Home / malwarePDF  

Adware:Win32/SocialSkinz


First posted on 09 August 2011.
Source: SecurityHome

Aliases :

There are no other names known for Adware:Win32/SocialSkinz.

Explanation :

Adware:Win32/SocialSkinz is a web browser add-on that enables a user to add themes, or skins, to personalize their Facebook account and experience. SocialSkinz collects information about a user's computer usage for marketing purposes without adequate user consent, using a unique user ID, and injects advertisements into viewed web pages.


Top

Adware:Win32/SocialSkinz is a web browser add-on that enables a user to add themes, or skins, to personalize their Facebook account and experience. SocialSkinz collects information about a user's computer usage for marketing purposes without adequate user consent, using a unique user ID, and injects advertisements into viewed web pages.



Installation

During installation, the following file folders are created:

  • %ProgramFiles%\socialskinz
  • %AppData%\Toolbar4


Numerous registry subkeys and data are created to run Win32/SocialSkinz as a web browser add-on.

  • HKCU\SOFTWARE\{D76756D1-E961-406C-9353-55A0AB42DADC}
  • HKCU\SOFTWARE\Bloinked
  • HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8E114B8E-C041-4063-A432-EBBF454E9057}
  • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\EXT\STATS\{8E114B8E-C041-4063-A432-EBBF454E9057}
  • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
  • HKCU\SOFTWARE\TBSB04741
  • HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
  • HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
  • HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
  • HKLM\SOFTWARE\Classes\CLSID\{8E114B8E-C041-4063-A432-EBBF454E9057}
  • HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
  • HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
  • HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
  • HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
  • HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
  • HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
  • HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
  • HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
  • HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
  • HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
  • HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
  • HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
  • HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
  • HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
  • HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
  • HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
  • HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
  • HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
  • HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
  • HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
  • HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
  • HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
  • HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
  • HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
  • HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
  • HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
  • HKLM\SOFTWARE\Classes\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}
  • HKLM\SOFTWARE\Classes\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
  • HKLM\SOFTWARE\Classes\TYPELIB\{B87F8B63-7274-43FD-87FA-09D3B7496148}
  • HKLM\SOFTWARE\Classes\TYPELIB\{B87F8B63-7274-43FD-87FA-09D3B7496148}\1.0
  • HKLM\SOFTWARE\Classes\TYPELIB\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
  • HKLM\SOFTWARE\Classes\TYPELIB\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}\1.0
  • HKLM\SOFTWARE\Classes\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}
  • HKLM\SOFTWARE\Classes\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}\1.0
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E114B8E-C041-4063-A432-EBBF454E9057}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SocialSkinz Toolbar
Once installed, Win32/SocialSkinz is visible as a tool bar in Windows Internet Explorer and Mozilla Firefox, as illustrated below: When visiting Facebook, the background may have a user-selected image displayed on the site's sides, and also have an advertisement injected onto the page, such as shown in the following graphic: During installation, the user can opt to use the SocialSkinz DNS/404 Error Search option. If enabled, invalid web addresses entered into the browser's address bar are redirected to SocialSkinz. Also, the user can opt to set their web browser home page to a SocialSkinz page.

Analysis by Aaron Hulett

Last update 09 August 2011

 

TOP

Malware :