The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/aug8,2006.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is all commentary.

Permalink | Top

• Google Gives Warning For Dangerous Sites
• Webroot Window Washer
• Patch Tuesday
• Open Letter To Antispyware Makers
• Want To Shut Down A Phishing Site?
• The Computer Gods Hate Me

Permalink | Top

Google has made a welcomed change to their search engine. Visitors now are taken to a special warning page, when and if they click on a search result that leads to a malware-infested web site.

According to recent studies, many of the leading search results for certain phrases on popular search engines lead directly to spyware hell. These sites will use ActiveX installers, exploit browser flaws or otherwise trick you into running a malware installer. Typically, these sorts of installers will download and install other malware, many of which do exactly the same thing.

Using a database gathered by StopBadware.org, Google now will redirect visitors to a page warning them that something nasty may be about to happen, if they click on a search result leading to one of these sites.

Warning - the site you are about to visit may harm your computer!

You can learn more about malware and how to protect yourself at StopBadware.org.

Suggestions:

Return to the previous page and pick another result.
• Try another search to find what you're looking for.

Or you can continue to [link here].

advisory provided by Google

Last year, MSN took a look at the various HOSTS files available on the web that list malicious web sites. They compared the web sites in those HOSTS files to their search engine's database and deleted them from the index.

I hope the other search engine companies are paying attention here (Yahoo? AOL? Hello??). If all of the major search engines will take similar steps to deal with malicious web sites found in their search results, it would go a long way toward preventing drive-by downloads.

I should mention that this sort of thing would have prevented me from ever becoming involved with spyware. Less than one week after hooking up my very first internet connection, I used Google to find a David Weber fan site.

I browsed through maybe a dozen fan sites that day. At one of them, a stowaway snuck onto my web browser, in the form of Comet Cursor. Let me tell you, I was MAD, although it wasn't nearly as bad as the sort of thing I might encounter these days. That, basically, is how I became an antispyware "zealot".

Permalink | Top

Program: Window Washer
Author: Webroot Software
Platform: Windows 98, ME, 2000, XP
License: $29.95 (Only $19.95 until August 15, 2006 when you use our special page)
Purchase: Click here to purchase

Window Washer is a very cool, very useful program. You could spend an hour rummaging through your computer deleting your browser cache, cookies, temp files, address bar history and even those nearly impossible to delete index.dat files. With Windows Washer, you don't have to waste all that time and energy. Window Washer makes doing these tasks quick and easy.

When I tested Window Washer for the first time, it cleared out an amazing 700MB worth of garbage files, most of it temporary files left over from programs that hadn't cleaned up after themselves. It deleted all of these files very quickly. Over the next year, it went on to delete over 10 GB of trash files through regular cleanings.

Window Washer also deleted the index.dat file in my browser cache, a file that Windows normally refuses to let you alter. It reduced it from 1.8MB all the way down to 32KB. There is an optional setting to clean out the browser cache, address bar history, cookies and other internet usage traces every time the browser is closed.

There is an option to overwrite "slack space". "Slack space" refers to areas of the hard drive that show as empty to the system, but might contain data that was deleted previously. Another option adds "bleach to the washing". That is Window Washer's way of saying that it overwrites data with gibberish several times to prevent data recovery programs from putting deleted files back together. The number of times it will overwrite these files can be configured to NSA (7 passes), DoD (3 passes), and Gutmann standards (35 passes). You can set it to whatever number you want.

If you have any problems with the ordering page, please email Catherine http://www.spywareinfo.com/email2.php. Anyone buying as a corporate customer and needing many copies of this program, please contact Catherine.

Permalink | Top

Reminder - This is Patch Tuesday. Go --> http://update.microsoft.com

Permalink | Top

To all makers of software that is designed to protect against spyware....

I believe the time has come for antispyware products to begin watching over Firefox, just as they watch over Internet Explorer.

Firefox has been downloaded two hundred million times since last November and has anywhere from 11% to 14% market share, depending on which report you read. Clearly, Firefox is starting to look like a juicy target for those who create drive-by downloaders.

At this moment, there are at least two email viruses going around that make alterations to Firefox. They install like any other email virus - when someone is dumb enough to run an email attachment - and then install a new extension into Firefox by editing configuration files. This allows those viruses to bypass the security features that forbid any web page to install an extension automatically.

Nearly every antispyware program available today watches for changes being made to Internet Explorer. BHOs, search settings, toolbar settings, start page settings, ActiveX objects - antispyware programs watch all of these things. Only a couple of programs watch for changes being made to Firefox.

I know, Firefox really doesn't need much protection - today. The example of the email virus is not a very good one, since that is an indirect attack. What about tomorrow? There have been Firefox security flaws in the past that would have allowed a drive-by malware installation. Sooner or later, there will be more.

What I propose is that antispyware programs start protecting the Firefox equivalent of everything that is protected in Internet Explorer. The search bar settings, the list of extensions, themes, plug-ins, start page settings and the user config files are all things that a malware may try to alter.

There is even an optional ActiveX plug-in for Firefox. In my opinion, using an ActiveX plug-in for a non-Internet Explorer browser is sort of like escaping from a burning building and then dousing yourself with gasoline to cool off. You're just begging for trouble. Still, the plug-in exists and it is one more thing to watch.

I am sure a few people are blinking pretty hard right now. Firefox is safe ... isn't it? Right now, yes. Firefox is designed to force open a user prompt for the installation of any new theme, extension or plug-in. However, there have been a few flaws in the past that, if they had been exploited, would have allowed software to be installed without warning.

Firefox has been downloaded 200 million times since November. The Mozilla Foundation is actively recruiting users away from Internet Explorer. It is no longer a fad for hard core computer geeks. The days when you could trust a Firefox user to have sense enough to not run an email attachment are over.

With so many people using this browser and more switching to it every day, those who create drive-by installers must be thinking of ways to infect it. As secure as it is from a direct, web-based attack, nearly all of Firefox's settings are stored in regular text files. If a malware can sneak onto the computer by indirect means, all of Firefox's security will be useless.

The people who create malware have become very clever. Sooner or later, more of them will look for ways to infect Firefox. Let's make sure antispyware products are ahead of the next wave of exploits. Let's block the indirect attacks now, before it becomes a common problem.

Permalink | Top

A few weeks ago, I sat in front of my computer, bored out of my mind. I had absolutely nothing to do. So, I decided to start digging into my email inbox to clear out the spam.

There were several phishing scams in there. Out of boredom, I looked at a few of them. It became obvious very quickly that these phishing sites actually were hacked web sites. One page was a hacked copy of phpBB, one was a hacked copy of Coppermine Image Gallery and another was a hacked copy of Squirrelmail.

I decided to email the owners of these web sites and tell them that someone had hacked them. All three were surprised and immediately deleted the offending pages from their sites. One guy managed to shut down his whole site 90 seconds after I pressed the "Send" button.

None of these people were aware that their web sites were hacked, before I emailed them. I wonder how many Paypal and eBay accounts I saved with those three emails?

It would be nice if everyone who received phishing emails would do that. Then again, who has time to track down the owner of every site being used for a phishing scam? The answer to that question is PIRT.

CastleCops and Sunbelt Software [have] announced a new anti-phishing community, the Phishing Incident Reporting and Termination (PIRT) Squad. This will be a community at CastleCops solely dedicated to taking down phishing sites. It’s the first public takedown community we know of, and we hope to start nailing these sites as quickly as possible. CastleCops thanks Sunbelt-Software in its press launch of PIRT. The tool has been written by CastleCops.

It is very simple to report a phishing scam to PIRT. You just copy the source of a phishing email or the link to the phishing site and paste it into a form on PIRT's web site. If that is too much trouble, you can just forward the phishing email to them. They will take care of the rest.

Permalink | Top

The computer gods must hate me. I have had two hard drives, one ethernet card and one laptop battery die on me in the past twenty months. Last year, Catherine bought an uninterruptible power supply (UPS) for my birthday. It was dead-on-arrival, so the company had to send another.

I bet you have guessed where this is going. Yes, something else has died on me. Seven things actually.

My computer started freezing on me last week. It wasn't an outright crash. It would just freeze up solid as a rock and force me to punch the power button. It happens without fail, within an hour of turning it on.

At first, I thought I had managed to break Linux. Then I realized it was happening to Windows as well. With some help, I eventually tracked it down to bad capacitors on the motherboard.

A capacitor is sort of like a battery. It stores a small electric charge. Like a battery, it needs an electrolyte, which is an acidic material. Evidently, some idiot company stole an electrolyte formula from another company years ago, got the formula WRONG, then sold their defective design to nearly every electronics maker in the world. You probably have several defective capacitors in your home right now.

When these capacitors begin to fail, they will expand and start to malfunction. Usually they just leak acid all over the place. On rare occasions, they will explode. You can read all about it at badcaps.net.

Seven of the capacitors on my motherboard are bulging and one looks like it is leaking already (right next to my processor). Thankfully, no explosions yet. So, for the moment, my main PC is having an unscheduled vacation.

I am waiting for the delivery of a replacement motherboard, so that I can use the PC again. I hate having to replace any components in that computer, because I was planning to replace the whole thing soon. I was going to use it as a test machine.

I have its replacement picked out already. I just can't afford it right now. If anyone wants to help with that..... *hint* *hint*

Until I can fix that PC (or replace it), I am using my laptop as my main computer. Unfortunately, this thing is old and sloooooow. If I try to do too many things at once, the 700MHz Pentium III just can't keep up with me. It is unbelievably annoying. I guess I've been spoiled by the 2,000MHz Athlon in my PC.

What this means, of course, is that I cannot do any testing of any kind. Updates to that list of file sharing programs is suspended for now. It takes 15 seconds just to open a text editor. I don't want to imagine trying to run Windows XP inside of VMware on this thing.

If the computer gods will lay off me for a while, I will be back on the main PC by next week and will be able to resume all of my testing. Hopefully, I won't break anything while replacing the motherboard. When it comes to computer hardware, I am as clueless as any noob.

Permalink | Top

Check out FlyingHamster.com for the latest news headlines relevant to spyware, privacy and safely using the computer.

There is a saying that "all politics are local". It seems that this also applies to the internet. It is a close community in that problems can spread from anywhere. If you see a local story that you think deserves attention, please let us know. Use this mail form, tell us some details and we will follow the story.

FlyingHamster is updated every day - and several times during the day and night. It is updated continually, even on the weekends. We hope it will keep you informed on a daily basis - and keep your internet time a bit safer. As soon as I can get around to it, I will add FlyingHamster's RSS feed to SpywareInfo.

FlyingHamster belongs to my partner, Catherine. It is a free service, supported in the same way as SpywareInfo, by offering high-quality software at a discount. This week, FlyingHamster has a discount on Firetrust Mailwasher. Go check it out.

Running SpywareInfo has become an expensive thing to do. We are using three separate servers to display the site and to protect it from denial of service attacks. This is not a cheap web site to host.

If you would like to help with the costs, there are two options. There is PayPal for those who have a Paypal account or don't mind signing up for one (it is free).

Thank you very much for your contributions.

You can also purchase t-shirts, hats, bumper stickers and other items from our CafePress storefront .