal Trade Commission and other government entities for deceptive and unfair business practices. On November 3rd, the Center for Democracy & Technology (CDT) and the Candian Internet Policy and Public Interest Clinic (CIPPIC) filed complaints with the US FTC and the Canadian Competition Bureau asking them to investigate Montreal-based software distributor Integrated Search Technologies, the developers and distributors of ISTbar. On November 10th, the FTC filed a suit with the U.S. District Court to shut down Enternet Media, the developers and distributors of EliteBar. In its statement on the suit, the FTC publicly acknowledged Webroot for its invaluable assistance in developing the case.

"EliteBar and ISTbar are two particularly deceptive pieces of spyware that have been unfairly profiting off of consumers and enterprises for way too long," said Richard Stiennon, vice president of threat research at Webroot Software. "We have become increasingly incensed by the deceptive business practices of EliteBar and ISTbar since we first added them to our Top Threats list, so we are extremely pleased to see the FTC and other government groups taking action against such companies."

The following is the complete list of the 10 most significant spyware and adware threats based on prevalence, detection and potential impact:

  • AbetterInternet - AbetterInternet is a Browser Helper Object (BHO) that may hijack any of the following: Web searches, home page, and other Internet Explorer settings. It generally propagates itself using dialog boxes, various social engineering methods, or through a java scripting error and is often bundled with various, free software programs.
  • CoolWebSearch (CWS) - CoolWebSearch may hijack any of the following: Web searches, home page, and other Internet Explorer settings. Recent variants of CoolWebSearch install using malicious HTML applications or security flaws, such as exploits in the HTML Help format and Microsoft Java Virtual machines.
  • EliteBar - EliteBar may hijack any of the following: Web searches, home page and other Internet Explorer settings. It generally propagates through the use of seemingly innocent dialog boxes, various social engineering methods, or through a java scripting error and is often bundled with various, free software programs.
  • ISTbar - ISTbar is a toolbar that may be used for searching pornographic Web sites, which display pornographic pop-ups and hijack user homepages and Internet searches. Usually toolbars are bundled with various, free software programs.
  • Look2Me - Look2Me may monitor Web surfing activity and report usage statistics to a centralized server. Once installed Look2Me may update itself and install other pieces of spyware. Look2Me is extremely difficult to remove due to its injection into system level processes and generally propagates itself using dialog boxes, various social engineering methods, or through a java scripting error.
  • ShopAtHomeSelect - ShopAtHomeSelect redirects visitors to merchants' Web sites via its own servers in order to increase its affiliate commissions. This program may also reroute visits to certain merchant's Web sites via its own servers, allowing the company to receive extra commissions.
  • SurfSideKick - SurfSideKick is an adware program that may display annoying pop-up advertisements on your computer. It generally propagates itself using dialog boxes, various social engineering methods, or through a java scripting error.
  • Virtumonde - Virtumonde may display annoying pop-up advertisements on your computer. It generally propagates itself using dialog boxes, various social engineering methods, or through a java scripting error.
  • Web Search Toolbar - Web search Toolbar may hijack your Web browser settings while Internet Explorer is running and install a toolbar. This toolbar may display advertisements on your computer while monitoring the Web sites you visit.
  • 180search Assistant - 180search Assistant is an adware program that delivers targeted pop-up advertisements to a user's computer. Whenever a key word is entered into a search engine or a targeted Web site is visited, 180search Assistant opens a separate browser window displaying an advertiser's Web page that is related to the key word.

The complete State of Spyware Report is available at www.webroot.com/sosreport.

Webroot recommends consumers and businesses alike take several precautions to combat these problematic applications. First, install an anti-spyware software program for desktop defense, such as Webroot Spy Sweeper for consumers with individual computers or Spy Sweeper Enterprise for businesses running on network architecture. For increased security, install Microsoft security patches, avoid using freeware, and disable downloads via ActiveX in Internet Explorer.

ABOUT WEBROOT

Webroot is bringing the power of software-as-a-service (SaaS) to Internet security with its suite of Webroot® SecureAnywhere™ offerings for consumers and businesses. Webroot also offers security intelligence solutions to organizations focused on cyber-security, such as Palo Alto Networks, F5, Corero, Juniper, and others. Founded in 1997 and headquartered in Colorado, Webroot is the largest privately held Internet security organization based in the United States. For more information, visit http://www.webroot.com or call 800.772.9383. Read the Webroot Threat Blog: http://blog.webroot.com. Follow Webroot on Twitter: http://twitter.com/webroot.

©2013 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, and Webroot SecureAnywhere are trademarks or registered trademarks of Webroot Inc. in the United States and other countries.

Copyright 2004 - 2013 Webroot Inc.