Spyware is any malware that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in other malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.
Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
ClamAV (antivirus) is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses. It was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF (Tru64), Solaris and Haiku. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows. Both ClamAV and its updates are made available free of charge. One of its main uses is on mail servers as a server-side email virus scanner.
A Browser Helper Object (BHO) is a DLL module designed as a plugin for the Microsoft Internet Explorer web browser to provide added functionality. BHOs were introduced in October 1997 with the release of version 4 of Internet Explorer. Most BHOs are loaded once by each new instance of Internet Explorer. However, in the case of Windows Explorer, a new instance is launched for each window.
HijackThis is a free and open-source tool to detect malware and adware on Microsoft Windows. It was originally created by Merijn Bellekom, and later sold to Trend Micro. The program is notable for quickly scanning a user's computer to display the most common locations of malware, rather than relying on a database of known spyware. HijackThis is used primarily for diagnosis of malware, not to remove or detect spyware—as uninformed use of its removal facilities can cause significant software damage to a computer. Browser hijacking can cause malware to be installed on a computer.
A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages.
UC Browser is a web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It was the most popular mobile browser in India, Indonesia, and Mali, as well as the second-most popular one in China as of 2017. Its world-wide browser share as of May 2022 is 0.86% overall according to StatCounter.
Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, and also for Android, where it is the default browser. The browser is also the main component of ChromeOS, where it serves as the platform for web applications.
Microsoft Security Essentials (MSE) is a discontinued antivirus software (AV) product that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and Trojan horses. Prior to version 4.5, MSE ran on Windows XP, Windows Vista, and Windows 7, but not on Windows 8 and later versions, which have built-in AV components known as Windows Defender. MSE 4.5 and later versions do not run on Windows XP. The license agreement allows home users and small businesses to install and use the product free of charge.
OpenCandy was an adware module and a potentially unwanted program classified as malware by many anti-virus vendors. They flagged OpenCandy due to its undesirable side-effects. It was designed to run during installation of other desired software. Produced by SweetLabs, it consisted of a Microsoft Windows library incorporated in a Windows Installer. When a user installed an application that had bundled the OpenCandy library, an option appeared to install software it recommended based on a scan of the user's system and geolocation. Both the option and offers it generated were selected by default and would be installed unless the user unchecked them before continuing with the installation.
Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted program, adware, privacy-invasive software, grayware, or malware. They are best known for Genieo, an application of this type. They also own and operate InstallMac which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto, another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user". This sector of the Israeli software industry is frequently referred to as Download Valley.
360 Secure Browser or 360 Safe Browser is a web browser developed by the Qihoo company of Beijing, China. Version 1.0 was released in July 2008.
WeChat or Weixin in Chinese ; lit. 'micro-message') is a Chinese instant messaging, social media, and mobile payment app developed by Tencent. First released in 2011, it became the world's largest standalone mobile app in 2018 with over 1 billion monthly active users. WeChat has been described as China's "app for everything" and a super-app because of its wide range of functions. WeChat provides text messaging, hold-to-talk voice messaging, broadcast (one-to-many) messaging, video conferencing, video games, mobile payment, sharing of photographs and videos and location sharing.
Qihoo 360, full name 360 Security Technology Inc., is a Chinese internet security company that has developed the antivirus software programs 360 Safeguard and 360 Mobile Safe, the Web browser 360 Secure Browser, and the mobile application store 360 Mobile Assistant. It was founded by Zhou Hongyi and Qi Xiangdong in June 2005. The company's head office is in Chaoyang District, Beijing.
Superfish was an advertising company that developed various advertising-supported software products based on a visual search engine. The company was based in Palo Alto, California. It was founded in Israel in 2006 and has been regarded as part of the country's "Download Valley" cluster of adware companies. Superfish's software is malware and adware. The software was bundled with various applications as early as 2010, and Lenovo began to bundle the software with some of its computers in September 2014. On February 20, 2015, the United States Department of Homeland Security advised uninstalling it and its associated root certificate, because they make computers vulnerable to serious cyberattacks, including interception of passwords and sensitive data being transmitted through browsers.
A man-on-the-side attack is a form of active attack in computer security similar to a man-in-the-middle attack. Instead of completely controlling a network node as in a man-in-the-middle attack, the attacker only has regular access to the communication channel, which allows him to read the traffic and insert new messages, but not to modify or delete messages sent by other participants. The attacker relies on a timing advantage to make sure that the response he sends to the request of a victim arrives before the legitimate response.
Download Valley is a cluster of software companies in Israel, producing and delivering adware to be installed alongside downloads of other software. The primary purpose is to monetize shareware and downloads. These software items are commonly browser toolbars, adware, browser hijackers, spyware, and malware. Another group of products are download managers, possibly designed to induce or trick the user to install adware, when downloading a piece of desired software or mobile app from a certain source.
A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by security and parental control products. Such software may use an implementation that can compromise privacy or weaken the computer's security. Companies often bundle a wanted program download with a wrapper application and may offer to install an unwanted application, and in some cases without providing a clear opt-out method. Antivirus companies define the software bundled as potentially unwanted programs which can include software that displays intrusive advertising (adware), or tracks the user's Internet usage to sell information to advertisers (spyware), injects its own advertising into web pages that a user looks at, or uses premium SMS services to rack up charges for the user. A growing number of open-source software projects have expressed dismay at third-party websites wrapping their downloads with unwanted bundles, without the project's knowledge or consent. Nearly every third-party free download site bundles their downloads with potentially unwanted software. The practice is widely considered unethical because it violates the security interests of users without their informed consent. Some unwanted software bundles install a root certificate on a user's device, which allows hackers to intercept private data such as banking details, without a browser giving security warnings. The United States Department of Homeland Security has advised removing an insecure root certificate, because they make computers vulnerable to serious cyberattacks. Software developers and security experts recommend that people always download the latest version from the official project website, or a trusted package manager or app store.
Numbered Panda is a cyber espionage group believed to be linked with the Chinese military. The group typically targets organizations in East Asia. These organizations include, but are not limited to, media outlets, high-tech companies, and governments. Numbered Panda is believed to have been operating since 2009. However, the group is also credited with a 2012 data breach at the New York Times. One of the group's typical techniques is to send PDF files loaded with malware via spear phishing campaigns. The decoy documents are typically written in traditional Chinese, which is widely used in Taiwan, and the targets are largely associated with Taiwanese interests. Numbered Panda appears to be actively seeking out cybersecurity research relating to the malware they use. After an Arbor Networks report on the group, FireEye noticed a change in the group's techniques to avoid future detection.
Baidu Browser is a WebKit and Trident web browser developed by Baidu for Personal Computers and mobile phones. The Windows version of Baidu Browser contains a feature for proxy requests to certain websites, which permits access to some websites that are normally blocked in China, it also leaks search terms, hard drive serial number, network MAC address, as well as the title of all visited webpages. GPU model number is also transmitted. It had a built in adblocker, and also a torrent and video downloader. The PC edition was discontinued in May 2019, and on 29 September 2019 the basic functions, e.g. webpage browsing were terminated.
