The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/dec24,2005.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is commentary. It should not be mistaken for unbiased, objective journalism.

Permalink | Top

• Texas Expands Lawsuit Against SonyBMG
• Last Minute Gift Suggestion - Spyware Doctor
• UK Increases Fine For Rogue Dialer Use
• Security Risks In Unexpected Places
• FTC Declares Can-Spam a Success
• A Peek Into The Future
• Followup To Employer Snooping Story
• Never Try To Predict Reader Responses
• Headlines

Permalink | Top

SonyBMG's legal woes continue to grow worse. A lawsuit by the State of Texas against SonyBMG has been expanded to include new charges.

The original lawsuit alleged that SonyBMG's XPC copy protection software violated Texas antispyware laws. The XPC software hid malicious and potentially destructive software with a rootkit, as well as opening a security hole.

A patch intended to remove the rootkit, released by SonyBMG after news of their software became public, turned out to be more harmful than original software. If installed, the XPC patch would have allowed any web site to install any software, regardless of its origins.

Texas now says that a different form of copy protection used by SonyBMG also violates the state's antispyware law, as well as laws against deceptive practices. The updated lawsuit alleges that this other copy protection program, known as MediaMax, is installed on computers even before the consumer is able to choose whether or not to accept it. The Texas Attorney-General says that SonyBMG is misleading consumers by stating that no files are installed, if the agreement is declined.

The MediaMax software also opens a security flaw on infected computers. This security flaw might leave a computer vulnerable to infection by other malicious software.

The Texas Attorney-General is asking that all Texas residents, who believe their computer to be infected by any of this software from SonyBMG, file a complaint with his office. The Attorney-General's web site demonstrates two ways in which to determine whether or not SonyBMG's XPC software is installed:

1) From Windows, choose Start, then Run, then type cmd. At the command prompt, type (do not include quote marks):

      "cd \" and press ENTER
      "cd windows\system32\$sys$filesystem" and press ENTER (substitute "winnt" for "windows" for Windows 2000)

If you are able to change to that folder, you have been infected. If you see the following message, then you likely are not infected: "The system cannot find the path specified."

If you are able to change to that folder, you have been infected. 2) From Windows, open any word processor and create a text document (named test.txt). Once saved, rename the file to "$sys$test.txt". Refresh the folder where you saved the file (by pressing the F5 button). If the file disappears, you have been infected.

If the court decides in favor of Texas, SonyBMG might have to pay up to $100,000 in damages for each violation of the antispyware law and $20,000 in damages for each violation of the deceptive trade practices law. Individuals whose computers were affected by the software also can recover damages.

Permalink | Top

Program: Spyware Doctor
Author: PC Tools
Platform: Windows XP, Me, 98, 95 and 2000

Purchase Spyware Doctor: $19.95 (Normally $29.95. Discount applied automatically until Dec 29, 2005.) http://www.pctools.com/spyware-doctor/purchase/?ref=afl_spywareinfo

Purchase Privacy Guardian: $19.95 (Normally $29.95. Discount applied automatically until Dec 29, 2005.) http://www.pctools.com/privacy-guardian/purchase/?ref=afl_spywareinfo

Purchase Registry Mechanic: $19.95 (Normally $29.95. Discount applied automatically until Dec 29, 2005.) http://www.pctools.com/registry-mechanic/purchase/?ref=afl_spywareinfo

Read my review of Privacy Guardian or Registry Mechanic for more information about those programs.

I gave Spyware Doctor a test drive on my computer a couple of months ago. After playing with it for awhile, I consider Spyware Doctor to be one of the top antispyware programs. On a scale from 1 to 10, I would give this program a 9 1/2.

PCMag evidently agrees with my opinion. PCMag editors included Spyware Doctor in their "Best of the Year" awards for 2005. Spyware Doctor also is a PCMag's Editors Choice for this year.

Spyware Doctor is a very nice and very polished antispyware protection program. The interface is uncluttered and easy to navigate. A system scan is initiated with the click of a single button. The same goes for updating the program. You could give a copy of this program to your grandmother for her first computer and she would have no trouble running it, with the default settings.

You may remember my marathon spyware killing experiment. I still have a copy of that infected virtual machine. On my "infected" test system, Spyware Doctor found a staggering 2,400+ infection items, kicked several processes out of memory and blocked 19 malicious start up entries.

Every item found was organized by the name of the malware and included a short description, as well as a detailed listing of every file and registry entry that it believed to be associated with it. Every item is labeled with a "threat level", showing how serious PC Tools considers that particular piece of malware to be.

OnGuard, the real-time protection module, protects against several methods used by browser hijackers and other malware. All of these components optionally will pop up an alert if something is detected. If a piece of malware exploits a browser flaw and tries to install itself, you will know about it immediately.

This is an excellent program. I consider it to be my favorite spyware scanner. Spyware Doctor has my recommendation - it is that good.

PCTools is offering a $10.00 discount on each of their top three programs, for the next two weeks: Spyware Doctor, Registry Mechanic and Privacy Guardian. The discounts should be applied automatically when using the links above. You will see the discount applied when you click the green purchase button.

If you have any problems with the ordering page, please email Catherine: http://www.spywareinfo.com/email2.php. Anyone buying as a corporate customer and needing many copies of this program, please contact Catherine.

Permalink | Top

Thinking of using dialer programs to scam British Telecom customers? You better have deep pockets. The English Parliament has increased the fines.

As of December 30, those who are caught scamming people with the use of dialer programs can be fined as much as 250,000 British Pounds (nearly half a million US Dollars). The previous limit was 100,000 Pounds. The increased fines also apply to fraudulent text and voice messages, telling people that they have won some sort of prize.

A "rogue dialer" is a small program, often dropped onto a computer alongside trojans, viruses and spyware. A dialer will activate the computer's modem and disconnect the speaker, to keep the user from hearing the modem place a telephone call. These calls usually are to so-called "premium" telephone services, like 900-number calls in America.

In most cases, the number the dialer calls is located in countries such as Chad, The Solomon Islands and other remote locations. The next phone bill received by the victim comes as a shock, as the telephone customer is presented with a huge bill. This illegal activity can cost some victims thousands of dollars before they even realize there is a problem.

Permalink | Top

Security analysts are worried about Windows Vista. The new operating system makes extensive use of metadata to make it easier to find documents. The problem is that this metadata may lead to inadvertent information disclosures.

It has happened many times. Word processors, spreadsheet programs and presentation software often embed information that you may not want the end recipient to have. Every time you delete a paragraph or rearrange sentences, the original version may remain. Although the author of the document doesn't see it, the data still might be there.

I use a text editor when I write this newsletter, so you do not see all of the edits and revisions that happen before I send it to you. For that, you should be thankful. You wouldn't believe the mess that I make of this newsletter before it is proofread.

Consider a common, if inadvisable, activity that most of us have done, at one time or another. We need to send a document to someone. A nearly identical document exists, which we sent out to someone else months earlier.

We open that document, change a few details and replace the original recipient's name with the new name. We save the document and send it out. The new recipient, if he or she has the wit to look for it, can see the entire original document.

It is insecure behavior when used in word processors and spreadsheets. Microsoft is planning now to have their new operating system mimic this bad behavior.

Windows Vista will be able to tag files with keywords and other data, in order to make it easier to find documents. Although it may help someone remember where to find it, those keywords might not be flattering to someone receiving that file in an email.

Microsoft will include features to remove that sort of metadata. Unfortunately, metadata removal will not be automated. It will be up to each individual user to delete the information. That is not good enough, say many security analysts.

If left up to the user, who may not even know the metadata exists, that information could remain embedded, when the document is sent to someone. Security analysts practically are begging Microsoft to fix the operating system so that metadata is deleted automatically when the file is saved or shared.

Current versions of Microsoft Office and Open Office (and perhaps other products) all have optional settings which will warn users, when they are about to save a file with hidden metadata embedded within it. These settings should be located in the options dialog, under "Security".

Microsoft also has created a plugin for Office XP and 2003 that will take care of any metadata embedded within a file. This plugin will delete all such data permanently. It would be a good habit to develop to use this plugin on any document created with Office, before the file is distributed.

Permalink | Top

The Federal Trade Commission has declared the Can-Spam law a success.

Ummm... yeah... OK...

My junk folder, as I write this, has over 800 spam emails in it. Those are the emails that my spam filters caught. It does not include the 40 other spams that slipped past the filters and landed in my inbox.

How much spam is in your inbox, right now? I will take a wild guess and say that there is more spam in there now than before Can-Spam became law.

The total number of spam emails sent out today exceeds what was sent in 2004 by 62% and continues to rise. Seven out of every ten emails are spam, a dramatic increase over pre-Can-Spam levels. Much of that spam is malicious; either it installs malware or it is an attempt to steal personal information.

If this is a victory, I would hate to see a defeat. This declaration of success could have been written by Orwell's Ministry of Truth.

War is Peace
Freedom is Slavery
Ignorance is Strength
Can-Spam is a Success

Permalink | Top

I found a link to this video, created and hosted by the ACLU, on Slashdot the other day. It will make you laugh, although it really is not all that funny.

It is a video (Flash browser plugin required) of a man trying to order pizza. Here is the ACLU's description:

In the video, a pizza parlor is able look up a caller's medical records, employment history, credit card purchases, travel plans, library loans and even the magazines that his wife subscribes to, all with the click of a mouse. In one spot, after noticing that the caller recently purchased a pair of 42-inch khakis, the parlor employee suggests he change his order to a "sprout submarine combo" instead of his usual double meat pizza.

I know - some of the things the ACLU decides to fight for and against are ridiculous and it makes it hard to take them seriously. Say what you will about the ACLU (some of which is too colorful to print), they did do a good job with this video.

The video shows exactly the direction in which I fear we are heading. I think it might shock even those in the "I have nothing to hide, so lets repeal the 4th and 5th Amendments to make us all safer" crowd. You know the type of person that I am talking about.

As silly as the video may seem, it simply shows the logical outcome of several trends that we are following today. Everyone from the government to corporations are tossing aside privacy in the name of convenience and security. The movie might be funny and creepy today. Ten or fifteen years from now, it won't be so funny.

Do not bother with the "Take Action" link in the movie. The link goes to a letter the ACLU wanted people to send to Congress last year, when the "Real ID Act" was being debated. Real ID was passed and soon will be real law.

The only way to prevent the creation of the world portrayed in that movie is stop being complacent and apathetic towards violations of privacy. The politicians and corporations who want to strip away privacy are worrisome, of course. However, they are not the largest danger.

The most dangerous people are those who say "I have nothing to hide". I have written about these misguided people before. Having no real point to make in an argument for or against privacy, they simply change the subject. "I have nothing to hide" is not an argument; it is an implication that someone wanting privacy does have something to hide.

The question is not about whether or not there is something worth hiding. The question is whether or not someone's desire to snoop into my life is more important than my right to keep those details to myself.

Permalink | Top

Last week, I wrote about companies firing people for things they do while off duty. In one of my examples, a company in Germany fired an employee after a private detective took pictures of him smoking a cigarette in his back yard. As it turns out, they had a legitimate reason after all for firing the man.

A few readers wrote and pointed out something that was omitted in the articles that I read on the story. This particular man had signed onto an employee bonus plan. The company pays a bonus to employees for not smoking. By continuing to smoke, the man was defrauding his company, thus he was canned.

Whoops. Bad example. You there, in Berlin, put down that pitchfork!

Maybe I should use this as an example instead? There can be no doubt that you are doing something wrong when an anti-tobacco lobbying group condemns you for firing a smoker.

The other two examples that I used last week are still valid. A Budweiser distributor fired a man for drinking a Coors in a bar. A Miller distributor fired a man for drinking a Bud during a town event. No word yet on whether or not The New York Times will fire reporters caught with a copy of The Washington Post (kidding).

My point is still valid also, despite the one bad example that I used. You really do need to discuss the situation with your labor union reps, if you are part of a union. The companies that employ us are not dictatorial nation-states. They should not be permitted to punish workers for things they do while off duty, things that are of no concern to the company.

Permalink | Top

I give up on predicting which stories cause my inbox to fill up with mail.

I can write an article that breathes fire and rains down brimstone upon some poor sod who ticks me off and never see a single letter about it. Or I can write a short, inoffensive article about nothing important and a flood of email arrives within hours.

Last week, I ranted about the volume on my computer. Something on this computer alters the WAVE volume setting every so often. I don't know what is responsible and it drives me nuts.

Dozens of emails came in about that short piece. At least fifty people wrote to say that the same thing happens to them and that it drives them just as crazy as it does me. Of course, I *did* ask for help, but only two of the emails offered a possible solution.

One of the chat room regulars, the guy who wrote About:Buster and other programs, wrote a little program for me. It is called WaveReset and it does exactly what I was looking for. It locks the WAVE volume level and optionally pops up an alert, if something tries to tamper with it.

My little volume problem is solved now. My WAVE volume is locked at exactly the level I want and cannot be altered while WaveReset is running, except from within WaveReset. I still haven't caught the program responsible for changing the setting. I originally thought it was Windows Media Player, but that program hasn't set off an alarm yet. Maybe it knows that I'm watching it now?

Another short piece that generated an unbelievable amount of mail was The Ten Net Commandments, from two weeks ago.

In all honesty, I could find nothing worth writing about that week, which is why that particular newsletter was so short. I stuck in the "Commandments" bit as nothing more than filler. To my surprise, it was a big hit. To anyone who wants to post it somewhere, please go ahead.

"The Ten Net Commandments" prompted amusing discussions on several message boards. It also inspired some hilarious songwriting. "The twelve e-mails of Christmas!" is written by Kirstin; the unnamed song is written by Corrine.

By Kirstin:

The twelve e-mails of Christmas!

On the first day of Christmas my e-mail sent to me;
A virus for my PC.

On the second day of Christmas my e-mail sent to me;
Two Sasser Worms, and a virus for my PC.

On the third day of Christmas my e-mail sent to me;
Three search bars, two Sasser Worms and a virus for my PC.

On the fourth day of Christmas my e-mail sent to me;
Four Trojan horses, three search bars, two Sasser Worms and a virus for my PC.

On the fifth day of Christmas my e-mail sent to me;
Cool Web Search, four Trojan horses, three search bars, two Sasser Worms and a virus for my PC.

On the sixth day of Christmas my e-mail sent to me;
Six WinTools, Cool Web Search, four Trojan horses, three search bars, two Sasser Worms and a virus for my PC.

On the seventh day of Christmas my e-mail sent to me;
Seven rootkits, six WinTools, Cool Web Search, four Trojan horses, three search bars, two Sasser Worms and a virus for my PC.

On the eighth day of Christmas my e-mail sent to me;
Eight Smitfrauds, seven rootkits, six WinTools, Cool Web Search, four Trojan horses, three search bars, two Sasser Worms and a virus for my PC.

On the ninth day of Christmas my e-mail sent to me;
Nine Qoologics, eight Smitfrauds, seven rootkits, six WinTools, Cool Web Search, four Trojan horses, three search bars, two Sasser Worms and a virus for my PC.

On the tenth day of Christmas my e-mail sent to me;
Ten BHOs, nine Qoologics, eight Smitfrauds, seven rootkits, six WinTools, Cool Web Search, four Trojan horses, three search bars, two Sasser Worms and a virus for my PC.

On the eleventh day of Christmas my e-mail sent to me;
Eleven peper files, ten BHOs, nine Qoologics, eight Smitfrauds, seven rootkits, six WinTools, Cool Web Search, four Trojan horses, three search bars, two Sasser Worms and a virus for my PC.

On the twelfth day of Christmas my e-mail sent to me;
A link to http://forums.spywareinfo.com

By Corrine:

On the first day of Christmas my true love sent to me:
A computer underneath the tree!

On the second day of Christmas my true love sent to me:
Two tracking cookies, And a computer underneath the tree!

On the third day of Christmas my true love sent to me:
Three adware programs - Two tracking cookies, And a computer underneath the tree!

On the fourth day of Christmas my true love sent to me:
Four phising emails, Three adware programs, Two tracking cookies, And a computer underneath the tree!

On the fifth day of Christmas my true love sent to me:
Five chain letters, Four phising emails, Three adware programs, Two tracking cookies, And a computer underneath the tree!

On the sixth day of Christmas my true love sent to me:
Six popups popping, Five chain letters, Four phising emails, Three adware programs, Two tracking cookies, And a computer underneath the tree!

On the seventh day of Christmas my true love sent to me:
Seven browser hijacks, Six popups popping, Five chain letters, Four phising emails, Three adware programs, Two tracking cookies, And a computer underneath the tree!

On the eighth day of Christmas my true love sent to me:
Eight working trojans, Seven browser hijacks, Six popups popping, Five chain letters, Four phising emails, Three adware programs, Two tracking cookies, And a computer underneath the tree!

On the ninth day of Christmas my true love sent to me:
Nine dialers dialing, Eight working trojans, Seven browser hijacks, Six popups popping, Five chain letters, Four phising emails, Three adware programs, Two tracking cookies, And a computer underneath the tree!

On the tenth day of Christmas my true love sent to me:
Ten hackers a hacking, Nine dialers dialing, Eight working trojans, Seven browser hijacks, Six popups popping, Five chain letters, Four phising emails, Three adware programs, Two tracking cookies, And a computer underneath the tree!

On the eleventh day of Christmas my true love sent to me:
Eleven crackers cracking, Ten hackers a hacking, Nine dialers dialing, Eight working trojans, Seven browser hijacks, Six popups popping, Five chain letters, Four phising emails, Three adware programs, Two tracking cookies, And a computer underneath the tree!

On the twelfth day of Christmas my X-love sent to me:
Twelve Microsoft updates, Eleven crackers cracking, Ten hackers a hacking, Nine dialers dialing, Eight working trojans, Seven browser hijacks, Six popups popping, Five chain letters, Four phising emails, Three adware programs, Two tracking cookies, AND A COMPUTER UNDERNEATH THE TREE!

Permalink | Top

SpywareInfo has a new(ish) feature, listing news headlines relevant to spyware, privacy and safely using the computer. There is a saying that "all politics are local". It seems that this also applies to the internet. It is a close community in that problems can spread from anywhere. If you see a local story that you think deserves attention, please let us know. Use this mail form, tell us some details and we will follow the story.

The Spywareinfo News section will take a short break over the holidays. The last news posting will be Friday evening - December 23rd. The postings will resume at noon Monday - December 26th. Of course, if there are any urgent news stories, there will be posting. However, we hope that this is a peaceful holiday for all. And from my small corner of the internet and from Mike's opposite coast time zone, we wish you a safe and Merry Christmas.

~ Catherine and Mike

Permalink | Top

Running SpywareInfo has become an expensive thing to do. We are using three separate servers to display the site and to protect it from denial of service attacks. This is not a cheap web site to host.

If you would like to help with the costs, there are three options. There is PayPal for those who have a Paypal account or don't mind signing up for one (it is free).

There is a snail mail address if you do not like Paypal or have no means of sending money online. Please make sure to make checks (in US Dollars) or money orders (in American currency) out to James Healan and not Mike Healan so I am not hassled at the bank. Please note that contributions to SpywareInfo are not tax deductible.

The address is:
James Healan
PO Box 71
Vidalia, GA USA 30475

Thank you very much for your contributions.

You can also purchase t-shirts, hats, bumper stickers and other items from our CafePress storefront. We'll have more designs to offer soon.