Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32.Adware.HotBar (Generic Description)

The HotBar family of adware applications displays advertising popup windows during internet browsing and adds advertisement links and pictures to the users outgoing email. HotBar is able to auto-update itself without asking for any permission from the user. The HotBar auto-update can install any software, including all forms of malicious software, without the user knowing it. This is considered to be a critical security threat. The vendor states on their homepage that HotBar enhances and personalizes internet and e-mail applications. Most users are attracted by the fancy HotBar "smilies" which they can add to their email, or by the new background skin schemes which HotBar installs. HotBar Adware directly interacts with the surfing habits of users by displaying advertisements and trying to collect information from visited websites in order to display Hotbar's advertisements. According to the privacy statement on the HotBar web site, personal information is collected. This may include the users E-mail address, name, age, location, etc. As of this writing users are unable to read the HotBar privacy statement without allowing potentially dangerous applications from running on their computers.

After Hotbar is installed it might add new desktop icons. These desktop icons are not programs, they are simply internet shortcuts with a fancy, custom icon.
Double-clicking on these icons will point Internet Explorer directly to other advertising websites, such as hotbargames.com with a referrer (Affiliate) ID Number. There are a few games available for download. Most of the games are crippled demo/trial versions and are not fully functional before they game is bought. The game prices are around $19 US.
The "Free PC Wallpapers" icon leads the user to wowpapers.com and downloads wallpapers. The integrated HotBar downloader stores wallpapers, such as "HotbarWP.BMP" directly in the Windows folder without any user confirmation.

Note: Large bitmap files, such as these, waste large amounts of memory when used as desktop wallpaper.

HotBar might also install the "Hotbar Weather Service", displaying regional weather information together with other advertisements coming from HotBar.

When this weather panel is installed the Windows System Tray shows an icon of a sun as the indicator for this service.

HotBar integrates itself into Microsoft Internet Explorer as a toolbar. This toolbar can be disabled and enabled using the Toolbars menu from Internet Explorer as shown in the next illustration:

Disabling Hotbar in this menu doesn't mean that it is not more running anymore, it will just not display the Hotbar toolbar anymore, usually displayed as shown below:

HotBar scans the history of visited websites and recognizes "Hot-Words" (Trigger-Words) in the website contents. If, for example, a user visits an antivirus related website, it will attempt to direct the user to websites that HotBar want users to browse to. (See illustration above where HotBar recognizes antivirus related website content and then displays search bar buttons that link to content related to this topic). Using these buttons will of course lead the user to HotBar affiliated software websites, which HotBar presumably is paid to do.

Hotbar Adware is also able to detect the language being used by the current website domain and use the corresponding language as shown below:

When visiting a German website the toolbar present buttons using German words. In this case "Suchmaschinen" means "Search Engines", "Internet Anbieter" means "Internet Provider",
"Internet" has the same meaning in German as in English, and "Domain Suche" means "Domain Search".

With this "technology" Hotbar is able to target more international users and there for increase the chance of users clicking on one of the affiliated links.

The HotBar advertising bar is not used on their own homepage so as not to lead visitors away from the HotBar homepage!

HotBar also adds their own search-bar to Internet Explorer in the upper right side of the browser:


HotBar also integrates itself into Outlook Express:

This functionality will allow the user to add smilies to outgoing emails, but it will also add advertisements to the users emails without the knownledge of the user:

Information which HotBar Collects:

Websites which the user visits and how often
Information about what the user is searching via search engines
Personal Information about the user, such as name, age etc.


Advertising and Popup Windows:

HotBar displays Popup Windows while browsing the web, and it will also display Popup Windows when the internet browser is not running, but the computer is connected to the internet.

Removing Hotbar from the Computer System:

Navigate in the Control Panel to "Add/Remove Software" and select "Web Tools by Hotbar", then click add/remove button and follow the instructions to uninstall HotBar.

The HotBar hompage contains their own uninstaller: http://hotbar.com/downloads/HbUninst.exe

History: Analysis and Write-up by: Michael St. Neitzel