PLEASE NOTE: You are using an anonymous connection (VPN, Proxy, Web Server, etc). Our terms and conditions prohibit the use of an anonymous connection. The use of the CRDF Threat Center will be restricted for security reasons. We invite you to disable your VPN/Proxy. For more information, please see this page.
Criteria for detection for the CRDF Threat Center database
The following criteria is part but not limited to what determines whether a program and or a website domain(s) is added for inclusion in the CRDF Labs malicious database.
Last update: March 2023
Distribution and Installation
Installs without user permission, user interaction or an installation interface
Bundles other known/unknown adware, spyware, or malicious software including potentially unwanted software
Installs hidden plug-ins in the Web browser that do not have a user interface
Is installed by an Program or Exploits a security vulnerability in any way
Installs using deceptive or questionable methods or tactics
Installs even if the user clicks No or cancels the installation
Is installed by third-party affiliates
Offers an affiliate program that pays a fee for distributing potentially unwanted software
Is affiliated with malicious or questionable portals, search engines, or hacking sites
Behavioral Criteria
Modifies the HOSTS file without full disclosure in an acceptable and enforceable EULA
Modifies or replaces the HOSTS file without creating a valid backup
Modifies registry setting related to the HOSTS file
Changes common settings, such as the home page or search page, without user permission
Changes any Web browser configuration which the user can not undo
Uninstalls existing software without user consent
Includes a process that cannot be manually terminated by the user
Displays pop-up or pop-under windows outside of the application
Displays pop-up or pop-under advertisements that cannot be closed by clicking a Close button
Modifies Web site content, such as changing search results or substituting certain advertisements for other advertisements
Displays pop-up advertisements when the Web browser is not running
Displays pop-ups or 3rd party banners or images
Automatically restarts itself if the user terminates its process
Restores registry keys or file entries that are removed by the user
Redirects or blocks searches, queries, user-entered URLs, and other sites without notification or user consent
Security Criteria
Changes operating system security settings without user permission
Changes software security settings, such as a Web browser security settings, without user permission
Silently adds entries to the browsers web content zones (Trusted, Restricted Zone, etc.)
Silently adds entries to the users Firewall to bypass detection
Connects to the Internet without user permission
Disables firewalls, Antivirus software, or Anti-spyware software or other Security related programs
Opens a port on the computer without user knowledge
Silently reinstalls or updates components
Adds a new dial-up connection or other network connection
Initiates a connection to the Internet or initiates a dial-up connection without user interaction
Prevents Anti-spyware or Antivirus software from removing the program
Downloads and installs software or updates without user permission
Runs in a mode that hides processes from the user or system tools
Provides remote administration or file transfer capabilities
Monitors sensitive items without explicit notice and consent, such as keystrokes, emails, instant messages screenshots, or the history or open programs and documents
Runs malicious or questionable scripts
A remote server making unsuccessful bruteforce attempts on machines
A remote server making illegitimate requests, scanning servers for vulnerabilities and hosting unsecured Proxy / VPN / Open Relay
Privacy Criteria
Does not contain a Privacy policy, or uses a 3rd party privacy policy which fails to provide an easily accessible privacy policy that explains data collection and other practices used by the program or site.
Does not contain or display an acceptable and enforceable EULA (End User License Agreement)
Installs a LSP (layered service provider) without full disclosure and explicit user permission
Silently tracks sites visited without user permission, such as by IP address, GUID, email address, name or other identifier such as 3rd party hit counters, web beacons, and or uses non-session third-party Cookies.
Tracks Web browsing behavior and transmits this information to a remote server
Tracks online activity and matches it to personally identifiable information without clear notice and consent, including but not limited to Web pages viewed or accessed, user selected content, keywords and search terms
Tracks Web browsing behavior via 3rd party Cookies (aka: Data Miners) or requires the user to access another site for the purpose of using an "opt-out" Cookie
3rd party surveys that may or may not be part of third-party advertising, marketing, or metrics/measurement networks without full disclosure of information obtained or where this information is retained and with whom specifically this information is shared
Collects personally identifiable information without express consent in statements other than the EULA or privacy policy
Removal
Does not include a working uninstaller that is compatible with "Add or Remove" or "Programs and Features"
Automatically reinstalls itself after the user uninstalls it or part of it
Requires the user to download an uninstaller from a Web site
Requires Internet access to uninstall
Requires additional information to uninstall the software, such as email address
Uninstalling the software causes the system to become unstable or vulnerable
Other
A software program or website including any other Web sites or domains owned, maintained or affiliated with, that are detected by an but not limited to any Antivirus or Anti-Spyware type program or mentioned in their Database
Any Web site that is determined to be in a Blacklist Status in a Domain whois lookup
Any site that uses bogus, misleading or non-existent information in the Domain Registration
Advertisers or other 3rd party providers that run their content on sites that are known to install/distribute malicious software including potentially unwanted software
Any site that is involved in Spamdexing (search engine spamming) or intentional redirection links
Web sites or domains owned, maintained or affiliated with, that are determined to be involved in Phishing or other undesirable conduct
A shop or website masquerading as another brand and selling products in a completely illicit way
A company distributing advertisements (= advertising) links redirecting to illegal, dangerous and / or contain security risks for a client computer
URLs that advertising will be considered malicious
The advertising agency is responsible for ads served through its network
An integrated advertising in our database will be banned for a period of six months without any possible reserves
