Every time you go shopping on Amazon.com does your browser look like this?
Look closely, you will note a separate ad box for a similar product hosted on ebay. Whats going on here? Why would amazon host ads for similar products on a competitor's site? Its like I walked into McDonalds and I saw a big ad at the counter for a Burger King hamburger. Turns out this computer is infected with a type of malware that injects ads directly into the webpage you are viewing.
Malware that delivers unwanted ads is nothing new. These types of programs have been trying to sneak their way onto your computer since the dawn of the internet. Often times, they are bundled with other software's install wizard and you probably agreed to install it by mistake because you were clicking through too fast.
This particular malware I found on my wife's computer seemed more invasive than usual. You see, there are laws that require software to be easily uninstalled if the user decides they want to remove it.1 2 So most of the time you can uninstall malware by using the Windows uninstall menu. But when I went to look in the uninstall menu, there was no suspicious 'Wajam' app. Ok, sometimes these things are installed as browser extensions. Nope not there either. I looked in Firefox, IE, and Chrome. No Wajam extension. But wait, there was something else funny going on: those Wajam ads were showing in all the browsers! Usually, it's only one browser (cough IE) that is infected with shitty search toolbars. Furthermore, accessing the same website from another computer in the house did not show the wajam ads. So it seemed that some Wajam malware was still on this computer.
Wajam uses a proxy or DLL to re-route internet searches through its servers in order to append social search results and to display advertising.3
It gets worse. Next I discovered that Wajam had installed a root certificate on the computer. This root certificate allows Wajam to see traffic passing through SSL connections so that it is able to inject ads even into encrypted connections.
Think about that for a second: all of your internet traffic is being re-routed though Wajam servers. Even the stuff you thought was secured and protected with SSL encryption. Every time you logon to any of your online accounts, you are sending your unencrypted username and password to Wajam first. This is some next level shit. To be able to pull this off requires some serious server horsepower on their end which I'm sure costs them a fortune. But it must all be worth it to serve you those sweet sweet advertisements.4
So if you see those Wajam ads on your computer, for fuck sake, use these guides to clean it up.