Virus

Adware/SideSearch

Analysis

Adware/Sidesearch is an Adware Installer for the Lycos Sidesearch.

The installer when executed will create a folder Sidesearch in C:\Program Files\Lycos. It then extracts the following files:

	offline.htm
	sidesearch.dll
	uninst.exe

Registry is updated with a new key Sidesearch into the following path:

	HKEY_LOCAL_MACHINE\SOFTWARE\Lycos

Also, a Browser Helper Object is inserted to the registry:

	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000762-3965-4A1A-98CE-3D4BF457D4C8}

After installing, the Adware sends an HTTP get to install.sidesearch.lycos.com. This pvoides a notification to that server that another machine has installed this adware.

Then, it creates a URL shortcut in Desktop. Also, it creates a Toolbar Button in Internet Explorer

Recommended Action

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date	Version	Detail
2021-05-25	86.00433
2020-11-10	81.73900	Sig Added
2020-03-04	75.71100	Sig Added
2019-08-13	70.68900	Sig Updated
2019-06-29	69.62600	Sig Added
2019-06-18	69.35000	Sig Updated
2019-06-04	69.01700	Sig Updated
2019-05-14	68.52500	Sig Updated
2019-05-05	68.28900	Sig Updated
2019-05-04	68.27500	Sig Updated

ID	4759
Released	Aug 12, 2005
Description Updated	Mar 13, 2007
Aliases	Adware-SideSearch application [McAfee]
Platform Profile	Adware typically display advertising content to the user. This advertising content may take many forms, but is typically in the form of web browser pop-up advertisements. In most circumstances, the user is not aware of the Adware component being installed on the local machine.