Wadware is a lesser-known type of computer malware that has some unique characteristics compared to more common threats like viruses and trojans. While not as prevalent as other malware, it can still cause significant issues for affected users.
What is Wardware?
Wadware refers to a type of malware that spreads by attaching itself to legitimate files or programs. The term “wad” comes from archive files with the .wad file extension that were commonly used to distribute game mods and levels. Unlike many other types of malware, it does not self-replicate and relies on being bundled with desirable files to propagate.
How Wadware Spreads
There are a few common ways that wadware is distributed. In each case, the goal is to have unsuspecting users voluntarily install the infected wad files containing the malicious payload with the use of technology. These ways are given below:
Bundled with Legitimate Downloads
This malware is often bundled with popular software downloads and files shared on torrent sites or forums. The wad files contain the malware payload hidden amongst the legitimate content that users want.
Embedded in Hacked Files
The malware authors may inject this unique virus code directly into popular software program files or media files. Then they distribute these hacked files on file sharing sites hoping users will download them.
Shared Through Gaming Sites or Mods
Gaming communities built around modding and creating custom levels provide a natural ecosystem for this type of malware to spread. Authors can inject it into mod archive files which get shared and installed by users.
Loaded onto Public Computers
This malware is sometimes loaded onto public internet cafe or library computers via removable drives. When users run games or programs on the infected computers, the virus silently installs itself.
Wadware Infection Process
The wadware infection process often follows these general steps:
- A user downloads a WAD file from the internet.
- They run the WAD file to install a game mod or access new levels.
- Embedded malware executes on their computer during installation.
- It makes system modifications to ensure persistence after reboot.
- Malicious processes run silently in the background.
Unique Attributes of Wadware Infections
Unlike most malware, wadware has some unique attributes that set it apart. These unique attributes are given below:
- User-driven Installation: This malware relies on people actively installing infected files rather than self-replicating across networks.
- Bundled with Desirable Content: The allure of game mods, levels, or tools motivates installation rather than just malware itself.
- Origins in WAD files: The unique virus derived from the specific WAD file type before expanding to other executable formats.
- Limited Distribution Channels: It is typically found on niche gaming sites and forums rather than widespread networks.
- Targets Gaming Enthusiasts: Gamers who mod and make custom levels for older games are the most common victims.
Dangers and Risks of Wadware
While wadware may not spread as rapidly as other threats, it still poses many risks such as:
- Data Theft: It can steal passwords, financial information, or other sensitive data from an infected computer.
- Cryptocurrency Mining: Some variants mine cryptocurrency using the resources of host system .
- Brute Force Attacks: Infected machines can be used to launch credential stuffing or DDoS attacks on other targets.
- Ransomware Delivery: Advanced type of this malware may install additional malware payloads, like file-encrypting ransomware.
- Reputational Harm: Serving as a launch point for attacks can tarnish infected gamers’ reputations.
- Stability Issues: Malicious processes running in the background can lead to system crashes or slow performance.
How to Prevent Wadware Infections
Gamers and others who regularly install custom content from sites or forums can take these steps to avoid wadware infections:
- Use Trustworthy Sources: Only download WADs and mods from reputable sources and creators known to the community.
- Scan Before Installation: Use antivirus tools to scan all downloaded files before attempting installation.
- Monitor System Changes: Watch for unexpected processes, firewall changes, or instability after installing new content.
- Isolate Custom Content: Use virtual machines or separate hardware profiles to safely test questionable WADs.
- Learn Common Injection Points: Research where this malware payloads typically insert themselves into different file types.
- Keep Software Updated: Patching games and mods closes vulnerabilities that could allow payload injection.
Removing Wadware from Infected Systems
If you suspect your computer has been infected with wadware, take these steps to remove it:
- Disconnect from the Internet: This prevents the malware from communicating with command servers or spreading further.
- Enter Safe Mode: Restart your PC and boot into safe mode before scanning. This prevents malware from defending itself.
- Run Antivirus Scans: Use updated malware scanners to locate and quarantine infected files. Focus scans on system directories and gaming folders.
- Delete Suspicious Files or Programs: Carefully check for recently downloaded .wad files, cracks, or program installers that may contain malware. Delete anything suspicious.
- Restore from Backup: If malware has damaged critical system files, you may need to wipe the drive and restore from a clean backup.
- Change Passwords: Once removed, immediately change account passwords that may have been compromised by malware stealing data or keylogging.
Wadware represents a cyberthreat that lurks within gaming communities and leverages people’s desire for mods, cracks, and custom content. Through careful file sharing and safe computer use, gamers and all users can reduce their risk of this malware infection. With vigilance and safety in downloading files, it can be kept from impacting computer use and gameplay.