The VX-Files
The VX-Files
  • README.txt
  • For updates, questions, suggestions or just chatting: @malcrvz
  • Download your own local copy or check my other libre projects: Github/malcrvz
  • 📕Cybersecurity Theory
    • Index
      • Malware types
        • Viruses, worms and Trojans
        • Backdoors, Rootkits and Spyware
        • Botnets, DDoS and Spammer
        • Ransomware
        • Scareware and Adware/PUP/PUA
        • Downloaders and Launchers
        • Hacktool
        • APT - Advanced Persistent Threat
      • Social engineering techniques
        • Phishing
        • Pretexting
        • Baiting
        • Quid pro quo
        • Tailgating
      • Cryptography
        • Hash functions
        • Symmetric, Asymmetric and Hybrid cryptography
        • Digital signatures & Digital certificates
        • TLS Protocol
      • Pentesting methodology & Techniques
        • CIA Triad - Confidentiality, Integrity & Availability
        • The methodology steps
        • Pre-Engagement
        • Information Gathering
          • HTTP status codes
          • robots.txt
        • Vulnerability Assessment
        • Exploitation
          • Password cracking
        • Post-Exploitation & Persistence
          • Types of Shells
        • Privilege Escalation & Lateral Movement
        • Reporting & Remediation
  • 🐧Linux Essentials
    • Index
      • 1, 0, bits, Bytes: Units of digital information
      • User management
      • Packet management
      • Privileges & sudo
      • Passwd & Shadow files
      • Managing files, links and regex
      • find
      • Terminal/TTY
      • SSH
  • 🪟Windows Essentials
    • Index
      • CLI user management
      • CMD File management
  • 🌍Networking Essentials
    • Index
      • Windows CLI IP management
      • Linux IP management
      • Linux CLI Wi-Fi connection
  • 🕸️Network Pentesting
    • Tools
      • 1. Pre-Engagement
        • OpenVPN
      • 2. Information gathering
        • cURL & wget
        • Nmap
        • arp
        • Netcat
        • whatweb
      • 3. Vulnerability assessment
        • smbclient
      • 4. Exploitation
        • Metasploit
        • Hashcat
        • John the Ripper
      • 5. Post-Exploitation & Persistence
        • SSH
      • 6. Privilege escalation & Lateral movement
        • Possible privilege escalation vectors - Auto-enumeration scripts
      • 7. Reporting & Remediation
    • Techniques
      • Upgrade reverse shell to interactive
      • Transferring files to/from remote victim
      • Possible privilege escalation vectors - Manual checklist
    • Resources
      • Manufacturer default passwords lists
        • IP Cameras
      • Get Shells
  • 💉Web App pentesting
    • Tools
      • CeWL
      • Gobuster
      • whatweb
    • Techniques
      • Command injection
    • Resources
      • Reverse Shells
      • Bind Shells
  • 📡Wireless pentesting
    • Tools
    • Techniques
    • Resources
  • 🔓On-Premises Pentesting
    • Tools
    • Techniques
      • Removing Linux user passwords
      • Removing Windows user passwords
    • Resources
  • 💽Disks & Forensics
    • Index
      • Getting a disk ready
      • Inodes & Sectors
      • Recover deleted files
      • BUILDING - Secure file deletion
  • 🕷️Bash scripts
    • coming soon
  • ⚡PowerShell Scripts
    • coming soon
  • 🟩HTB Walkthroughs
    • coming soon
  • 🏴‍☠️External Resources
    • Schools
    • Books & Wikis
    • Utilities
    • Interactive cheat sheets
    • Wordlists
Powered by GitBook
On this page
  1. Cybersecurity Theory
  2. Index
  3. Malware types

Scareware and Adware/PUP/PUA

As if advertising wasn't annoying enough!

Scareware

Program designed to scare or intimidate users through fake security alerts/pop-up messages that claim that the user system is infected or that the police caught him doing something illegal and needs to pay a fine. Whatever scary story that panics the victim, clouding its common sense, so it clicks the pop-up and downloads another deadlier and harder to infiltrate malware or just directly pays a fake fine. As its usually doing no harm to the system, it's very easy to bypass the security systems, it's the victim itself that will ignore all security alerts and download the "true" malware. Very related to social engineering.

Adware/PUP/PUA

While not harmful to the system in a meaningful way, still malware nonetheless and an intrusion to the user privacy that can be a gateway to worse problems. Although very similar and often related, we can dissect them into three definitions:

  • Adware: software that shows advertisements in a very intrusive way: browser banners, pop-up windows, notifications, in the past the infamous browser bars, etc. The main function being always present in the user system to farm the clicks and ad impressions. Would not be considered malware, just a very bad user decision, not being that it's installed without the knowledge of the user, usually as a part of another program that will make the installation very subtle or almost invisible.

  • PUP (Potentially Unwanted Program): this term is used to describe programs that while not being malicious by nature, are unwanted because they are installed without the knowledge of the user and can initiate actions not decided by the user like, related to adware, adding an ad into your browser.

  • PUA (Potentially Unwanted Application): term often interchanged with PUP or used as the same, while PUP refers as programs, software that executes a conjunction of instructions on a system, PUA refers more explicitly to Applications, software understood as a program too, but more focused on being manipulated by the end user (pretty and easy).

Last updated 1 year ago

📕