A question I am frequently asked about is what is the difference between adware (legal software that will however overload you with ads and make money) vs. malware (crimeware to be specific). Typically there is a fine line between the two, a good example of a successful adware company is that of OpinionSpy/Marketscore which bundles its adware with legitamate software that is commonly downloaded via free download sites, the company has served up ads to its downloaders for over ten years now – you can see our article post of it here:
You will notice that with Adware there is a key distinction, it has to include a user agreement (typically that long policy statement that you click through when installing software) and it has to be able to be removed without the use of a 3rd party program like MalwareBytes or another AV vendor. Adware will usually be hosted using friendly infrastructure like cloud services or known and trusted dedicated hosting providers such as cheap hosting providers at $1/mo like your Godaddy offer. Typically the adware is backed by a corporation or business and is hosted in a country like the United States where if they did anything illegal the domain and business would be seized.
Adware does not have a malicious incentive, it has a monetary one where it wants to generate revenue from ads, clicks or software downloads or selling your information to 3rd parties for marketing. Adware will not steal sensitive information, it may track your browsing habits which it typically does by using persistent cookies.
Malware on the other hand cannot be uninstalled from the control panel in 99.999999% of instances, the goal is to use compromised hosts and install software without the users knowledge or permission and generate revenue, steal passwords and sensitive information such as banking information or credit cards, use your internet connection for DDoS and the resale of botnets.
Infection vectors typically include malspam e-mails. exploit kits and exploitation as well as social engineering. Rarely will true malware be in a software bundle as the bundler would have to be in on the scheme. Malware infrastructure is typically the use of hacked hosts or shady infrastructure. Adware will show a running process when you run your task manager, typically malware will trojan your processes or will not allow you to kill the malware process or uninstall it.
A follow up article on the recent FIREBALL….is it malware or adware discussion will be on its way now that we have discussed the basic nature of adware and crimeware.