Companies struggle to keep pace with spyware

Learn to Remove Spyware With Free and Available Programs! Click me

By TETSUYA KUMAGAI and ATSUHIKO HAYASHI

It lurks in software, music files, screen-savers and even ordinary mail. It's proved a scourge for financial institutions, but even these cash-rich companies are apparently at a loss on how to create a watertight defense.

Spyware, malicious software that takes surreptitious control of a computer and transmits sensitive data to thieves, is spreading in Japan.

And experts say the worst has yet to come.

"An estimated 160,000 kinds of spyware are circulating in the United States and causing serious problems. But programs are available there designed to target spyware and remove it," said an official at Computer Associates International, Inc., a maker of anti-spyware and anti-virus software.

"Japan, too, needs to take precautions before we get hit hard," the official said.

Spyware is hidden inside laptops or desktops and is designed to stealthily record keystrokes, passwords or tracking browsing habits.

In a typical spyware case in June, a customer complaint was e-mailed to a Kawasaki-based jewelry and gemstone dealer.

The message said: "I bought one of your products, but it was defective." A photo file was attached to show the problem merchandise.

When an employee clicked on the attached file, he saw only a blank screen. The employee shrugged, and went on with his work.

A few days later, 216,000 yen was secretly withdrawn from the company's account at Japan Net Bank, an online bank, and transferred to an unrelated account.

Police determined that a malicious spyware program called a keylogger, which records keystrokes, was installed automatically when the worker opened the photo file.

When the employee typed in his user ID and password for Internet trading operations, the keylogger recorded the data and transmitted it to a hacker's computer.

The crook then logged on to Japan Net Bank using the stolen ID and password, and transferred the cash.

A 34-year-old man was indicted in the crime on charges of violating the law prohibiting unauthorized computer access and computer fraud. Cybercrime investigators are searching for a suspected accomplice, a 31-year-old who used to work for a computing company.

Police said the pair had transferred a total of 11.4 million yen to their own account from 10 personal and corporate accounts at four banks.

Officials of Tokyo's Metropolitan Police Department say the number of reports of such spyware crimes has risen since summer. Most of the cases involve money transferred from a computer user's bank account.

Banks and anti-spyware organizations are working hard to heighten security measures and educate computer users of the danger.

But the thieves are diversifying their methods to install spyware in computers.

And unlike computer viruses, which will replicate themselves and foul up computer operations, spyware can infect a system without any visible signs.

Many users are unaware their computers are infiltrated.

"In many cases, users install the spyware inadvertently when they download visuals and music from Web sites," said Kenichi Hanamura, a researcher of the Information-Technology Promotion Agency, Japan (IPA), an offshoot of the Ministry of Economy, Trade and Industry.

Several cases cropped up in October involving customers of regional banks who received free "Internet Security" CD-ROMs in the mail. The discs contained spying software.

Police suspect the two men in the Kawasaki jewelry case were behind these crimes, too.

Banks and financial institutions, which have been hit hard by online crime, are taking the lead in the fight against spyware, particularly keyloggers.

Mizuho Bank and Chiba Bank have recently changed the way customers log in. Instead of typing in a code, customers now click numbers displayed on their screen to enter their PIN code.

However, spyware creators appear to be one step ahead.

"From what we've seen recently, it seems there is a new type of spyware out there that captures an image of the entire screen and sends off the data in picture form," said IPA researcher Shinichiro Kagaya.

That means those mouse-clicked PINs are not safe on an infected machine.

On Nov. 30, several anti-spyware organizations, including Computer Associates International, sponsored an event in Tokyo to raise awareness about the spyware problem.

A 26-year-old living in Chiba Prefecture brought his computer to the event for a spyware scan. An especially disruptive program was discovered lurking on his machine.

The anti-spyware experts said he likely had downloaded it along with an image from the Internet.

"People who are heavy users of Internet banking and trading especially should take care," Kagaya warned. "They should start by updating their anti-spyware software."

The IPA's Web site at www.ipa.go.jp offers tips on preventing and dealing with spyware infections, such as:

・Install and regularly update anti-spyware software. Many computer security companies offer free online scans to check your machine for malware;

・Update your operating system regularly. Microsoft's Windows XP and other systems can advise when security updates are available;

・Be very cautious where you click. Learn to recognize threatening Web sites and suspicious e-mail. If in doubt, close open windows or popups by clicking the X in the upper-right corner. Clicking the "cancel" button could trigger the malware's installation;

・Back up important files and keep them separate from your computer.

The Computer Associates International site is at www.caj.co.jp/ .(IHT/Asahi: December 20,2005)

Top 10 tricks causing spyware epidemic

Learn to Remove Spyware With Free and Available Programs! Click me

Spyware tricks have become increasingly devious, making spyware and adware stick to machines longer, more difficult to remove and sometimes impossible to see with ordinary methods. In the spyware tricks series I wrote about seeing installations with multiple resuscitators, increasing numbers of randomly named files, even randomly named folders. Internet Explorer security settings are being changed by spyware and hosts files are being hijacked. We've recently seen installations of keyloggers and spam bots along with your garden variety of adware. Now add rootkits to that list. Let's look back at the top 10 tricks of 2005…

10. Spyware spread through Windows Media files as described by Ben Edelman, Eric Howes and Ed Bott in January. The Windows Media Player flaw that allowed the exploit involved DRM and has since been patched by Microsoft.

9. Adware companies hide their dirty work using rootkit technology, examples Enternet Media's Elitetoolbar and ContextPlus' Apropos and PeopleonPage.

8. Internet Explorer infected through Firefox as documented by Paperghost, aka Chris Boyd. This story stirred up quite a bit of controversy. The real culprit was a Java-based malware installer, which did, in fact, infect the machine while browsing with Firefox.

7. Direct Revenue unleashed Aurora, see Got Aurora? Nail.exe? for details and more here about the massive impact of the Aurora software, including a file named nail.exe, which kept spyware help forums and HijackThis experts busy for months and generated an unprecedented number of comments including threats of violence against Direct Revenue on my Spyware Warrior blog.

6. Spam bots, keyloggers, kiddie porn connect with major adware companies – 180solutions, Direct Revenue, SurfSidekick, BullsEye Network and ShopAtHomeSelect installed in conjunction with a spam zombie and rogue anti-spyware program, all of which started from a child porn site and were installed through an exploit as illustrated at SunbeltBLOG and Spyware Warrior.

5. Spazbox domain installs massive spyware/adware – using IRC as documented by Paperghost and Spyware Warrior (complete with video), dissected by Wayne Porter here and again here.

4. Anti-spyware spread by spyware and trojans, details here about super rogues PSGuard, Razespyware, SpySheriff, Spy Trooper, WorldAntiSpy and more recently SpyAxe here.

3. Direct Revenue adware distributed through BitTorrent, (or more aurora and nail.exe) exposed by Paperghost and told by eWeek.

2. AIM worm carries backdoor, rootkit and adware, found to be powered by world wide bot net with ties to the Middle East. See write up from CNET, Paperghost's analysis and FaceTime's press release.

And now, drum roll please, the top spyware trick of 2005…

1. Sony BMG infects users with DRM rootkit originally reported by Mark Russinovich at SysInternals. The fallout of this debacle continues with artists revolting and plenty of legal action against Sony BMG in the works.

New Vista may see Microsoft on the defensive

Learn to Remove Spyware With Free and Available Programs! Click me

By Sam Varghese
Comment
December 21, 2005

Late next year, Microsoft hopes to bring to market the next version of Windows, named Vista. The fact that Vista will include the company's anti-spyware application - now called Windows Defender - will make for interesting times.

The move is bound to raise questions about software bundling and unfair competition.

In October, Symantec, the biggest supplier of anti-virus software, reportedly complained to the European Union anti-trust officials about Microsoft's announcement of Microsoft Client Protection - an integrated anti-virus and anti-spyware product - which would be sold to business users.

Later Symantec said it had not complained but merely responded to questions from EU anti-trust authorities.

Defender, which was solely an anti-spyware application, is being beefed up to detect and remove other malware. It will run as a service, giving it lower-level access to the operating system.

Users will be able to disable these included security add-ons and run a third-party application if they wish - else the entire anti-virus industry could rise up in arms and accuse Microsoft of using monopolist power to destory the A-V industry.

The security software market is huge and Microsoft wants a piece of the pie. The irony of the situation is that 99 per cent of the malware and spyware that abounds only affects Windows.

Symantec is cagey about predicting what it will do next year when Vista is launched. The company's spokeswoman in Australia, Antionette Trovato, said: "We have always said that we will compete with Microsoft in the markets, not in the courts, as long as there is a level playing field. We have not filed a formal complaint with the European Commission."

Regarding the report of the complaint to the EU, Ms Trovato said: "At the time that the article appeared, Symantec in the US was making comments but going forward we have been advised to not provide any further comments apart from our statement."

It is understandable that Symantec does not want to rub Microsoft the wrong way. After all, Microsoft is a large part of the PC industry and is greatly feared.

Other A-V vendors are also keenly waiting to see what eventuates but none are prepared to say anything.

There have been similar scenarios in the past - with complaints over the integration of Internet Explorer, Media Player, Outlook Express, Messenger and Movie Maker into Windows.

The fight will be in Europe, not in the US as American anti-trust law is likely to favour the addition of features that help consumers, as long as it is done without the intention of creating a monopoly.

In the EU, Microsoft has already been forced to produce a version of Windows XP without Media Player, a version which has seen very little take-up. It will be interesting to see what view the EU takes over the integration of Defender.

Beware spyware!

Learn to Remove Spyware With Free and Available Programs! Click me

By JEREMY LOOME, EDMONTON SUN

Every day, the once-feared virus is becoming less a major problem and more an annoyance for computer users. But spyware is another matter entirely. Day 2 of the Sun's four-day look at computer security focuses on how to prevent this growing threat to your privacy and finances.

"Mrs. Smith" calls every two weeks, as punctual as the clock on her computer's desktop would be - if it worked.

Her machine has, as usual, ground to a halt. Rob Horncastle is used to the routine. "Every couple of weeks she gives us $90 and we come over, wipe her machine clean and start over," the personable service technician says from behind a bemused smile. "The amount she's spent on service in the last six months alone would've paid for a computer."

Horncastle works for the Geek Patrol, a mobile computer-repair service. When he arrives at Mrs. Smith's house, she'll have up to 20,000 viruses and malware items on her computer.

"She doesn't seem to care. She says if she sees something on the Internet she likes, she just downloads it. She knows we can fix the problem later."

EXPENSIVE HOBBY

It's an expensive hobby. By Horncastle's estimate of frequency, she'll spend $2,300 on repairs in the course of a year.

When asked if her infection level is uncommon, he shakes his head. "Nah. 10,000, 20,000. It's amazing what you see out there," Horncastle says, as he disinfects a frozen PC at the Spiritkeeper Youth Society offices, a downtown outreach agency. He pulls out a cell and dials a colleague.

"What's the number at now? 77,171? OK." He hangs up and is asked what's significant about the number. "That's the current record," he says.

Many personal websites won't be visited that many times in their lifetime. "What it comes down to," he says, "is that a lot of people treat their computer like their car. They just want to use it and forget it. And if something goes wrong, they call us just the same way that they'd call a mechanic."

When John Leishman started the company three years ago, he was banking on a niche market of unsophisticated users. What he hadn't counted on was that it was more norm than niche, and Geek Patrol has handled 30,000-plus service calls.

Most are for spyware, worms and viruses. Spyware includes items inserted on your machine to track activities. Viruses attack a computer's file structure disguised in files you download and open. Worms are self-replicating viruses that either use mail programs like Outlook to send themselves to other machines or infect your machine without even being downloaded deliberately, due to flaws in Windows security.

"The majority of the time, we find it's the kids doing it unwittingly through peer-to-peer file sharing," says Leishman. "It might be something innocuous but most of the time it's music. And they shouldn't be downloading free music."

Most of the problems stem from peer-to-peer programs such as BitTorrent, Morpheus, Limewire, DirectConnect and Kazaa. Even with a firewall and security in place, popular songs, videos and software are hazardous because they're the first items infected. Script kiddies - kids who've downloaded software to hack or alter viruses - hit them first because they're most popular and are being downloaded before the virus or virus-variant in question has been sniffed out and accounted for by security firms.

"The truth is that there isn't a single vendor out there who has a panacea for all of the potential problems," says Alfred Huger, director of product development with Symantec, the leading computer-security software company.

Leishman believes much of the problem could be alleviated if parents paid attention to what their kids are doing and limited use by keeping computers in widely accessed areas, such as the den or livin groom. Letting kids have their own computer in their own room is asking for trouble, he says.

Often, however, parents don't realize there's something wrong with the computer until it's running so many processes - Windows' name for programs in use - in the background that "it's like molasses in January," says Leishman. "And people just endure it until they can endure no more.

"If your kids are going to be on computer a lot, put it in public area where can see over their shoulder. They're your kids: they don't have a right to surf whatever they want.

"And the other thing you can do is TALK to your kids. Tell them what will happen if they go to porn sites or download shared files. Tell them the reasons why it's a bad idea and how it could lead to the computer not working."

Viruses and worms - once the most feared attacks on the Internet - are now usually the most innocuous. Spyware is a much greater threat, say security pros, because it's specifically designed to take advantage of people and not just to randomly shut down networks or cause havoc.

BORED TEENAGERS

Vermont-based security expert and writer Frank Thornton says viruses have become the domain of bored teenagers desperate for attention.

"As long as you are somewhat aware of the threat and keep up to date with Norton or McAfee, usually they're no big deal. There are some nasty ones out there and they're pretty destructive, but the majority aren't.

"And if there's a virus on your machine and Norton or whatever security you're using can't get rid of it, there are a lot of removal tools available online, most of which can be found for free."

Most infections are caused by carelessness on the part of users, he says. "From my experience it's people being idiots. There are a lot of adults that open attachments and don't take precautions. It's amazing. They follow the speed limit and buckle the belt every time they get in a car, but they'll open e-mail from anyone."

In his 30 years at the forefront of security and on the Internet, James Atkinson has developed a sour taste for script kiddies and hackers, whom he refers to as "usually kids who can't get a date." His company outside Boston focuses on preventing high-level corporate espionage.

"If someone is using technology to effect espionage, I hunt them," says Atkinson. "It's mostly corporate and a lot of government work."

In 2000, Atkinson's name briefly cropped up in headlines after he tracked down the Verdun, Que.-based hacker known online as Mafiaboy. Mafiaboy had used programs found online for denial-of-service attacks that shut down hundreds of major websites, including EBay, Dell and Amazon.com.

It took Atkinson just 15 minutes to figure out Mafiaboy's real identity, which is protected in Canada under provisions of the Youth Criminal Justice Act. After pleading out in court, the kid was sentenced to eight months in a youth detention centre in 2001.

"When some hacker who has just hacked a big bank or some corporate system is afraid his door is gonna get kicked in, it's because of me," he says. "I hunted Mafiaboy for sport. A lot of people out there think they can take their technical skill and parlay it into hacking, when they would be a lot better off to actually pursue getting into security. It's a lot more fun."

Atkinson figures the divide between the educated and uneducated hasn't increased over the years. "The overall population in each group has changed. There are just more people physically doing it. It's like somebody saying that there's been an enormous increase in traffic-related deaths over the last 100 years.

"If you choose to get on the Internet, you choose to make yourself vulnerable. We refer to it as the flu - if you travel around at this time of year, you may randomly catch the flu. If you're going to be on the Net, you will catch things and you will have people try to pick your pocket."

The inclusive nature of instant communication means even people who take the time to be secure will get hit, he notes. E-mail worms forwarded by someone you trust via Outlook would be one example.

"I've seen many cases where a corporate executive was very proud of himself because he put McAffee and Black Ice on his company's network and was absolutely sure that there was no way anything could happen.

"They get us on phone, we go in the same day or next and a third of their hard drive is porn. Someone has hacked in while one of them was staying at a hotel and loaded all but a sliver of their porn business onto their hard drives."

Mafiaboy was easy to find because he was "way too unskilled. He didn't attack a new vulnerability. He got access to a number of machines that were under very loose control and was an extraordinary braggart about it," says Atkinson.

"That indicated to me that he was someone in his teens, probably not even 18 . He was being a little juvenile delinquent, like the guy who burns someone's car and takes a picture of himself with it in before-and-after mode."

Atkinson's overall assessment of security threats is blunt and mirrors that of many users. "It comes from people who have a computer using an operating system or software that is sold by Microsoft and that is defective.

"It's all about money and it doesn't seem to matter any more who's wrong or right. It's about who has the deepest pockets. If attorneys general were as vigorous about software liability as, say, automobile liability, Microsoft would have complete recalls twice a week, regularly.''

Be Careful With Online Holiday Shopping

Learn to Remove Spyware With Free and Available Programs! Click me

Be Careful With Online Holiday Shopping
By ERIC J. SINROD
----

Thursday, Dec. 15, 2005

Yes, it is time to dig deep into your wallets and fork over some cash to spread mirth and merriment this holiday season by purchasing presents for your loved ones. And, if you have spent any time on the Internet (which is almost a certainty given that you are reading this piece), there could be no easier way to buy gifts than to do so online. So, what’s the rub? Well, if you do not take prudent steps, bad things potentially could happen to you. Keep reading.

Forrester Research predicts that online holiday shopping will increase a whopping 25% this year, with 2.5 million households making online purchases for the first time. Indeed, TRUSTe reports that 78% of Internet users in the United States will conduct some of their shopping online.

Of course, a greater number of online purchases translates to increased risk of a parade of horribles, including identity theft, viruses, phishing, worms and spyware. Fears related to this risk has led 40% of consumers not to make purchases from small online retailers, 22% not to make any online purchases, and 14% to substantially limit online spending, according to TRUSTe.

Perhaps these fears are well founded, as a survey by Consumer Reports indicates that Internet users face a one-third chance of experiencing financial loss, computer damage or both due to viruses, spyware or hackers. These are fairly sobering statistics.

What is a would-be holiday online shopper to do? Bottom line – be smart and try to abide by the following practical tips recommended by the CEO a company called Sereniti, Inc.:

• Print copies of all online receipts so that they can be checked against credit card bills.
• Print copies of all guarantees and warranties.
• Do not respond to emails asking customers for personal information. Businesses and financial institutions rarely reach out on their own seeking such information. It is better to contact a business directly on your own.
• Online retailers that display TRUSTe and Better Business Bureau seals likely are to be trusted to safeguard personal information.
• Note whether Web sites begin with “https” instead of “http” in the browser area and whether they display a padlock icon in the lower right hand border of the browser window, as this indicates secure encryption to protect customer identities.
• If possible, avoid providing social security numbers online.
• Make sure that online retailers have solid privacy polices that make clear that customer information will not be sold or transferred after a transaction occurs.