 |
|
|
Spyware Information |
| Name: |
|
BargainBuddy |
|
| Threat
Level: |
|
 |
|
| Category: |
|
Adware |
|
| Aliases: |
|
Bargains
(process name) Or Ikena
(the server it connects to).
|
|
| Variants: |
|
BargainBuddy/Apuc,
original version whose BHO is stored
in its own Program Files 'Bargain Buddy'
folder.
BargainBuddy/Versn, the BHO is
a file inside the host application whilst
the updater is still in 'Bargain Buddy'.
BargainBuddy/adp, uses the folder
name 'adp' in Porgram Files. |
|
|
|
|
|
|
|
Spyware Characteristics |
| Description: |
|
Bargain
Buddy consists of an IE Browser Helper
Object, and a process set to run at
startup. The BHO monitors web pages
requested and terms entered into forms.
If there is a match with a preset list
of sites and keywords, an advertisement
may be shown. The process can contact
its maker's server to download updates
to the list of adverts and to the software
itself. |
|
| Properties: |
|
- Stays resident in background.
- Stealth: hides itself from user.
- Show advertisements.
- Makes changes to browser settings.
- Connects to the internet by itself.
|
|
|
|
|
|
|
|
What it does? |
| Advertising: |
|
Yes.
On a known URL or keyword entered into
a form (this is aimed at search engines),
a pop-up window will open containing
an advert, over and above any advertising
the site itself may carry. Currently
adverts are being served by DoubleClick,
and are medium-size square windows.
They do not, in general, contain "bargains".
|
|
| Privacy
violation: |
|
Some.
When an advert is served, the advertiser
will likely know which site was visited/keyword
was entered, and DoubleClick can track
these with cookies. However there is
no evidence that the current version
of the software sends browsing logs
of pages unaffected by the extra adverts.
|
|
| Security
issues: |
|
Yes.
BargainBuddy updates itself silently
through connections to adp.ikena.com.
The latest version of the software does
now include code-signing, at least.
|
|
| Stability
problems: |
|
None
Known. |
|
|
|
|
|
|
|
Method of infection |
| Is
included in Net2Phone CommCenter, lately
the Versn variant as CC_Versn.dll. The
Adp variant is installed by the mail.com
Alerts software and vCatch, an anti-virus
tool. BargainBuddy/Apuc was also installed
by some versions of LimeWire and the
FavoriteMan parasite. |
|
|
|
|
|
