Journal of Computer Networks and Communications

Research Article

Evaluating Grayware Characteristics and Risks

Table 1

TSPY_LINEAGE.GL and ADW_ALEXA.AK in Trend Micro grayware encyclopedia.
TSPY_LINEAGE.GLADW_ALEXA.AK
General
Type: Spyware; In the wild: No; Destructive: Yes; Systems Affected: Windows 95, 98, ME, NT, 2000, XP, Server 2003; Encrypted: No; Language: English; System Impact: High; Information Exposure: High;Type: Adware; In The Wild: No; Destructive: No; Systems Affected: Windows 98, ME, NT, 2000, XP, Server 2003; Encrypted: No; Language: English; System Impact: Medium; Information Exposure: Medium;
Description
Installation and Autostart Technique: On Windows NT, 2000, XP, and Server 2003, this spyware drops a copy of itself in the Program Files folder as SVHOST32.EXE. It then modifies the following registry entry to ensure its automatic execution at every system startup: … On Windows 95 and 98, it copies itself as RUNDLL32.EXE in the Windows folder and INTERNAT.EXE in the Information Theft: This spyware steals and logs sensitive information from an affected system and the game … Process Termination: This spyware also terminates … Installation and Autostart Technique: This adware may arrive on a system as a file downloaded by unsuspecting users while visiting Web sites. It may also be dropped by other grayware. Upon execution, it creates the folder Alexa Toolbar in the Program Files folder, then drops the following files … It then installs the dropped.DLL files on the infected system. As a result, the routines of ADW_ALEXA.AP are exhibited on the system. It creates the following registry keys: … Other Details: This adware registers itself as a Browser Helper Object (BHO) and adds additional search
Detail
Initial Samples Received on: Sep 7, 2005; File Type: PE; Memory Resident: Yes; Compression Type: UPX; File Size: Varies; Payload 1: Moves system files to other folders; Payload 2: Terminates processes; Payload 3: Steals information;Initial Samples Received on: Nov 2, 2006; File Type: PE; Memory Resident: Yes; Compression Type: No; File Size: 494,672 Bytes; Payload 1: Creates search functionalities on Internet browser; Payload 2: Redirects search queries