SecurityHome.eu Adware:Win32/SideTab

Home / malware PDF

Adware:Win32/SideTab

First posted on 12 November 2010.
Source: SecurityHome
Aliases :
Adware:Win32/SideTab is also known as ADSPY/SideTab.A.2 (Avira), Trojan.AVKill.2 (Dr.Web), Win32/Adware.BonusCash.AB (ESET), Adware.Win32.SideTab (Ikarus), Adware.Win32.SideTab (Sunbelt Software).
Explanation :
Adware:Win32/SideTab is the multi-component detection for adware that installs a Browser Helper Object (BHO) that may redirect the browser to certain websites and display advertisements for certain products.
Top

Adware:Win32/SideTab is the multi-component detection for adware that installs a Browser Helper Object (BHO) that may redirect the browser to certain websites and display advertisements for certain products. Installation When run, Adware:Win32/SideTab creates the following folder and files in the computer:
%ProgramFiles%\Sidetab\sidetab.dll - BHO component

%ProgramFiles%\Sidetab\sidetab.exe - updater component

%ProgramFiles%\Sidetab\uninstall.exe - uninstaller component
It creates the following registry key and entries: In subkey: HKCU\Software\SideTab Sets value: "version" With data: "1.0.0.3" Sets value: "sp" With data: "20100812122018" In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sets value: "SideTab" With data: "%ProgramFiles%\sidetab\sidetab.exe" In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideTab Sets value: "UninstallString" With data: "%ProgramFiles%\sidetab\uninstall.exe" In subkey: HKLM\SOFTWARE\Classes\CLSID\{ADD10401-2CE3-4CAE-84F9-5DF7CB2D0A4D}\InprocServer32 Sets value: "@" With data: "%ProgramFiles%\sidetab\sidetab.dll" Execution Once installed, "sidetab.exe" may download an INI file that contains a link to download and install updates from the website "plusinfo.kr". It attempts to display advertisements from the following servers: .egloos.com .tistory.com 100.nate.com 100.naver.com academic.naver.com adhow.daum.net adshop.paran.com ask.nate.com blog.chosun.com blog.daum.net blog.paran.com book.nate.com book.naver.com cafe.daum.net clix.bizshop.daum.net club.cyworld.com comics.nate.com cyworld.com dic.paran.com enc.daum.net endic.naver.com engdic.daum.net engdic.nate.com estate.nate.com finance.naver.com hankyung.com imagesearch.naver.com imnews.imbc.com jpdic.daum.net jpdic.naver.com k.daum.net keywordshop.nate.com ko.wikipedia.org kordic.nate.com korean.visitkorea.or.kr kr.blog.yahoo.com kr.dictionary.search.yahoo.com kr.finance.yahoo.com kr.fun.yahoo.com kr.gugi.yahoo.com kr.img.search.yahoo.com kr.ks.yahoo.com kr.news.yahoo.com kr.product.shopping.yahoo.com krdic.daum.net krdic.naver.com local.naver.com map.cyworld.com map.naver.com media.daum.net media.paran.com mm.search.nate.com movie.naver.com mt.co.kr/view/mtview music.naver.com mydaily.co.kr myoverture.co.kr news.donga.com news.msn.co.kr news.nate.com news.naver.com olv.moazine.com q.freechal.com report.paran.com review.nate.com search.11st. search.daum.net search.nate.com search.naver.com search.pandora.tv search.paran.com search.yahoo.com searchad.naver.com shopping.daum.net tourguide.tourexpress.com tvdaily.co.kr tvpot.daum.net video.cyworld.com video.naver.com www.aladdin.co.kr www.hanatour.com www.mgoon.com yonhapnews.co.kr

Analysis by Marianne Mallen
Last update 12 November 2010

TOP

Malware :

Last 20