1. Symantec/
  2. Security Response/
  3. Adware.SecureServicePk

Adware.SecureServicePk

Updated:
June 1, 2006 2:52:36 AM
Type:
Adware
Risk Impact:
High
Systems Affected:
Windows
Adware.SecureServicePk is adware that inserts advertisements into the top of the result pages of some search Web sites.

The risk is installed as a Browser Helper Object DLL file.

Note: The DLL file is referenced by the following registry value:
HKEY_CLASSES_ROOT\CLSID\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEAA}\InProcServer32\"(Default)" = "[PATH TO DLL]"

When the risk is installed, it adds the following registry subkeys:
HKEY_CLASSES_ROOT\SecureServicePack.BHO.1
HKEY_CLASSES_ROOT\SecureServicePack.BHO
HKEY_CLASSES_ROOT\CLSID\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEAA}
HKEY_CLASSES_ROOT\CLSID\{DFEFF09F-785E-4191-8E5D-A7650A1C4F9A}
HKEY_CLASSES_ROOT\Component Categories\{00021494-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{DFEFF09F-785E-4191-8E5D-A7650A1C4F9A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFEFF09F-785E-4191-8E5D-A7650A1C4F9A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEAA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DFEFF09F-785E-4191-8E5D-A7650A1C4F9A}
HKEY_CLASSES_ROOT\TypeLib\{90BB6171-83D8-43DE-94D4-6C0078DD7896}
HKEY_CLASSES_ROOT\Interface\{B5918C1E-B0CD-4123-A0CB-CFE9703A265B}

The risk monitors the URL of Internet Explorer to check if it is one of the following:
frazoo.com/results.php
dogpile.com/info.dogpl/search/web
xpsn.com/Search/SmartSearch4.asp
xpsn.com/Search/
yandex.
search.yahoo.com/
search.com/
overture.com/
search.netscape.com/
search.msn.com/
lycos.
hotbot.com/
google.
fastsearch.com/
.excite.
search.ebay.com/
cnn.com/
ask.com/
search.aol.com/
altavista.com/
alltheweb.com/

It then inserts an advertisement into the top of the search result page.

Note: It may cause a difficulty in viewing the result page due to the unexpected insertion of contents on some Web sites, such as www.yandex.ru.
Writeup By: Masaki Suenaga
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube