1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Tafbar Install File Request

Tafbar Install File Request

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects HTTP requests for the spyware's installation file.

Additional Information

The TAF Toolbar is an Internet Explorer search bar and pop-up blocker. It maintains a user profile and logs information such as keyword query, time of day, browser type, default language setting, IP address, and anonymous unique IDs. It also logs a code that identifies the distribution source of the application used to conduct your search.

The logged information is saved on the TAF servers and is used for commercial search word placement and word search counts for payment to TAF by search affiliates. The bar is redistributed by other sites, such as voonda.com.

Programs that have the ability to scan systems or monitor activity, and relay information to other computers or locations in cyberspace. Among the information that may be actively or passively gathered and disseminated by spyware are passwords, log-in details, account numbers, personal information, individual files, or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage, or other computing habits.

Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. Spyware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger spyware by accepting an End User License Agreement from a software program linked to the spyware, or from visiting a Web site that downloads the spyware with or without an End User License Agreement.


  • Windows


Visit the Symantec Security Response Web site for removal instructions.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube