\nPotentially Unwanted Applications (PUA) are often bundled with genuine software that are freely available online and are usually sourced from shady, less popular or untrustworthy websites. PUAs mainly include spyware, adware, downloaders, etc. They are called so because they are often downloaded by the user erroneously or without making a conscious decision. This occurs mostly in cases where the user fails to read the software download agreement.<\/p>\n
Why are Potentially Unwanted Applications unwanted? How do PUAs infiltrate your computer? 1. Default options asking to install toolbar or extensions Scenario 1 Scenario 2 2. Disguised as download links Scenario 1 Scenario 2 When the user clicks on the fake download button, they get redirected to another site, which prompts them to download a PUA. If the user proceeds further and clicks on the download link, the browser shows a prompt to add a browser extension which ultimately modifies the browser settings.<\/p>\n 3. Executable files downloaded instead of the intended media file If the \u2018Hide extension of known file types\u2019 option is selected, then the executable file may appear as a media file as shown in figure 6.<\/p>\n On the other hand, if this option is unchecked, then the file shows up as an executable instead of a movie file (Figure 7).<\/p>\n In another example, the user intends to download a game setup but instead, ends up downloading an executable file of a smaller size.<\/p>\n Clicking on the file then installs other unwanted software.<\/p>\n 4. Taking advantage of users\u2019 neglect towards the Privacy Policy and License Agreement Each software is bound by an End User License Agreement (EULA) – an agreement between the software publisher and user of the software,. The agreement establishes the user’s right to the use of software. In most cases, users ignore to read the agreement thoroughly and proceeds to the installation of the software. EULAs are lengthy documents and that is what deters users from reading it. Taking advantage of this, software publishers add unusual clauses to agreements which clearly specify the security risks involved in installing a particular software. And this makes the user solely responsible for any drawbacks of using the software. Below is an example that explains this scenario.<\/p>\n Scenario 1 Unwanted activities of PUAs Scenario 1 Scenario 2 Scenario 3 Scenario 4 Detection Statistics Preventive Measures<\/strong><\/p>\n 1. While downloading applications or files from untrustworthy and unknown websites, verify whether the downloaded application installs what you had intended to.<\/p>\n 2. Read and understand the privacy policy and risks involved in downloading any software.<\/p>\n 3. Be careful while clicking on download links.<\/p>\n Read all browser extension permissions carefully. If they seek any unwanted or suspicious permissions, avoid them. Below is list of permissions that you need to be careful of:<\/p>\n 4. Never respond to online surveys that ask for personal or financial information.<\/p>\n 5. Verify file extensions after downloading to avoid running executables assuming that they are a media file. Disable \u201cHide extensions for known file types<\/em>\u201d option in Tools menu > Folder Option > View Tab from Explorer.<\/em><\/p>\n
\n<\/strong>PUAs are not necessarily harmful but their activities are considered so and may pose a threat to user privacy. Most of them are known to perform one or more of the following activities.<\/p>\n\n
\n<\/strong>PUAs \u2018get\u2019 installed in system when a user fails to ignore them while downloading various software from untrusted websites. Below are listed the various scenarios where a PUA can gain entry into a computer.<\/p>\n
\n<\/strong>The user visits various websites to download free software, screensavers, games, etc. All such freeware are usually bunched with multiple third party software. Sometimes, they provide \u2018Downloader\u2019 which downloads intended files along with other software. Below are some examples.<\/p>\n
\n<\/strong>Selecting the \u201cRecommended\u201d option during installing a free software, unwanted third party applications are installed by default. Figure 1 shows the installation of a PUA called BearShare. Once installed in the computer, it sets Bearshare.net<\/em> as the default home page and adds Wincore Mediabar<\/em> to the browser. And all this is done without the user consent. This PUA belongs to the BrowserModifier.KipodToolsCby<\/strong> family.<\/p>\n![\"Figure](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2016\/02\/Figure-11.png\")
<\/a>
\nFigure 1<\/p>\n
\n<\/strong>In another scenario, as shown by Figure 2, two check boxes are pre-selected to set the default homepage and search engine to ask.com.<\/em> This PUA belongs to the PUA.Mindsparki.Gen<\/strong> family.<\/p>\n<\/a>
\nFigure 2<\/p>\n
\n<\/strong>Cyber criminals take advantage of ads shown on websites by displaying several fake download options. An unsuspecting user is most likely to click on such fake ads and this results in the installation of PUAs on their computer. Below are some examples.<\/p>\n
\n<\/strong>The \u2018Download\u2019 link highlighted below masks itself as an actual link to download a game. But, when the user clicks on it, a compressed executable file containing PUAs gets downloaded on the computer.<\/p>\n<\/a>
\nFigure 3<\/p>\n
\n<\/strong>In another scenario, similar to the above one, when a user searches for downloading free MP3 songs, the site displays multiple ads that appear as actual download links that confuse the user.<\/p>\n<\/a>
\nFigure 4<\/p>\n<\/a>
\nFigure 5<\/p>\n
\n<\/strong>In some cases, users download PUAs instead of what they intended to, such as a movie or a song. While the user is under the impression they have downloaded a file with extensions .MP3, .MP4, .FLV, .WAV etc., they actually end up downloading a .EXE (executable) file.<\/p>\n<\/a>
\nFigure 6<\/p>\n<\/a>
\nFigure 7<\/p>\n<\/a>
\nFigure 8<\/p>\n<\/a>
\nFigure 9<\/p>\n
\n<\/strong><\/p>\n
\n<\/strong>The below License Agreement clearly states that the software is vulnerable to security risks and should not be considered secure. It further mentions issues about privacy and potential exposure to malicious attacks like spoofing, spamming, breaking passwords, harassment, forgery, etc.<\/p>\n<\/a><\/strong>
\nFigure 10<\/p>\n<\/a>
\nFigure 11<\/p>\n
\n<\/strong>Following are various examples of activities performed by various PUAs.<\/p>\n
\n<\/strong>A PUA modifies the default home page to home.search.com<\/em> which gets redirected to sweetpacks-search.com. <\/em>The site shows unwanted ads, clicking on which triggers the download of another rogue application.<\/p>\n<\/a>
\nFigure 12<\/p>\n
\n<\/strong>A PUA adds a toolbar to the browser to provide emoticons (smileys) for Instant Messaging applications<\/p>\n<\/a>
\nFigure 13<\/p>\n
\n<\/strong>Before letting the user install the \u201cMP3 cutter and joiner\u201d<\/em> application, the PUA asks for personal information related to income, education, and other irrelevant data. This information could be sold in online black market for malicious purpose.<\/p>\n<\/a>
\nFigure 14 (a)<\/p>\n<\/a>
\nFigure 14 (b)<\/p>\n
\n<\/strong>A PUA adds an extension to the browser to monitor its activity. This occurs when the user clicks on a fake download link intending to download a song or a video from a website.<\/p>\n<\/a>
\nFigure 15<\/p>\n
\n<\/strong>Figure 16 represents the Quick Heal detection statistics for some of the interesting PUAs discussed above, from January 2015 to January 2016.<\/p>\n<\/a>
\nFigure 16<\/p>\n\n