Malware spotlight: Badware

Introduction: What is badware?

Malware, as the name indicates, is malicious software designed to cause damage to computer systems and networks. Badware is often used as a synonym of malware, but in reality, there are some subtle differences between the two terms.

While malware is an umbrella term that covers a variety of malicious codes including viruses, Trojan horses, ransomware and backdoors, badware is not necessarily software created to destroy systems. In fact, it is often simply used to collect users’ information for a variety of purposes.

In some cases, “users may treat badware infection as an annoyance to be dealt with rather than a threat to their (or their company’s) data and computing resources,” says StopBadware, Inc., an anti-malware organization created in 2006. This nonprofit makes an effort to cleanse websites that are tagged as spreading badware by maintaining a catalog of sites that have been reported to distribute badware and continues to warn consumers about “this kind of attack [that] takes advantage of a vulnerability or ‘hole’ in your web browser, a browser plug-in, or other software on your computer.”

Badware, of course, can be also used by cybercriminals to hack or socially engineer a target and eventually use that info to attack with other types of malware options.

What problems can badware bring?

Badware can be bad news for both webmaster and users. This is because it is software that is able to somehow bypass the intended use of a website or connection to arrive to a certain scope. For users, this means a number of issues.

In the best-case scenario, badware is intrusive and designed mainly to track a user’s moves online to feed information to advertisers and marketing groups. The user will be unknowingly releasing information on his or her browsing or shopping habits through the use of research software or toolbars designed for the scope, or will be stuck with the installation of a secondary, unwanted program when installing a program of choice.

In the worst-case scenario, malware/badware will lead to compromise of sensitive data (like passwords or financial info), serve as a means towards attacking other computers or trick users into buying items and services. A typical purchase scam is the banner that pops up, warning the user that the computer is running slow and needs to be defragged. This prompts the user to download a specific, often infected, piece of software.

Webmasters can be equally affected by badware turning their legitimate website into a repository of malicious software. This is obviously a blow to the reputation of the site and can result in great loss of viewers and clients.

Is badware a growing problem?

Specific data solely on badware is not currently available, but it’s worth noting that this malware threat was already getting attention a decade ago. In fact,’s May 2008 Badware Websites Report produced the following findings:

Types of badware

The three most common types of badware behavior are:

  • Malicious scripts: Used to redirect website visitors to a different site or to load actual badware from another source
  • .htaccess redirects: A hidden server file used in Apache web servers that can be compromised by malicious attackers to redirect users to badware websites
  • Hidden iframes: A section of a web page that loads malicious content from another page or site, without the visitor’s knowledge

Cybercriminals can also infect computers with badware using drive-by downloads, which is a common method of spreading malware that occurs when a website automatically (and often silently) installs malicious code (usually an exploit kit) onto the victim’s PC — without the user being aware. No clicking is necessary with this kind of attack, which can take advantage of a vulnerability in a web browser, a browser plug-in or other software on a computer to infiltrate the system and take control of it.

How to prevent badware

First of all, it is important to keep a watchful eye and try to identify badware. For example:

  • You see a warning from the antivirus software when visiting the site that displays a browser warning, such as “Reported attack site” or “This site may harm your computer”
  • The site redirects to an unknown domain when you navigate to it in your browser
  • You notice that permissions or files have been altered, or new users have been added

Webmasters, in particular, need to be aware and check if any search engines redirect users heading to their sites to different URLs or if the same happens while navigating within the site.

Badware can be difficult to avoid, as it can be slipped in a system via vulnerabilities or by exploiting users’ behaviors. There are a number of things, however, that can help you counteract this threat:

  • Keep website software updated with the latest security fixes. This can patch loopholes that can let badware into the computer where a hacker can steal passwords and/or modify the contents that a user has uploaded…[…] Read more »….