Ex-Adware Designer Explains How Adware Works, Vulnerabilities in Internet Explorer
February 9, 2009
A few highlights:
The good distributors would say, ‘This is ad-supported software.” Not-so-good distributors actually did distribute through Windows exploits. Also, some adware distributors would sell access. In their licensing terms, the EULA people agree to, they would say “in addition, we get to install any other software we feel like putting
on.” Of course, nobody reads EULAs, so a lot of people agreed to that. If they had, say, 4 million machines, which was a pretty good sized adware network, they would just go up to every other adware distributor and say “Hey! I’ve got 4 million machines. Do you want to pay 20 cents a machine? I’ll put you on all of them.” At the time there was basically no law around this. EULAs were recognized as contracts and all, so that’s pretty much how distribution happened.
Most adware targets Internet Explorer (IE) users because obviously they’re the biggest share of the market. In addition, they tend to be the less-savvy chunk of the market. If you’re using IE, then either you don’t care or you don’t know about all the vulnerabilities that IE has.
Sherri: In your professional opinion, how can people avoid adware?
Matt: Um, run UNIX.
Matt: We did actually get the ad client working under Wine on Linux.
Sherri: That seems like a bit of a stretch!
Matt: That was a pretty limited market, I’d say.
Matt also goes into a lot of detail describing the different methods he employed to ensure that it was close to impossible to deactivate the adware once it was running. Read all about it in the original article. Thanks to Aaron Toponce and Bruce Schneier for pointing out this great interview.