Posted: June 9, 2016
Adware, short for advertising supported software, is arguably the forerunner of the modern day PUP (Potentially Unwanted Program). Adware is typically a standalone program which displays adverts to the end-user in a variety of forms: inside the program itself, or via pop-ups, slide-in adverts, browser pop-ups, inserted adverts, or altered website content. The revenue generated by the adverts is how the program the adware is attached to is paid for, meaning the end-user receives their desired tool or service for “free.” Unfortunately, adware has a history of dubious value propositions, and what is initially offered can often turn out to be a scam or not what the end-user intended.
A strict timeline of adware is hard to pin down, as from 1995 onwards much of the first ad-supported software was thrown under the larger catch-all of “spyware.” Eventually, the theoretically less harmful types of PUPs were flagged as adware, differentiating them from their spyware brethren as being theoretically legitimate. That is to say, software created by legal business entities with offices and payrolls, as opposed murky spyware files often created in the more dubious corners of the net (the equivalent of today’s malware).
Adware would be spread by affiliates who were often not checked for legitimacy by the adware vendor, at which point the adware would be spread via everything from P2P and botnets to IM infections and browser hijacks. Often, whatever install/EULA screens were supposed to be in place would be hacked or worked around so the end-user had no idea something was being installed.
Eventually, the adware vendor would shut down the affiliate (typically only after the bad behavior had been exposed by security researchers) and deny being responsible for the affiliate’s actions.
This was a common pattern of behavior during the peak adware years (from around 2005 to 2008, before the NYAG and FTC started imposing large fines and the biggest players moved out of the adware space). Adware vendors would deny any wrongdoing even when faced with plentiful evidence of wrongdoing via email conversations and leaked conversations or instruction manuals related to their affiliates.
Some forms of adware would also effectively act as cannibal installs, detecting and uninstalling rival adware when found on a PC. Much of the old school adware model relied on so-called “long tail” advertising (essentially “niche” advertising) to make its money.
Many of the biggest names in adware—180 Solutions/Zango and Direct Revenue to name but two—drew ire through the years due to repeated examples of dubious installs and rogue affiliates, with Direct Revenue creating notorious pieces of software including Aurora/Ceres, which was so bad it generated a wave of death threats for many involved in its creation, and arguably came very close to the definitions applicable to malware.
Adware as we know it today is now usually referred to as a PUP.
Common infection method
Adware has traditionally been spread with an affiliate model, where individuals or supposed business entities sign up with the adware vendor then distribute it via websites, bundled products, and offers. More often than not, the affiliates would turn out to be rogue and the campaign would go into meltdown as it was exposed for the scam it was. At this point, the adware vendor would blame the affiliates, wash their hands of wrongdoing, and (eventually) terminate the affiliate contract. The most common ways to see adware today are through bundled software, toolbars/browser extensions, and downloads offered by pop-ups via survey scams.
There have been companies labeled as adware vendors over the years, with some of the most notable being Zango, Direct Revenue, WhenU, and CoolWebSearch (with CoolWebSearch often being labeled as malware).
Adware is not as difficult to remove as it once was. More often than not, Add/Remove programs will take care of it and Resuscitators (files designed to bring a program back to life after an uninstall) are not as common. Having said that, there are still adware programs that require additional steps to remove. (This is sometimes viewed as making it so bothersome for the end-user to perform that they resign themselves to keeping the Adware on board.) An example of this could be a situation where an additional program is required to delete the adware, as it comes with no built-in uninstaller.
A broken uninstall routine has been known to cause problems on a PC, and in the case of more malicious adware, it can lead to severe system instability or even blue screens.
Many adware installs fall into the “If it’s too good to be true…” category of scams and fakeouts. If you’re being offered something for nothing, it may well be an empty promise designed to make you install the adware without doing some fact checking first. New games, movies, and special offers are all targets of adware scams.