Home / malware Adware:JS/Paypopup
First posted on 26 July 2012.
Source: MicrosoftAliases :
Adware:JS/Paypopup is also known as JS.Forcepop.A (VirusBuster), JS.PopUpper.S (VirusBuster).
Explanation :
Adware:JS/Paypopup is a detection for specially-crafted JavaScript-enabled objects that attempt to display pop-up and pop-under advertisements. These advertisements appear as separate windows to the active browser window, and generate additional revenue for the website owner.
Installation
You may encounter Adware:JS/Paypopup when visiting any website in a JavaScript-enabled browser.
Additional information
On websites that use the Adware:JS/Paypopup JavaScript, you may notice additional browser windows that appear to "pop-up", where they sit on top of your current browser window, or "pop-under", where they appear underneath your current browser window.
These windows display advertisements, but could allow site redirection to adware or spyware or to the downloading and running of malicious files.
In the wild, we have observed the following adware-related domains offer the pop-up and pop-under advertising service to website owners:
- hxxp://popunder.adsrevenue.net
- hxxp://ads.clicksor.com
- hxxp://serving.adsrevenue.clicksor.net
Adware:JS/Paypopup is designed to circumvent the blocking of pop-ups and pop-unders by security applications, including pop-up and pop-under blockers from Google Toolbar, Internet Explorer, and Norton Internet Security.
It is common for this detection to trigger in your Internet cache. When using Internet Explorer, the Internet cache is known as the Temporary Internet Files folder. The Temporary Internet Files folder contains webpage content that is stored on your hard disk for quick viewing. This folder permits Internet Explorer to download only the content that has changed since you last viewed a webpage, instead of downloading all the content for a page every time it is displayed.
Having this detection reported by your antivirus product may indicate that you have recently visited a website that attempted to display these advertisements.
Analysis by Patrick Estavillo
Last update 26 July 2012