180SearchAssistant spyware opens advertisements and obtains information (Spyware_PH_180SearchAssistant)

About this signature or vulnerability

Proventia Network IPS, RealSecure Desktop, RealSecure Desktop Protector 3.6, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Desktop, IBM Security Server Protection for Windows, Proventia Network MFS, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, BlackICE Agent for Server, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:

This signature looks for 180SearchAssistant spyware making a phone home type request after it has been installed.


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

Proventia Network IPS: XPU 1.42, RealSecure Desktop: eoa, RealSecure Desktop Protector 3.6: eoa, Proventia-G 1.1 and earlier: XPU 24.2, Proventia Network IDS: XPU 24.2, Proventia Desktop: 8.0.614.1, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.0, Proventia Network MFS: XPU 1.41, RealSecure Server Sensor: XPU 24.2, RealSecure Network: XPU 24.2, BlackICE Server Protection: 3.6.cpa, BlackICE PC Protection: 3.6cpa, BlackICE Agent for Server: 3.6eof, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0

Systems affected

Microsoft Windows 95, Microsoft Windows NT: 4.0, Microsoft Windows 98, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Microsoft Windows XP, Microsoft Windows 2003 Server

Type

Suspicious Activity

Vulnerability description

180Search Assistant is advertising-oriented spyware (adware) for Microsoft Windows operating systems. 180Search Assistant is frequently installed with some other piece of spyware. The program opens advertisements during a user's Internet Explorer browsing session by downloading them from a server. 180Search Assistant is related to 180Solutions. It can also collect browsing session information and send it back to 180Solutions company servers.

How to remove this vulnerability

If the180Search Assistant software is not desired, uninstall it from your system. Use an up-to-date antivirus or spyware removal program to determine if the target computer is host to a spyware program.

References

I Am Not A Geek Web site
180Search Assistant
http://www.iamnotageek.com/a/394-p1.php

ISS X-Force
180SearchAssistant spyware opens advertisements and obtains information
http://www.iss.net/security_center/static/18383.php