Spyware Weekly Newsletter :· August 18, 2004

The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/aug18,2004.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

Permalink | Top

A few months ago, Yahoo.com announced that it would add spyware detection to it's Internet Explorer toolbar. It was a surprise move, especially considering that Yahoo, via Overture which Yahoo owns, has a very lucrative arrangement with the Claria corporation. Claria makes Gator, a piece of adware that is targeted by every single antispyware product in existence. What was not so surprising was the fact that Yahoo's toolbar deliberately ignored (mirror)their adware partner.

When it first came out, Yahoo's toolbar ignored all adware by default. If the user wanted to scan for adware, the user had to check a box first. The user had to check that box every time because there was no way to make the setting permanent.

After being roundly criticized for straddling the fence between fighting spyware and playing favorites with their adware partners, Yahoo has decided to do the right thing. The toolbar is out of beta testing and now is being offered to the general public. The final version of the toolbar does not ignore adware as the original beta version did. Some testing shows that it also detects Gator, although not perfectly.

Thank you Yahoo for doing the right thing.

Permalink | Top

Program: Spyware Eliminator, Dr Speed, Everlasting Pop-up Stopper
Author: Aluria Software LLC
Platform: Windows 98, ME, NT 4.0, 2K, XP

This week we have a triple feature. We have Aluria Spyware Eliminator, Aluria Dr Speed and Aluria Everlasting Pop-up Stopper bundled together. That is $100 worth of software. For one week, until August 26, you can have all three of these programs for $39.99. Use this link (http://www.aluriaaffiliates.com/go.rd?id=29a8x93c3352) and click the flash banner on the right side that says "Sale". Enter the coupon code Saving to receive the discount.

Dr Speed is a program designed to tweak your internet connection. Out of the box, Windows does not deliver the best possible internet speed. Dr Speed will test your connection and tweak certain registry settings to make browsing and downloading go faster. Everlasting pop-up stopper does just that, stops pop-ups from springing up all over the computer while you surf the internet.

Aluria Spyware Eliminator is a fantastic spy killing program. It finds adware. It finds browser hijackers. It finds advertising spyware designed to gather your browsing and searching habits. It also finds commercial surveillance spyware designed to monitor your keystrokes and steal your credit card numbers.

ASE also helps to protect your computer from various browser hijackers. It includes a list of ActiveX CLSID (ID numbers) associated with known spyware and hijackers, as well as an IP address blocker. ASE also adds a long list of web sites known to install spyware into Internet Explorer's restricted zone. It also protects against HTA scripting, a technology being abused by many hijackers. It even will watch to make sure your home page has not been altered.

When set to "full scan", ASE will scan active processes in memory, the registry and every disk drive in your computer. If you prefer, you can have it skip the memory, the registry and can pick and choose any combination of hard drives and folders. If you have a program you can't do without that requires a bundled adware, you can add that adware to the exclusion list. If something breaks after removing a piece of adware, you can restore what you removed.

This is a SpywareInfo exclusive offer. This price is not available anywhere else ... it is only for Spywareinfo readers.

Permalink | Top

A very nasty trend is developing in the world of malware. At risk is your credit card number, social security number and, indeed, your entire identity.

Criminals are distributing spam emails which purport to link to details of a fictitious credit card order. If someone clicks that link and is running a Windows operating system that has not been patched recently, the page linked in the email will install a trojan onto the PC. The trojan acts as a keylogger, making a log of every key pressed on the keyboard. Someone could log into the trojan and retrieve the log. From that log, the attacker could discover passwords, account numbers and any number of other personal details.

By now, many internet users know better than to fall for so-called "phishing" scams. A phishing scam attempts to trick a victim into providing account numbers and passwords by having them log into an account at what appears to be their bank. In fact, the phisher's site usually is a mock-up that looks identical to the bank but has no other relationship to it.

This new scam doesn't require even that much effort. While many people would not be fooled by a phishing attempt, plenty of people would at least click the link to see the details of the fictitious order. If nothing else, it may appear to be an honest mistake made by a legitimate company. If your computer has not been patched for security flaws, simply loading the page is all that is required to install this keylogging trojan. Unfortunately, even being up-to-date on security patches may not be enough as there are plenty of unfixed bugs in Windows. To learn how to protect yourself against this sort of auto-installing malware, read my article on how to prevent a browser hijacking (mirror).

Permalink | Top

As long as there have been advertising malware such as spyware and browser hijackers, there have been web sites complaining about them. People who are aware of the malware problem are less likely to become infected by it and less likely to put up with it. This has become a problem to the purveyors of these parasites. These companies don't want people to know the dirty little secrets of their industry.

So these companies hired spokespersons to go to the media to muddy the waters and divert attention away from the issue. Over time, certain common themes have been repeated over and over when these people discuss the issue. It is a campaign of misinformation and lies. I think it's time to examine these lies and expose them for what they are.

Certain People Dislike Advertising

Without a doubt, the most common piece of misinformation that you will hear from the malware makers is that "some people just don't like advertising." They will claim that they are doing the public a service by allowing developers to distribute their programs without charging for them by paying them to bundle advertising software. If they are to be believed, the entire controversy over spyware, adware and browser hijacking is by a very vocal minority who don't want to look at advertising.

This is complete garbage. It's a strawman argument that they use to divert attention away from the nastier aspects of their software. Advertising has nothing to do with it.

Sure, there are people who seem to be mortally offended at the whole idea of advertising. They run complicated proxy software and edit their HOSTS files to block thousands of advertising servers just so they won't sully their eyes by seeing a banner ad. The malware makers are right on one point, those people are a minority. In fact, they have nothing to do with the antispyware crowd.

The antispyware community doesn't care that malware causes advertising. Who cares about ads? If someone wants to distribute software for free and pay for it with an ad banner embedded into the program, that's fine. Who cares? No one thinks the Opera web browser is evil because it is adware. You can buy it for 40 bucks or you can have it for free with a banner ad at the top. Advertising has nothing to do with it.

What people complain about is the fact that most of this malware installs without being disclosed. If it is disclosed, the disclosure usually is buried in a huge license agreement. It often cannot be uninstalled easily. It pops up advertisements even if you are not using the program which installed it. It changes browser settings and refuses to let you change them back. In the case of advertising spyware, it logs the addresses of web sites visited, keywords searched for and other information and transmits that back to the company responsible for it.

They Want To Make Money

Another piece of misinformation you'll hear often is that antispyware vendors created this controversy in order to sell their software. They claim that the antispyware crowd engages in fear mongering to scare people into buying antispyware products.

While it is true that several companies now are making a ton of money selling software to seek out and remove malware, those companies are merely jumping onto a bandwagon that has been rolling for years. The first three programs put on the market to kill advertising spyware, GRC's Opt-Out, Lavasoft's Ad-Aware and Spybot S&D, were free. For years, these were the only products available anywhere that dealt with advertising spyware. Somehow that fact is never mentioned.

Porn and Piracy

Another falsehood that you may hear doesn't come from the malware makers themselves. This one comes from people who are aware of the controversy but ignorant of the problem.

These people believe that those who end up infected with spyware and browser hijackers brought it on themselves by surfing for porn or trying to find pirated software. This argument attempts to dismiss the problem by embarrassing those complaining about it. Sites where you can find porn or pirated software are a common source of malware infections but they are by no means the only source.

You would be surprised at some of the places you can become infected. Some message boards will be paid to insert code that will install various malware. Some regular web sites which have nothing at all to do with porn or piracy also will infect you.

Let's take me for example. During my first week with an internet connection, I managed to become infected with a parasite. Was I surfing for porn? No. Was I looking for pirated software? No. What I was doing was reading a David Weber fan site that took a suspiciously long time to finish loading. Five minutes later, my firewall was alerting me to the fact that something called My Comet Cursor was trying to access the internet. This was a classic drive-by download. This is, in fact, the incident that gave me my start in the antispyware movement.

The Problem Is Real

Advertising parasites and other malware are a major problem. It is not a bunch of kooks who hate ad banners. It is not a bunch of perverts surfing for porn. It is not a group of greedy antispyware vendors trying to make a fast buck.

The problem is software which turns Grandma's $1,500 PC into someone else's billboard. The problem is software that assigns the PC an ID number and proceeds to track every activity in order to build a profile of the users of that computer. The problem is software that takes over a machine, sets the home page to a phony search portal, spawns thousand of pornographic pop-ups and refuses to be removed.

Don't ever let anyone tell you that the problem of spyware is a bunch of hype. Don't believe the misinformation. The problem is real and it is becoming worse every day. If you don't believe it yet, then just ask any of these people.

Permalink | Top

The abomination known as CAN-SPAM has caused the spam problem to escalate. Even worse is that the law doesn't allow individuals to sue spammers for violating it. The Institute for Spam and Internet Public Policy has come up with a clever way around this problem. The Institute has launched a service to assist people in suing spammers, who spoof their web site domain when they send out their mailings.

Spammers never use a correct return email address. Instead, they use a fake address, often from a real web site. I used to receive thousands of bounces at various @spywareinfo.com addresses used by spammers in their mailings. The Institute will help people to sue spammers who spoof their domains as a trademark violation.

Treated strictly as a trademark violation, assuming you have registered your domain as a trademark, you can take any spammer to court that uses an email address from your domain. Even better, you also can sue the company who is paying the spammer to send out these mailings.

I think this is a fantastic idea. I plan to register spywareinfo.com as a trademark. If anyone spoofs an address@spywareinfo.com for a spam mailing, I absolutely will take them to court and squeeze them for as much money as possible.

Permalink | Top

I have followed a number of news stories recently about so-called "incompatibilities" with Microsoft's Service Pack 2 for Windows XP. Because SP2 enables the Windows Firewall by default, it is blocking internet connections by a number of programs. Unbelievably, people are reporting this as a "glitch" in the service patch.

These people need to get a clue. These are not bugs, glitches or incompatibilities. The service patch is doing exactly what it is supposed to do. It turns on the new Windows firewall, which blocks connections in and out until you tell it to do differently. That is what a firewall does. This is not unique to SP2. All software firewalls - ALL OF THEM - do exactly the same thing.

When XP's Service Pack 2 comes out, don't let these foolish news articles about "incompatibilities" keep you from installing it. There may be real glitches found later on. The stories that are out right now are full of nonsense, written by the uninformed. You will be much safer from drive-by malware infection after you install this service pack.

Links:

http://it.slashdot.org/article.pl?sid=04/08/17/0023206 :: Microsoft Lists SP2 Incompatibilities

Permalink | Top

Last June, police in Madrid, Spain shut down a ring of illegal dialer operators. The scammers were distributing dialers that forced infected computers to dial up expensive "pay by the minute" premium phone numbers within Spain.

According to a source in Spain (who prefers to remain anonymous), Spain now has made it harder for people to access these premium telephone services. In order to access a premium telephone service, a telephone customer must request a form, sign it and return it to the telephone company. Spanish telephone companies will be required to list on the customer's bill the names of the companies using those premium phone numbers.

Dialer programs have to state clearly, in a graphical, colored window, what they are and what they will do once installed. Any company distributing dialers programs in Spain also must provide a free program which will detect and block unwanted dialers as well as a working uninstaller for their own software.

Permalink | Top

From time to time, I receive a letter from a reporter who wants to discuss spyware and browser hijackers. Usually this is not long after they or a friend have become infected with one or the other. Occasionally, these reporters want to interview people who have had to remove spyware or a browser hijacker. When that happens, I usually send out a newsletter asking for people in their geographical area.

I want to start a list of people ahead of time for situations like this. If you ever have become infected with spyware, adware, a browser hijacker, a phone dialer or some combination thereof and you would like to talk to a reporter about it, I would like you to contact me. I will have your name available if a reporter in your geographical area would like to contact people who have been infected in the past. Use this address please (press@spywareinfo.com) instead of replying to this newsletter.

This is the information I need:

How you became infected if you know
What you were infected with if you know
How long you were infected before fixing it
How you fixed it (ie. Spybot, Ad-aware, a message board, etc)
The city and country in which you are located or are near
A working email address

I won't give your email address to the reporter, if one from your area writes (or to anyone else for that matter). Instead, I will reply to your email with the reporter's contact information. I know from experience that a large number of you are going to email, so I won't be able to respond to these emails. Thank you in advance for participating in this.

Currently I need some people from the Washington D.C. and Atlanta area.