Potentially Unwanted Programs (PUPs) — deceptive, insidious malware

This year I’ve seen more and more Potentially Unwanted Programs (PUPs) creep onto some of my clients’ PCs. Sometimes their anti-virus programs detect these objects; but more often than not, I’ve installed the free version of Malwarebytes Anti-Malware (MWB), which has proved extremely useful at detecting and removing PUPs.

Here’s a link which describes MWB’s PUP criteria — a list of bad behaviors.

What has surprised me is that most of these unwanted objects were repeatedly from the same companies. The overt “damage” varied from annoyance to dysfunction. These PUPs “hijacked” all the Web browsers (for example, Microsoft Internet Explorer, Firefox, Chrome) by resetting the home page, changing the search engine, and installing Add-On’s or Browser Helper Objects such as toolbars (sometimes from other, quasi-legitimate marketing companies). Sometimes unwanted Adware / Scareware pop-up’s were displayed. Recently, however, these infections even blocked browser access to Web pages on a client’s PC, although his Internet access and service were working okay otherwise.

The potential personal risk is even more insidious. PUPs may install (bundle) other undeclared PUPs. And by hijacking your Web browser, some PUPs can return search results (or send you directly) to malicious sites where malware is immediately injected on your computer — “drive-by installation” without you doing anything. My research also found that browser hijacking can capture sensitive private data, thereby possibly compromising your identity.

Whether originating from overly aggressive marketing efforts or malware attacks using techniques of aggressive marketers, most of these scams start by hacking your head, not your computer. Such scams may present themselves at your door, on your phone, or in your email inbox. Be wary of alarmist messages claiming that one of your accounts will be disabled if you don’t click on a link in the message or open an attachment. Misrepresentations, deceptions, or spoofs may appear to be from someone you know as well.

And watch out for those tiny, pre-checked “foistware” boxes which even large, successful, legitimate companies use as “optional” installs for their freeware programs.

If you’re interested in reading more about PUPs, here’a a link to a 2005 article (PDF document) by McAfee: Potentially Unwanted Programs – Spyware and Adware.