1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Ezula Upgrade and Version Check

Ezula Upgrade and Version Check

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects the Upgrade and Version Check request issued by Adware Ezula.

Additional Information

Adware.Ezula, which runs under the name, "TopText," alters Web pages viewed in Internet Explorer. It can add extra links to certain keywords that advertisers target.

Ezula describes TopText as;
"TopText is the premier Personal Internet reference and simplification tool that empowers you with an easy way to navigate the Internet and retrieve relevant information a click of the mouse. With TopText you can instantly get information on any word, phrase or concept as they appear on the Internet and enjoy real-time cross-referencing capabilities including Active Encyclopedia, Active Dictionary, and Personal Keywords."

The features of TopText as described at www.toptext.com are
Active Dictionary -"TopText seamlessly and proactively provides links from ambiguous terms to reference sources such as Merriam Webster's Dictionary.

One-Click Internet Lookup-"With One-Click Internet Lookup you can perform an instant search of any word or phrase seen on the Internet simply by placing your mouse over a word and simultaneously pressing the 'Alt' key and clicking the mouse button.

Personal Keyword - "Weave the Web the way you want! TopText allows you, for the first time, to weave the web the way you want by associating and connecting keywords to your favorite sites, so that these keywords will become links to these sites from anywhere on the web."

Active Encyclopedia -"Active Encyclopedia allows you to instantly gain access to reference sources that will help you understand those hard-to-understand terms that appear anywhere on the Web. By seamlessly and actively providing links from complex Internet terms to reference sources such as Computer Language Company's Computer Encyclopedia.

Active Reference Links -"TopText actively adds new reference links to webpages that you are browsing. These reference links enable you to quickly jump to pages with additional information and commercial offers that are highly relevant to the context of the viewed page and the reference link.

Adware :
Programs that facilitate delivery of advertising content to the user through their own window, or by utilizing another program's interface. In some cases, these programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other location in cyber-space.

Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger adware by accepting an End User License Agreement from a software program linked to the adware or from visiting a website that downloads the adware with or without an End User License Agreement.

Affected

  • Microsoft Windows 2000 Advanced Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Datacenter Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Professional SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Resource Kit
  • Microsoft Windows 2000 Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Server Japanese Edition
  • Microsoft Windows 2000 Terminal Services SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Workstation rev.2031, rev.2072, rev.2195, SP1, SP2, SP3
  • Microsoft Windows 95 Build 490.R6, j, SP1, SR2
  • Microsoft Windows 98 a, b, j, SP1
  • Microsoft Windows 98 With Plus! Pack
  • Microsoft Windows 98SE
  • Microsoft Windows CE 2.0, 3.0, 4.2
  • Microsoft Windows ME
  • Microsoft Windows NT 3.5, 3.5.1, 3.5.1 SP1, 3.5.1 SP2, 3.5.1 SP3, 3.5.1 SP4, 3.5.1 SP5, 3.5.1 SP5 alpha, 4.0, 4.0 alpha, 4.0 SP1, 4.0 SP1 alpha, 4.0 SP2, 4.0 SP2 alpha, 4.0 SP3, 4.0 SP3 alpha, 4.0 SP4, 4.0 SP4 alpha, 4.0 SP5, 4.0 SP5 alpha, 4.0 SP6, 4.0 SP6 alpha, 4.0 SP6a, 4.0 SP6a alpha
  • Microsoft Windows NT 4.0 Option Pack
  • Microsoft Windows NT Enterprise Server 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows NT Server 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows NT Terminal Server 4.0, 4.0 alpha, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows NT Workstation 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows Server 2003 Datacenter Edition SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Datacenter Edition Itanium SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Datacenter x64 Edition
  • Microsoft Windows Server 2003 Enterprise Edition SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Enterprise Edition Itanium SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Enterprise x64 Edition
  • Microsoft Windows Server 2003 Standard Edition SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Standard x64 Edition
  • Microsoft Windows Server 2003 Web Edition SP1, SP1 Beta 1
  • Microsoft Windows Vista beta
  • Microsoft Windows XP
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP 64-bit Edition Version 2003 SP1
  • Microsoft Windows XP Embedded SP1
  • Microsoft Windows XP Home SP1, SP2
  • Microsoft Windows XP Media Center Edition SP1, SP2
  • Microsoft Windows XP Professional SP1, SP2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Tablet PC Edition SP1, SP2

Response

For instructions on how to remove this installation from your network, reference Symantec Security Response.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube