Home
Terms & Definitions
Parasites List
Categories
Threat Level
Contact Us
Spyware Information
Name: ISTbar
Threat Level:
Category: Browser hijacker
Aliases: The AUpdate variant is known as SearchBarCash-Hijacker, and the MSCache varaint as MSUpdates\MSCache.

Variants: ISTbar/AUpdate installs a TinyBar variant to implement its toolbar. The hijacker is aimed at my-internet.info and blazefind.com; distribution is managed by searchbarcash.com, its controlling server. Updates are loaded by an 'AUpdate' process.

ISTbar/MSCache also uses TinyBar, along with a Browser Helper Object called mscache.dll used to load updates. The controlling server is www2.skoobidoo.com.

ISTbar/XXXToolbar is an update based around porn. It uses its own toolbar code. The hijacker is aimed at its controlling server xxxtoolbar.com, and slotch.com; distribution is controlled by toolbarcash.com.

ISTbar also installs other parasites: AUpdate and XXXToolbar install porn pop-up producer RapidBlaster/lp; the AUpdate variant is also known to install DownloadPlus; the MSCache variant installs nCase and the Wink/EasyDates dialer.


Spyware Characteristics
Description: ISTbar is an IE toolbar, homepage- and search-hijacker provided by Integrated Search Technologies/CDT Inc.
Properties:
  • Stays resident in background.
  • Stealth: hides itself from user.
  • Show advertisements.
  • Makes changes to browser settings.

What it does?
Advertising: In the XXXToolbar variant, yes: opens pop-ups as directed by its controlling server. Otherwise, no, though the TinyBar component could be used to open pop-ups.
All versions also install other third-party software which includes advertising.

Privacy violation: No.
Security issues: Yes, Can download and execute arbitrary unsigned code from its controlling server. This is used both to update the software and to install third-party software.
Stability problems: None known.

Method of infection
Installed by ActiveX drive-by download on affiliate sites; typically porn in the case of XXXToolbar, from April 2003. An 'aggressive' downloader is usually used: if you refuse the download, a JavaScript alert complains that it won't take no for an answer and opens the download window again.

ISTbar/MSCache was widely distributed to victims clicking on links to the 'OutWar' online game.

Removal Instructions
bulletproofsoft.com "Spyware Remover" is the best tool for the removal of this spyware.

Links
Site: http://www.isearchtech.com/