Pop-Up Porn Top of the Spyware Pops

The ISTbar program – which displays adult-oriented pop-ups, behaves like an ActiveX control, installs toolbars, and changes home pages of browsers on computers it infects – remains the top spyware nuisance turned up by Panda Software, which released its June findings this week.

ISTbar caused about 3.5 percent of the infections Panda Software's free online malware scanner turned up during June—more than any other spyware/adware program, the company said.

ISTbar was also the top spyware/adware/malware infection detected by Panda in May, overshadowing such notorieties as Netsky, a few Sober variants, and Cydoor, which made the runner-up spot behind ISTbar for June detections. Cydoor downloads ads from servers and shows them on personal computers.

"Various distribution channels exist," said Norton Antivirus and SystemWorks maker Symantec in an advisory for ISTbar. "For example, Adware.Istbar can be downloaded and installed from affiliate sites that may be typically pornographic in nature." Symantec did not say which affiliate site were the most frequent deployers of ISTbar.

Some of the file names the program travels under includeISTsvc.exe; IstBar_DH.dll; ysbactivex.dll; sfbho.dll; sfexd001; sidefind.dll; istrecover[1].exe; istbar.dll; ysb.dll; istbarcm.dll; ISTactivex.dll; istdownload.exe; sidefind.exe; sfsetup.exe; sfbho.dll; ysb(2).dll; cmctl.dll; istbarcm.dll; juhpad.exe; ysbactivex(3).dll; ysb_regular[1].cab; and, gjefpet.exe, Symantec added.

A program known as XXXToolbar, said to be made by a company called Integrated Search Technologies, placed fourth on the Panda June detection list, behind ISTbar, Cydoor, and New.net.

XXXToolbar promotes itself as a free search utility through which adult Net surfers can find top adult material online, including pictures, videos, and stories. But according to SpywareGuide.com, XXXToolbar uses stealth tactics to plant itself and show ads, changes browser preference, and stays in computer memories, often as not starting without users’ knowledge when they start up their computers.

The rest of the top spyware/adware threats shown by Panda's June reporting include porn dialer Trojan Dyfuca (“Die, Fuckah”), said to be made by British company Avenue Media and to have been spotted in 37 countries in Europe, the Middle East, and Asia, as well as the United States.

The remainder of the Panda Software top ten naughtyware list included browser helper object BetterInet, data miner Petro-Line, peer-to-peer driver Altnet, and pop-up ad display program BargainBuddy.