|
Description:
ActualNames is an optional component
that can be installed to 'enhance' searches. By typing
a phrase or keyword into your address bar you will be
sent to an advertiser who has paid for those keywords.
This is supposed to enhance your search - but it is
far more similar to streamlined advertising by hijacking
your search bar.
How do you get it?
AdvSearch is bundled with KazaaMate. It can be installed
when you install KaZaa and also directly from the ActualNames
site itself. Since there are no visual clues that it
is present, it is also suspected to be installed via
ActiveX to unsuspecting users.
Details:
ActualNames, also known as PikeSearch and AdvSearch
currently targets the popular mainstream browsers such
as Internet Explorer, Netscape and AOL and boasts that
it will overwrite any plugins that are already on your
PC.
During Installation a new window opens
with the following details: "Attention: This browser
upgrader will overwrite any other plug-in of its nature
found on this computer. If you wish, you may stop this
installation now. " This is your last chance and
final warning before the program is installed and hidden
away. There are no end user agreements to view before
downloading this plugin so it remains to be seen exactly
what is installed and what it does.
Although clear information on which components
are installed remains vague on the ActualNames
site it has been known to contain components that
interfere with sending mail from both applications and
websites. As of yet, what these files are supposed to
be doing remains unclear. After installation,
a quick scan with Lavasoft's Ad Aware found not one
or two scummy components on my PC but 55 - including
tracking cookies, data mining files and a particularly
scummy little program called Cydoor.
If this wasn't scumware you could expect
to see at least an icon within your browser to indicate
that it was installed, but not suprisingly you won't
find a single thing. It won't show up on a list of programs
in your system either. In fact the only place you'll
actually find it listed is by visting the "Add/Remove
Programs" feature of windows where its tucked neatly
into an inconspicuous folder named "AdvSearch".
It may or may not come with an ActiveX
installer component depending on how you were infected.
Are there any known
security issues?
There are known security issues that are referred to
as the "Self Updating Feature". What that
actually means is that the ActualNames plugin can silently
download and execute arbitrary unsigned code from its
controlling server actualnames.com without your knowledge
while it remains hidden in the background. It is also
the proud owner of a severe security hole that allows
any web site to execute arbitrary programs on your PC.
Stability problems:
There aren't any stability problems known at this time
although the plugin tries to connect to the main server
every ten minutes.
Terminating
ActualNames/AdvSearch/PikeSearch:
Although there are ways to remove this
program manually, it is recommended that you run software
which will perform the removal for you. Considering
that ActualNames installed 55 components in the space
of a few minutes on my PC, it would be easy to miss
some, if not all of the components. AdAware by Lavasoft
is highly recommended for this task.
|
