Encountering the Wild PUP

Encountering the Wild PUP

The Internet is full of dangers; threats like malware, phishing attacks, hackers and drive-by exploits are some of the most commonly mentioned.

But did you know that there is a far more common threat to users that no one in the media seems to talk about, a threat that almost everyone who has ever owned a computer has experienced.

These threats are known as Potentially Unwanted Programs and they are the day-walking vampires of the internet.

What is a Potentially Unwanted Program?

A Potentially Unwanted Program (PUP) is software that is not inherently malicious but often utilizes high amounts of system resources and is a common cause of user headaches, spam e-mails and slow systems. PUPs are not usually malicious in design and therefore have avoided being classified as malware.

Their behavior may be explained in a EULA agreement, a document that lists out their intentions and requires the users approval in order to install the software. PUPs count on this user approval to protect them from legal action and expect that nobody reads the EULA before agreeing to it.

PUPs come in all shapes and sizes and are created for a  variety of purposes. Here are a few examples that you might recognize:

  • Weather Apps
  • Search Bars
  • Toolbars in your browser
  • Shopping Helpers
  • Browser Redirects

Think of your computer as your house and applications like your word processor, browser and Anti-Malware software are like your friends and family. They help clean your house, protect it from criminals and make it feel more like a home.

GoodHouse

PUPs, on the other hand, are shady salesmen who come to your house and force themselves through the door. They take up a lot of space and make it hard for you and your house mates to get anything done.

PUPHous

How do you get PUPs?

The most common way for a PUP to be installed is through bundled software. For example, when you try to install a legitimate application you might be asked to install additional software.

Take for instance when you install Java on your system. The Java installer is bundled with the Ask Toolbar, so the installer requests that you install the toolbar. Java and Ask are companies with greater standing than what you might run into with your run of the mill PUP, so think of their bundle as the best possible outcome of loading unnecessary programs onto your system.

 

Why Do PUPs exist?

One word, Advertising.

The path to bundled software starts when an online merchant wants more customers, so much so that they pay a software company to create a search bar that redirects users to the merchant’s website.

In turn, the software company pays another, more popular, company a ton of cash to install their redirection program with the popular company’s software.

PUPCycle

It’s all in an effort for one company to make money using the advertising power of another and while it sounds completely legit from a market standpoint, the end-user ends up installing junk. Some organizations are willing to do whatever it takes to make money this way.

This practice often results in buggy software, unsecure web pages that can be compromised and used for malicious purposes, and the possibility exposing the end-user to malware.

BuggySoftware

How can I get rid of a PUP?

Many PUPs can be removed simply by running Malwarebytes Anti-Malware. We treat PUPs like any other malicious software you might run into.

PUPLog

The PUP lifecycle is incredibly fast. Therefore, if you run into a PUP that we haven’t caught yet, here are a few tips to get rid of them manually:

Uninstall it

The Add/Remove programs interface in your system settings might give you the option to remove a PUP on your system.

Just look for the name of the PUP and click “Uninstall”

Delete It

You can try locating where the PUP is running from by checking either the Startup Folder or MSConfig interface, then manually deleting the files from your computer. This method isn’t recommended unless you know which files are bad and which files are not.

 

Disable It

For PUPs like toolbars or redirects in your browser, you can open up the browser Add-ons and extensions interface and look something installed that you didn’t put there.

GoogleExtension

 

Search For It

If all else fails, you can do a web search for the name of the PUP in question and the word “removal” after it. Hopefully there will be some instructions on how to get rid of that particular PUP from someone who has already had to deal with it. In addition, Malwarebytes forum has a location specifically for removing malware manually, this often includes PUPs.

How do I avoid getting PUPs?

Avoiding PUP installation is surprisingly simple, and is often just a matter of paying attention to the installers. If you see a screen that asks you to confirm the installation of a program, but not the one you wanted, just check ‘No Thanks’ or ‘Decline’.

Decline

Sometimes, PUPs will just naturally be bundled into pseudo-legitimate applications and you won’t even get the option to not install it.

This happens with shady games, screensavers and applications you have to click a popup advertisement just to find. If you can’t avoid installing something that you don’t have confidence in, maybe do a search for the product name and any reviews it has, that way you can get an idea of what you are going to be installing.

Conclusion

PUPs are the most commonly seen and frequently underestimated threats today.

Beyond the drain on system resources and annoyance associated with the advertising, there are reports of PUPs being used to install additional software like Bitcoin Miners and even Malware.

Malwarebytes has recognized their potential for damage and taken a stance against their spread. We do this by detecting the trash and providing our users with the tools to clean house and keep the junk outside.

Thanks for reading and safe surfing!

ABOUT THE AUTHOR

Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.