The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/nov10,2004.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

Permalink | Top

Antivirus firms are warning of a truly nasty phishing scheme filling inboxes in South America. Unlike the more familiar emails which attempt to trick people into filling out their bank log-in information on a scammer's site, this new virus doesn't require the victim to so much as open the email.

If the targeted computer has not been updated with security patches, the virus will exploit an ActiveX control to run a script. The script will rewrite the computer's HOSTS file, causing all connections to certain Brazilian banks to be redirected to the scammer's site. Unfortunately, since Outlook and Outlook Express enable the preview pane by default, all you have to do is click the email for it to launch the script. You don't even have to open it. Just attempting to delete the email may cause it to be activated.

It probably won't be long before this virus begins to target European and North American banks. I strongly advise disabling the preview pane in your email program as well as having it use the restricted zone settings.

An alternative would be to switch to a different email program altogether. I have been using Thunderbird for a long time and I love it. It has its quirks and annoyances but I prefer it to Outlook Express. It has the best spam filter I have ever seen.

If you cannot switch to another program, a filtering program such as Benign might be the answer. Filtered through Benign, this virus and others like it would be unable to execute.

Most importantly, make sure you have installed every available security update for your computer.

Permalink | Top

Program: X-Cleaner
Author: X-Block
Platform: Windows 9x, ME, NT 4.0, 2K, XP
License: $39.95 [10% off for SpywareInfo readers]
Coupon code: SPYW-XIST (Expires November 19, 2004)
More Information: http://www.spywareinfo.com/downloads/x/

X-Cleaner Spyware Remover is an award winning spyware detector that finds and removes commercial spyware programs. X-Cleaner also features a unique mobile active-x spy scanning utility so you can login through your member's center and use it from public terminals.

A new feature of the program even allows you to bypass hardware keyloggers which use no software that can be detected.

No installation required - simply download and use or you may install if you choose. X-Cleaner provides courteous support via e-mail for registered users. Software is delivered instantly via digital download and you can download new versions as often as you like the first year.

You can even put this on a floppy disk and carry it to work in an envelope or in your shirt pocket. Insert floppy, scan and zap the keylogger or delete your surfing traces.

X-Cleaner was recommended by Kim Komando in her article for MSN, Danger, danger: 5 tips for using a public PC.

Features

1) New expanded detection and removal database.

2) General Interface Improvement- Users can now resize the program window to fit into their screen anyway they like, especially useful for the encyclopedia where they had to scroll right.

3) Bypass *hardware* keyloggers using onscreen keyboard for input- This is under the Expert tab for Deluxe Users only and makes use of the built-in based keyboard in Windows so that users can key in information without using physical keystrokes. This is very useful for sending sensitive material since hardware keyloggers (a growing threat X-Block is working on) evade anti-spyware which normally targets software loggers only. Given X-Cleaner's mobility in terms of file size, this is a useful little addition to have since you can go to an Internet Cafe- sweep for keyloggers (or use the full active-x scanner in the members area) and then use the software based keypad to evade hardware logging.

4) Direct link to online assistance integrated into software- as always X-Cleaner technicians are dedicated to providing prompt and professional e-mail support for even hard to remove cases of the spyware plague.

If you have any problems with the ordering page or with the coupon code (SPYW-XIST), please email Catherine http://www.spywareinfo.com/email2.php.

Permalink | Top

Spyware is not just annoying. Spyware is hitting all of us in the wallet as tech support firms must deal with millions of customers infected by it.

Some studies claim that as many as 97% of all personal computers may be infected by various spyware programs. Personally, I believe that number is incorrect. Probably that number includes machines which had nothing more than tracking cookies. While cookies can be abused to spy on a person's web surfing, the cookies themselves are not spyware.

Whatever the actual percentage, the fact remains that countless millions of people find their personal computers hijacked by some form of spyware, adware or a browser hijacker. Many of those people call for technical support from their computer maker or their ISP. That creates more cost for those companies and they pass those costs back to their customers. Even if you never have spyware on your own computer, the cost of your computer and internet service may be higher due to the cost of repairing those that do become infected.

Permalink | Top

Anick Jesdanun has written an interesting three-part article about spyware for the Associated Press. It is worth taking a few minutes to read all three parts.

Links:

http://www.chron.com/cs/CDA/ssistory.mpl/tech/2875333 :: Tangled In Spyware, Part I
http://www.chron.com/cs/CDA/ssistory.mpl/tech/2876631 :: Tangled In Spyware, Part II
http://www.chron.com/cs/CDA/ssistory.mpl/tech/2878534 :: Tangled In Spyware, Part III

Permalink | Top

I mention elsewhere in this newsletter that cookies may be abused to spy on a web surfer. The company most associated with this practice has to be Doubleclick.

Doubleclick is an advertising company. Their servers load many of the advertising banners you see on various web sites. The picture files used in those ad banners are all loaded from various doubleclick.net servers. The tracking comes from cookies set and read by those servers.

A cookie can be read only by the web site that created it. A cookie from SpywareInfo's message board cannot be read or edited by any other site. Doubleclick and other companies bypass this security arrangement by loading images on numerous other sites.

If you visit site A and a Doubleclick banner loads, it will set a cookie. If site B also has Doubleclick advertisements, Doubleclick's servers will see the cookie that was set when you visited site A. Doubleclick knows you visited those two sites. If site C also uses Doubleclick banners, they will recognize you there as well.

The purpose of this tracking presumably is to provide banner ads that may be more relevant, a determination based upon the sites you are visiting. That in itself is unsettling but really is nothing serious. Doubleclick will be able to learn what browser you are using, what sites you are visiting and can tell what city you are in based upon your IP address. They will not be able to learn your name, address, email address or other identifying information.

So what's the big deal if they don't know who you are? Each cookie is given a unique tracking number. Doubleclick wants to put a name to that number. They have gone to great effort in the past to do exactly that.

In late 1999, Doubleclick purchased marketing research firm Abacus Direct in a merger worth over 1.7 billion US dollars. Doubleclick announced plans to combine Abacus's database of consumer profiles gathered offline with information that Doubleclick had gathered on the internet. This would have allowed the company to uniquely identify individuals whose browsers loaded Doubleclick advertisements on the internet.

A massive effort was organized by pro-privacy groups in an effort to halt the merger. The Center for Democracy and Technology coordinated an email campaign against Doubleclick investors and members of the Doubleclick network objecting to their association with the company. Thousands of complaints poured in from outraged consumers.

The Federal Trade Commission and the New York State Attorney-General's office both opened informal investigations into the company's activities. Michigan's Attorney-General filed a lawsuit claiming that Doubleclick had violated Michigan's Consumer Protection Act. This was in addition to six other lawsuits against Doubleclick, some of which attained class-action status.

In the face of this opposition, Doubleclick finally backed down from its plans to merge these two enormous databases. More information about this situation is available at http://news.com.com/2104-1023-237532.html

As you can see, Doubleclick has a very poor record when it comes to consumer privacy. To many people, Doubleclick's activities make it the poster child for abuse of internet technology. To many proponents of online privacy, Doubleclick is the example that is cited to show how badly one company can abuse the privacy of consumers.

Doubleclick may end up being offered for sale according to a statement released by the company. Doubleclick has warned that it may not achieve the amount of revenue predicted by Wall Street analysts.

My worry is that Doubleclick's online database and the offline database from Abacus Direct may be sold to the same firm. If that happens, there will be a great temptation to merge those two databases. Who knows if the reaction will be as harsh this time as it was the last time.

If those two enormous databases are merged, your name, address and even your credit history may end up being attached to a very detailed record of your web surfing over the past several years. If there are any sites which you would be embarrassed to admit seeing, whether you were there deliberately, were hijacked there by malware or just found yourself there accidently, the records of those visits may be available to anyone with the money to buy the information.

Find the address and phone number of your state's Attorney General and keep them handy. You may need them soon.

Permalink | Top

From the Red Herring:

The specter of identity thieves trolling the Internet continues to darken the future for e-commerce, study after study shows. Fear of fraud keeps people from banking, shopping, and even answering simple questions online. Recognizing the scope of the problem, authorities across the globe have vowed crackdowns on Internet criminals. Sometimes they even catch a few.

That happened this week, when U.S. law enforcement authorities announced they had arrested 28 people in eight U.S. states and six foreign countries in connection with a web site used for the online trafficking of stolen ID information and credit cards. While “Operation Firewall,” as the feds dubbed the bust, marks an impressive demonstration of cooperation among industry and interdepartmental and international law enforcement, the war against ID theft still has a long way to go.

Read the rest of this article at Red Herring.

Permalink | Top

From CNet News:

The companies, which make up the Anti-Spam Alliance, announced on Thursday that they've each filed new lawsuits in U.S. Federal Court against senders of unwanted computer messages. The companies filed suits in the states of Washington, Georgia and California accusing defendants of violating the federal Can-Spam Act, along with other state and federal laws.

...

One of AOL's new lawsuits is noteworthy because it's the first to target "spim"--unwanted messages sent through instant messaging programs or chat rooms. So far spim has only affected a small number of users. Experts say the problem is growing but may be minimized by new enterprise-class IM applications and enhancements in consumer IM software. AOL's lawsuit may show spimmers that the company is serious about shutting down the threat through legal avenues as well.

Read the rest of this article at CNet.

Permalink | Top

The deadline for submitting one-liners that will appear on a new SWI T-shirt is approaching.

Each month, Spywareinfo is going to offer a special t-shirt... just t-shirts - no hats, coasters, toasters, or assorted other things. It will be just a monthly t-shirt. The theme will be decidedly 'geeky'.

Each month there will be a different "humor/wit line" which will come from you, the Spywareinfo readers. Mike will pick a winner on the third Friday of every month and that winner's line will be on the next month's t-shirt. For example, the November submissions must reach Spywareinfo by Friday, November 19, 2004. And that will be the shirt offered for December 2004 - right in time for your December holiday shopping (hint, hint!).

Click here for more information: http://www.spywareinfo.net/oct28,2004#tshirts