This is something we don’t have to tell our readers, but it’s recommended for everyone — especially those with a Windows PC — to have a virus scanner installed.
Luckily the world isn’t devoid of heroes just yet. Every so often, security researcher Andrew Brandt gets one of his testbed computers and throws as much malware and adware on it as he can get his hands on.
The tweetstorm he put on his account explains the different things the mass of horrible software on his computer is doing to it. Among other things, the software secretly installed a bitcoin miner that was burning his CPU power to generate money for someone else.
Even though the situation Brandt puts himself in might be a bit excessive — not a lot of people would have this much malware on their computer — it’s an interesting look at the power some of these applications can get just by clicking a few wrong links.
1) So, call me a masochist if you will, every so often I bomb a testbed PC with so-called adware/junkware applications. Install 'em all.
— Andrew Brandt (@threatresearch) August 24, 2016
2) And then I let the adware – and it is very generous to describe them that way – run for a few days, to observe its behavior over time.
— Andrew Brandt (@threatresearch) August 24, 2016
3) Here’s a screenshot of what Process Explorer shows is running on the testbed right now. It is abhorrent and evil. pic.twitter.com/luNSxfvXqQ
— Andrew Brandt (@threatresearch) August 24, 2016
4) Some of these so-called “potentially unwanted apps” themselves installed malware – clickfraud and other garbage Trojans killing the CPU
— Andrew Brandt (@threatresearch) August 24, 2016
5) One of these PUAs actually installed a goddamn bitcoin miner. It’s the “suspended” app in the screenshot above. Unbelievable gall!
— Andrew Brandt (@threatresearch) August 24, 2016
6) And another has hijacked all browser shortcuts by adding its own URL to the command line, forcing them to open a junk search engine page
— Andrew Brandt (@threatresearch) August 24, 2016
7) So thanks, navsmart[.]info for insinuating yourself as my start page, even though I changed the settings #navdumb pic.twitter.com/LtFXRG3NsY
— Andrew Brandt (@threatresearch) August 24, 2016
8) And you really have to hand it to the namer of “wizzcaster” – it really is like you’re casting wizz on my PC pic.twitter.com/bTFTMt70Xl
— Andrew Brandt (@threatresearch) August 24, 2016
9) What it boils down to is, people get suckered into downloading this crap by extremely deceptive popups which claim the apps are legit
— Andrew Brandt (@threatresearch) August 24, 2016
10) They even use real logos from companies like Adobe, Oracle (Java), Apple, Microsoft, and then fine-print the page with plausible denials
— Andrew Brandt (@threatresearch) August 24, 2016
11) And even those links are useless. This is on the domain “downloadappfreepremium249[.]club” – is this a joke? pic.twitter.com/cffCByKvTd
— Andrew Brandt (@threatresearch) August 24, 2016
12) The degree of brand abuse is staggering. All it does is harms consumers. There is no legitimate use for these apps. None whatsoever.
— Andrew Brandt (@threatresearch) August 24, 2016
13) So why are the brands like @adobe and @oracle not actively defending their trademarks going after these slugs? This is what ™ law is for
— Andrew Brandt (@threatresearch) August 24, 2016
14) There is nothing “low risk” about allowing garbage apps to take control of a PC. They often mimic #malware social engineering techniques
— Andrew Brandt (@threatresearch) August 24, 2016
15) and then use the full gamut of #malware tricks to persist on the box. Crazy-making for IT/IR staff to clean up pic.twitter.com/Tx5lCgOaR1
— Andrew Brandt (@threatresearch) August 24, 2016
16) I don’t know any easy solutions. Laws won’t work (they don’t follow them anyway) and corps can’t be bothered to play sue-u-whack-a-mole
— Andrew Brandt (@threatresearch) August 24, 2016
17) Adware makers: Your business model is bad and you should feel bad, but you don’t because you’re clearly sociopaths who just don’t care.
— Andrew Brandt (@threatresearch) August 24, 2016
18) It’s hard to imagine the staggering amount of work involved in creating and maintaining such a large ecosystem of crap. All of it.
— Andrew Brandt (@threatresearch) August 24, 2016
19) And this is some of the traffic it generates. Just a 24h slice, of course, because there’s too much to show. pic.twitter.com/utedPUBlcT
— Andrew Brandt (@threatresearch) August 24, 2016
20) More power to you if you’re a happy user of (L-R) Space Sound Pro, DailyWiki, or TiantianWiFi. They look grrreat pic.twitter.com/lv5B30Znbs
— Andrew Brandt (@threatresearch) August 24, 2016
21) but it’s worth noting that I DIDN’T ASK FOR OR WANT THESE APPS. There’s nothing “potential” about the “unwanted” part here.
— Andrew Brandt (@threatresearch) August 24, 2016
22) everything that ended up on this testbed came through an installer which claimed it was a Flash or Java or some other plugin’s installer
— Andrew Brandt (@threatresearch) August 24, 2016
23) This box is irredeemably hosed. Killing it would be a mercy and deprives adware hucksters ill-gotten revenue. Cleanup would take longer.
— Andrew Brandt (@threatresearch) August 24, 2016
24) At some point, as a society, we have to decide: Is the perpetual cost (in time and $$) worth letting this kind of behavior slide?
— Andrew Brandt (@threatresearch) August 24, 2016
25) There has to be a better way to put a stop to this. Let’s work together to try to find a solution. This dead weight drags us all down.
— Andrew Brandt (@threatresearch) August 24, 2016
Get the TNW newsletter
Get the most important tech news in your inbox each week.