1/30/2006

Internet brain trust aims to shame spyware makers

Learn to Remove Spyware With Free and Available Programs! Click me

Internet researchers at Harvard and Oxford universities said on Tuesday they are seeking to enlist Web users in a program to name and shame suppliers of spyware and other malicious software programs.

The Stop Badware Coalition will seek to spotlight companies that make millions of dollars by tricking Web users into putting spyware, adware or other deceptive software on their machines, organizers from the Berkman Center for Internet & Society at Harvard and the Oxford Internet Institute said.

The multi-year project is financially backed by Google Inc. (GOOG.0) and computer makers Lenovo Group and Sun Microsystems Inc. It is advised by US consumer advocacy group Consumer Reports WebWatch, its backers said. “This is mostly a highlighting and warning and education project,” said Vint Cerf, one of the pioneers of the Internet who now holds the title of chief Internet evangelist at Google. Cerf is serving on the advisory board of StopBadware.org.

The coalition aims to solicit reports of malicious software from Web users through its site at http://www.StopBadware.org. Then it will issue reports naming offending products and companies in an effort to educate consumers. Over time, project organizers said they hope to team up with commercial security software makers to create automated tools to block “badware.”

These tactics seek to go beyond lawsuits and efforts to work with regulators to use the power of publicity to expose what organizers say are the unethical practices of aggressive marketers such as Claria and 180solutions. These companies have been widely criticized for spreading software that installs incessant pop-up advertisements on PCs. “Badware” is a new, catch-all term that refers not just to spyware but to a broader class of malicious software, which once installed on a computer can open the door to viruses, worms, Trojan horses and other forms of computer attack.

One in six respondents to a survey by Consumer Reports complained they had been a victim of so-called badware in 2003-04, spending $250, on average, to repair computer damage, or around $3.5 billion in total. Organizers declined to immediately identify specific targets, saying they would issue monthly reports of their findings that name specific companies and provide consumers with tips for how to fix problems created by the programs. “We do have companies in mind but we are not going to name names off the bat,” said John Palfrey, co-director of the Stop Badware Coalition and director of Harvard Law School’s Berkman Center for Internet & Society. “The key message here is that we are putting every company on notice,” he said. “These are companies that operate in the shadows,” said Beau Brendler, director of Consumer Reports WebWatch. “Some of these companies are trying to come forward and have initial public offerings.”

The StopBadware Web site will allow Internet users to check to see if software programs they want to download from the Web are infected with badware and allow site contributors to alert others to malicious programs they have encountered.

The Stop Badware coalition is similar in certain ways to the Urban Legends hoax education site at Snopes.com, Cerf said. reuters

Local man cited in spyware suit

Learn to Remove Spyware With Free and Available Programs! Click me


PORTSMOUTH - The state of Washington and Microsoft Corp. is suing a city man on charges he used deceptive advertising tactics in selling a false anti-spyware program.

Seth Traub, of 909D State St., was named as a defendant in the lawsuit filed against the New York-based company, Secure Computer. The suit is considered a landmark case, as it is the first filed by the state under its new computer spyware act.

Washington Assistant Attorney General Katherine Tassi said Traub was an advertising affiliate for Secure Computer. He allegedly placed hyperlink ads on Google.com for the program "Spyware Cleaner" that misled consumers into believing it was a Microsoft product.

"The Consumer Protection Act prohibits selling false, misleading and deceptive products to computer users," Tassi said. "(Traub) made consumers believe it was a Microsoft product when it is not."

Microsoft has filed a similar civil lawsuit, she said. The suits are the result of parallel investigations by experts at Microsoft and the Washington attorney general.

Traub faces a penalty of up to $2,000 per violation, according to Tassi. She said each advertisement made could be considered a violation.

"At this point, we don’t know the amount," she said.

A call placed to Traub’s home for comment was not returned by press time.

The suit, filed Jan. 24 at U.S. District Court in Seattle, accuses Secure Computer of marketing software that falsely claims computers are infected with spyware and selling consumers programs that claim to remove it. The software actually renders the computers more susceptible to attacks.

The program was sold for $49.95 on several Web sites, including myspywarecleaner.com, myerrorfixer.com and checkforspyware.com, since 2004.

Spyware is any technology that aids in gathering information on a person or organization without his or her knowledge. The information is then relayed to advertisers or other interested parties. Spyware can get in a computer as a software virus or from installing a new program.

"Spyware Cleaner" was also advertised through pop-up ads displaying warnings that a consumer’s personal computer may be infected with harmful spyware and offer a "free scan" of the computer.

"Our investigation found that this so-called ‘free scan’ always detected spyware on a user’s computer, even if none existed," said Washington Attorney General Rob McKenna in a press release.

Consumers who purchased Spyware Cleaner are encouraged to file a complaint with the Washington attorney general’s office online at www.atg.wa.gov or call 1-800-551-4636 to request a complaint form.

Commentary: Deleting cookies won't help against spyware, adware

Learn to Remove Spyware With Free and Available Programs! Click me

Palm Beach Post-Cox News Service

Monday, January 30, 2006

Question: Why clutter a computer with adware and spyware? Each evening before shutting down, I delete all the cookies stored in my browser. I use a firewall and antivirus software. This procedure takes less time than using those two products. Granted, it takes away acceptable cookies, but they are replaced. —Tom Jordan

Answer: Deleting the cookies doesn't do a thing when it comes to spyware and adware. So you're not protecting your computer.

Besides, cookies got a bad rap years ago when they first came on the scene. I wish controlling spyware and adware were as simple as deleting cookies. You need to use a special program, as is true with fighting hackers and viruses, to tackle the problem.

I consistently recommend one of two free programs: SpyBot Search & Destroy or Ad-Aware. You can download either at www.download.com.

Now, more about cookies: Some hacker and porno sites can be dangerous when it comes to cookies. If you stay away from places like that, cookies from most mainstream sites should not be a concern.

A cookie is a tiny text file that lets a Web site identify you on your next visit. So the cookie makes it possible to — for instance — customize the Weather Channel's opening page at www.weather.com to give you the temperature in your old hometown each time you log on. Once you've customized the site, the cookie lets the site pull up the correct page just for you.

Question: Having heard and read the admonitions to be careful about what to do to avoid e-mail spam, I wonder whether there is there a list or source that does enumerate those specific spots on the screen on which not to click in order not to expose the e-mail address to a spammer?

—Fred Lutz

Answer: It isn't a case of finding the right spots on the screen. Clicking or not clicking on some spot won't make any difference. However, there are ways to at least minimize the amount of spam you get. Here's a list of tips:

•Avoid listing your e-mail address on Web pages. Spammers use software that harvests addresses.

If you must use your e-mail address on the Web, avoid using the AT symbol — it's what spamming software looks for. Type an address this way — bill(at)spamstory.com — on a Web page.

•Get a free e-mail account at Yahoo (www.yahoo.com) or Hotmail (www.hotmail.com). Use it to order merchandise or leave public comments. You'll still get spam, but most of it will go to the free account.

•Never answer a spam e-mail. Don't order, don't write to complain, don't use the link that offers to remove your name from mailings. Answering proves the e-mail account is active and may generate more spam.

•If you participate in online contests or fill in registration forms on the Web, use your free account.

•If your Internet provider offers free anti-spam software or services, use them.

•Don't check that box: When you sign up at a Web page, look for text toward the end of the form that says something like: "Yes, I want to be contacted by select third parties concerning products I might be interested in." If the box has already been checked, remove the check mark.

•If you receive a spam offer that sounds too good to be true, it almost certainly is.

Google Toolbar Gets Personal; Users Can Now Customize their Search Experience with Latest Version of Google Toolbar

Learn to Remove Spyware With Free and Available Programs! Click me


MOUNTAIN VIEW, Calif., Jan 30, 2006 (BUSINESS WIRE) -- Google Inc. (GOOG) today announced the latest version of Google Toolbar and a new Google Toolbar for Enterprise. The new beta versions of Google Toolbar for Internet Explorer are open and customizable, with new features that enable users to customize their search experience and share information with friends.

Google Toolbar was designed to make the Internet easier to use and help people find the information they are looking for as quickly and easily as possible. The new versions of Google Toolbar now offer customizable buttons, online bookmarks, enhanced search features, new sharing capabilities, and an open API. Google Toolbar for Enterprise beta also includes administration and control for business environments.

"Now we're putting the tools of innovation in the hands of our users," said Marissa Mayer, VP of search products and user experience at Google. "We've opened up the Google Toolbar to enable them to create their own features and customize their search experience."

Users can now personalize their Toolbar through the addition of Custom Buttons. Custom Buttons enable users to run search queries directly on any website, receive alerts, and subscribe to feeds, right from their Toolbar. For example, news enthusiasts can now add Custom Buttons to search all their favorite news and see top news stories directly from their Toolbar, putting the information they need at their finger tips, right when they want it.

Google offers users three ways to get Custom Buttons. They can create their own by simply right clicking the search box on any website and selecting "Generate Custom Search". They can install a Toolbar button offered on one of their favorite websites. Or, they can select ready made buttons from Google's new Button Gallery. Currently, more than 50 buttons are available, including a variety of Custom Buttons for popular websites. The Button Gallery will display new third-party Custom Buttons as they are created. A simple XML API is now available for content publishers to create more advanced Custom Buttons for their sites.

The new version of Google Toolbar also enables users to create, label and manage bookmarks for their favorite sites with a single click. Bookmarks are now saved to a user's Google Account making them accessible from any computer. For example, if a user bookmarks an interesting news article at work that they want to read later, they can now easily access it from their home computer.

Additional product enhancements include expanded search functionality that offer users helpful query suggestions and spelling corrections as they type in the search box. Enhanced sharing capabilities allow users to easily send and share web page content via Gmail, SMS, or a blog by selecting the section of page they want to share and clicking the new "Send To" button.

With this release, Google is also offering a new version of the Toolbar for enterprise environments. Google Toolbar for Enterprise beta includes all the new functionality of Google Toolbar, offering the same level of personalization and customization to corporate users. In addition, Google Toolbar for Enterprise includes group policy for administrative control of features, as well as Microsoft System Installer for easy corporate deployment. For example, an enterprise could distribute customized Toolbars to their users pre-loaded with Custom Buttons for Intranet sites, employee directories, and frequently used information sources.

The beta versions of Google Toolbar for Internet Explorer and Google Toolbar for Enterprise for Internet Explorer are currently available in English and will be offered globally in more than 16 languages by the end of the quarter. Both versions of Google Toolbar run on Windows XP and support Internet Explorer 6.0 and higher. More information on the new versions of Google Toolbar is available at http://toolbar.google.com/T4/.

About Google Inc.

Google's innovative search technologies connect millions of people around the world with information every day. Founded in 1998 by Stanford Ph.D. students Larry Page and Sergey Brin, Google today is a top web property in all major global markets. Google's targeted advertising program provides businesses of all sizes with measurable results, while enhancing the overall web experience for users. Google is headquartered in Silicon Valley with offices throughout the Americas, Europe, and Asia. For more information, visit www.google.com.

Google is a registered trademark of Google Inc. All other company and product names may be trademarks of the respective companies with which they are associated.

SOURCE: Google Inc.

1/29/2006

Google to combat spyware

January 28, 2006, 7:24 PM EST

Though it was overshadowed last week by news that Google is going to censor its Chinese search engine and protect the privacy of pedophiles in the United States, another bit of Googlish news caught my eye: The company is funding a big, new academic effort at Harvard and Cambridge to combat spyware and adware, which the new organization has decided to call "badware." Read about it at the new Web site, stopbadware.org.

According to the site, "StopBadware.org is a 'Neighborhood Watch' campaign aimed at fighting badware." It says the organization "will seek to provide reliable, objective information about downloadable applications in order to help consumers make better choices about what they download onto their computers. We aim to become a central clearinghouse for research on badware and the bad actors who spread it, and become a focal point for developing collaborative, community-minded approaches to stopping badware."

Well, that's cool. Except, at this point, there's absolutely no useful information about badware on the site. You'd think with all their funding from Google, along with Levono (the IBM PC division before it was bought by the Chinese government) and Sun (which just signed a deal with China to provide its version of Linux as the official operating system of the People's Republic) they might have scared up a couple of utilities or even some useful links for end-users: You know, links to the guys who actually are doing something about the problem.

In fact, there's actually some less-than-useful information on the site. It uses Google Groups for its discussion board, which in turn leads to the usual context-sensitive Google ads, including some for anti-spyware. We found one ad for a program that was rather notorious a while back for scaring people into buying it by using a free scan to create false positives. Though the company says it has cleaned up its act, it managed to find a gazillion cookies on my PC -- immediately after I'd deleted all of them. Hmm.

Well, enough complaining. We're in the solutions business here, and this latest Google caper raises the question: Where DO you go for anti-spyware advice? One of the big problems, of course, is that the bad guys do their best to spoof Google, so on any given day, you may search "antispyware" and find yourself smack in the middle of a site that looks legit, but is actually hawking its own nonsolutions -- some of which not only don't work but actually plant spyware on your PC.

Here's where to begin educating yourself. Start at the Wikipedia entry on spyware (en.wikipedia. org/wiki/spyware), a wonderful example of how the Internet can enable dozens of ordinary folks to collaborate to produce stellar and concise reports that would cost your average think tank millions of dollars to prepare. The site is pretty close to state of the art on how spyware works, what the legal and political issues are, how it affects legitimate businesses and what you can do about it.

A good companion piece chronicles the adventures of Merijn Belkom (merijn.org), a Dutch student who has spent most of his free time for the past few years battling a particularly evil genre of spyware known as Cool Web Search. In response, Merijn wrote two programs: Cwshredder, a sort of antibody that specifically targets Cool Web Search, and HijackThis. The latter is a general-purpose troubleshooting program that the real experts can use to determine whether some unknown rogue process is running on a PC. Those and a number of other useful programs he's written can be downloaded from his site.

Why would you want a program for "real experts" if you're not one? Fact is, there's a handful of forums where the anti-spyware illuminati get together with amateurs like you to figure out what the heck is gumming up your computer. Normally you'd first try to clean up your PC with Ad-Aware or Microsoft Antispyware or Spybot, which we mentioned last week; when all else fails, run HijackThis to reveal all active processes. You then post the log, and the pros try to pick it apart.

My favorite forum for this kind of help is Spywareinfo.com, which includes a fair amount of breaking news on the spyware front. It also has links to free utilities, along with some for-fee ones. The site accepts advertising, so it may not meet everyone's standard of purity, but it has a good reputation for screening out the bad guys.

CEXX.org (Counterexploitation) also has excellent forums, is ad free and somewhat broader than Spywareinfo, with links to the anti-spam community.

Spywarewarrior.com also has an active forum community, but what I really like is that it hosts probably the best single listing of "rogue" anti-spyware products, of which there are literally dozens. Some simply don't work; some install spyware themselves, and most issue bogus false positives in their free incarnation, then try to get you to pay for the full version to remove the spyware that wasn't there in the first place. Spywarewarrior also has an extensive testing page comparing virtually all anti-spyware products.

We'll cut to the chase here: There's no one product that detects all forms of spyware, though the two best ones are free -- Ad-Aware (lavasoftusa.com/software/adaware/) and Microsoft Antispyware Beta. Throw in Spybot Search and Destroy (safer-networking.org), also free (and ranked No. 7), and you're pretty well covered. And all those sites have scads of useful information.

I'm particularly fond of the lone wolf of coding, Patrick Koalla at Spybot, who is utterly fearless about taking on any and all comers, including most recently Apple, whom he suspects of promoting spyware with iTunes. Somehow I doubt he's going to get corporate funding anytime soon.

Copyright 2006 Newsday Inc.

Reveal Your Spyware Nightmare, Save Countless PC Owners

Learn to Remove Spyware With Free and Available Programs! Click me

Published: Jan 30, 2006

It's probably happened to you or someone you know: Without warning, your computer slows to a crawl, becomes prone to crashing and is inundated with pop-up ads.

The culprit: Hidden, malicious software that snoops on your Internet travels, secretly gathering information companies use to target you with ads for products they think you'll buy.

Spyware and adware is easy to pick up but can be nearly impossible for all but the most tech-savvy users to remove.

Even computer professionals struggle to kill the most virulent strains. Just when it appears the infection is gone, it reappears. No wonder consumers spend billions annually to fix problems created by spyware.

So how does a computer become infected? The malware may come hidden in other programs you download from the Internet or it may be secretly installed on your PC when you visit malicious Web sites or play online games.

Nearly 60 million Americans have malicious software on their computers, according to the Pew Internet & American Life Project.

A Software Must

If you're not using an antispyware program, you should. There are many free and commercial packages from which to choose. Among the better free solutions are Microsoft AntiSpyware Beta, Lavasoft's Ad-Aware and Spybot Search & Destroy.

The reason for the proliferation of spyware is simple: There's big money in it for the creeps taking over your computer for their own gain.

By collecting and selling personal information, showing advertisements, and tracking user activity, companies can claim a piece of the $2-billion-a-year industry.

Every time you click on a pop-up from a spyware application, or a company sells information about your browsing habits, they make a profit. The more computers infected, the more money a distributor can make.

Bad Publicity

StopBadware.org, led by Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute, is a promising new initiative aimed at helping people fight back against what organizers are calling "badware."

The site will spotlight companies making millions by tricking Internet users into downloading malicious spyware, adware and malware.

Organizers hope shining a spotlight on badware distributors will deter them from spreading more of the stuff. Unlikely, considered the amount of money involved, but educating people about spyware should at least make it more difficult for these viral marketers to ply their trade.

The effort is being underwritten by Google, Lenovo, Sun Microsystems and other tech companies who understand their futures are dependent upon people having positive Internet experiences.

Here is how the initiative will work:

StopBadware.org will publish short user friendly reports on downloads it has identified as badware, as well as more detailed academic studies on the problem of badware.

The site will publicize the names of companies that make up the most insidious purveyors of badware and shed light on how they make money through unethical marketing practices.

StopBadware.org will solicit horror stories from Internet users who have been adversely affected by badware, then publish those stories to raise awareness of the problem.

Top 10 Sources

Finding the best of the Web can be a lot like looking for the needle in the proverbial haystack. That's where TopTenSources.com comes in.

The site publishes a daily Top 10 list of the best newsfeeds on the Internet. Each day, site editors pick a topic and comb the Net for the 10 best sources of information.

The lists are archived and periodically updated to keep them fresh.

The topic directory spans everything from venture capital and philosophy to "The Simpsons" and podcasting.

New York firm sued for selling phoney anti-spyware software

Learn to Remove Spyware With Free and Available Programs! Click me

Saturday, January 28, 2006 at 14:13 by Rich Kavanagh
A New York company which claimed to help clean spyware off personal computers has been accused of spamming and using other nefarious and deceptive marketing practices to promote its software.

Washington's Attorney General Rob McKenna has filed a law suit against Secure Computer LLC of White Plains, New York, alleging that the company's anti-spyware software falsely claims that computers are infected in an attempt to encourage computer users to pay $49.95 for a fully-working version. According to the suit, the Spyware Cleaner does not remove spyware from the PC, but rather modifies settings on the computer.

The law suit claims that some of the emails sent pretended to come from MSN Member Services with the subject line "Special Security Alert for MSN Members", giving the false impression that the emails were being sent by Microsoft security personnel. Other warnings are alleged to have been sent to computers running Windows Messenger, to force a pop-up message to appear on recipients' machines, posing as a message from the Windows operating system.

Named in the suit are Secure Computer President Paul Burke and Gary Preston, registered owner of web sites used to promote Spyware Cleaner. Burke and Preston are said to have made more than $100,000 by selling the software through affiliates.

Graham Cluley, senior technology consultant for Sophos said,

"Computer users fear spyware on their computers, so to receive a warning that malicious spyware has been identified might easily lead someone to purchasing cleaning software. For anyone to prey on those fears and resort to displaying bogus detection messages, or promoting their products through spam, is simply despicable."

Other defendants alleged to be affiliate advertisers of Spyware Cleaner, and said to have advertised the product through spam email, messages, and Google adverts, have been named as Manoj Kumar, Zhijian Chen, and Seth T Traub.


A new Windows Defender in the works

Learn to Remove Spyware With Free and Available Programs! Click me

Last week, Microsoft announced a Beta 2 of Windows Defender that is planned to run on Windows XP, Windows 2000, Windows Server 2003, and both client and server versions of Windows Vista. The new beta will also ship with the following features:

  • Integration with Outlook
  • A completely redesigned user interface
  • Automatic updates to the scanning engine and definition files

Unlike Beta 1 of Windows Defender, which was a rebranded version of Giant Company Software's anti-spyware product, Beta 2 will receive the "Microsoft touch" with a new user interface and more integration into the Windows operating system. Vista's version of Windows Defender has been specially designed to use User Access Protection: a feature that is intended to prevent lesser privileged users from inadvertently installing software.

Windows Defender Beta 2 will continue to be freely available for download to any Windows systems passing the Genuine Advantage test.

Japanese Spyware Developer Busted

Learn to Remove Spyware With Free and Available Programs! Click me

Authorities arrested Atsushi Takewaka, 31, on suspicion of stealing Internet bank account passwords and using them to raid money from online bank accounts totaling into the millions of yen.

Investigators say Takewaka along with Kiichi Hirayama, 41, plotted to swipe the banking password of a jewelry store in Kawasaki. They lifted ¥ 216,000 from the account. Police also say the two men had other similar illicit activities in which they managed to get ¥11 million from nine other accounts at Japan Net Bank, Mizuho Bank and eBank Corp back during the summer.

Apparently, the two men have come mostly clean about their larcenous activities. According to the report, Takewaka told the police, "I created the spyware in about three months using a range of software. I wanted money to live." The same report claimed Hirayama admitted to sending out CDROMs with spyware to companies and get their banking information that way.

"Spyware which steals Internet banking customers is on the increase, so it's essential that everyone ensures they have proper protection in place," said Graham Cluley, senior technology consultant for Sophos. "It's encouraging to see computer crime fighters around the world having more success in catching the perpetrators, but this is only the tip of the iceberg. Everyone needs up-to-date anti-virus protection, firewalls and security patches, and ensure they are acting securely when online."

Washington state sues over spyware

Learn to Remove Spyware With Free and Available Programs! Click me

By Joris Evers

If you paid $49.95 for Spyware Cleaner from Secure Computer, you have been duped, according to Microsoft and Washington state's attorney general.

The Redmond, Wash.-based software maker and Attorney General Rob McKenna have filed a pair of lawsuits against Secure Computer and its principals, charging them with violating the Washington Computer Spyware Act and three other laws. The suits were filed Tuesday in U.S. District Court for the Western District of Washington.

"Our suit accuses New York-based Secure Computer and certain individuals in New York, New Hampshire, Oregon and the nation of India of preying on consumer fears about spyware," McKenna said Wednesday during a news conference announcing the action.

The Washington Computer Spyware Act, effective since mid-2005, provides for a fine of up to $100,000 per violation, McKenna said. The action is the first lawsuit filed by the state's attorney general under the new law.

An attorney for Secure Computer said his client was "shocked and surprised" by the allegations. "We are evaluating the situation and hope to address the merits of these allegations...shortly," John W. Dozier of Dozier Internet Law said in a statement sent via e-mail.

Secure Computer allegedly used deceptive links on search engine Google's Web site, as well as in pop-up advertising and in spam e-mail for Spyware Cleaner to imply that the software came from or was endorsed by Microsoft, McKenna said. Additionally, the company is accused of using a Windows feature to pop up warnings on users' PCs, telling them their system had been compromised, he said.

The messages urged the users to run a spyware scan. "The program...falsely claims that a computer is infected with spyware," McKenna said. The PC users were subsequently advised to buy Spyware Cleaner for $49.95 to remove the malicious software, he said--but the product did not do what it promised.

"Not only does the program fail to clean a computer of spyware; it actually will change a computer's settings that leave it susceptible to future attacks from other spyware and related programs," McKenna said.

Microsoft said it helped the attorney general by providing technical information and analysis. The software maker also filed its own, similar lawsuit against Secure Computer and individuals associated with that company.

Ben Edelman, a Harvard Law School student and spyware researcher, applauded the action against Secure Computer. The company seeks "to play on users' fears, and...to take advantage of users who are just trying to protect themselves," he said. "I'm pleased to see Microsoft and the state of Washington moving to stop these deplorable practices."

Spyware and adware have become widely despised for their sneaky distribution tactics, unauthorized data gathering and tying-up of computer processing power. The terms are used to describe software that pops up ads on a PC screen or that can log keystrokes, make screenshots and track a user's Web-surfing habits.

As many of 60 percent to 80 percent of consumers' PCs are infected with the annoying software, said Kirk Bailey, chief information security officer at the University of Washington, who joined Microsoft and the attorney general at the news conference.

"The bad news is that that those who continue to engineer and build those kind of tools are getting better at it," he said. "Advances in spyware are winning the arms race. The ability to inspect and remove spyware after you have been infected is a serious challenge."

To minimize exposure to spyware and other online threats, consumers should use a firewall, run regular software updates, and use an up-to-date antivirus program and anti-spyware software, Microsoft has advised.

1/19/2006

Barracuda Spyware Firewall Named Anti-Spyware ``Product of the Year''; Barracuda Networks Beats Solutions from Webroot and Sunbelt, Taking Home Gold

Learn to Remove Spyware With Free and Available Programs! Click me

MOUNTAIN VIEW, Calif. --(Business Wire)-- Jan. 19, 2006 -- Barracuda Networks, Inc., the leading provider of enterprise-class spam firewall solutions, today announced that its Barracuda Spyware Firewall was named anti-spyware "Product of the Year," in TechTarget's SearchWindowsSecurity.com "2005 Products of the Year" awards.


In the article, SearchWindowsSecurity.com recommends the Barracuda Spyware Firewall for "organizations of any size" and highlights the product's hourly Energize Updates and overall performance and ease of use. One judge called the Barracuda Spyware Firewall's perimeter detection "excellent."

"I really like this concept," commented a judge in regards to the Barracuda Spyware Firewall. "The idea of having an edge appliance that can do the trick, rather than having to maintain and update thousands of clients is awesome."

The Barracuda Spyware Firewall was chosen as anti-spyware "Product of the Year" from an extensive list of products submitted for consideration to SearchWindowsSecurity.com editors. The awards were judged by the editors, in conjunction with a team of users, industry experts, analysts and consultants. The Barracuda Spyware Firewall received consistently high marks from the panel, particularly in the categories of performance and ease of integration.

"This award emphasizes our continued commitment to offering our customers the most complete and comprehensive spyware solution available," said Dean Drako, president and CEO of Barracuda Networks. "We are thrilled that the Barracuda Spyware Firewall received this distinguished award from such an esteemed publication."

The Barracuda Spyware Firewall beat out Webroot's Spy Sweeper Enterprise 2.5 and Sunbelt Software's CounterSpy Enterprise Version 1.5.

About SearchWindowsSecurity.com

SearchWindowsSecurity.com is the Web's best Windows-specific security resource for enterprise IT professionals. It is designed to help those working in the trenches of Windows administration, deployment and infrastructure security. The site provides targeted search, news, research and interaction with peers and experts. SearchWindowsSecurity.com's readers are kept abreast of the most up-to-date, must-know Windows security tools, patches, flaws and technical information, while learning how to proactively handle security issues in the process. SearchWindowsSecurity.com is the largest online source of Windows security e-newsletters, white papers and Webcasts. More information can be found at www.SearchWindowsSecurity.com.

About Barracuda Networks, Inc.

Barracuda Networks is the leading provider of enterprise-class spam firewall solutions for comprehensive email protection. Its flagship products, the Barracuda Spam Firewall and Barracuda Spam Firewall -- Outbound, provide spam and virus protection for over 30,000 customers around the world, including Adaptec, Caltrans, CBS, Georgia Institute of Technology, IBM, Knight Ridder, NASA, Pizza Hut, Union Pacific Railroad Company, and the U.S. Treasury Department. In addition, Barracuda Networks expanded its product portfolio, launching the Barracuda Spyware Firewall in April 2005, as well as with the September 2005 release of the Barracuda IM Firewall. Barracuda Networks is a privately held company with headquarters in Mountain View, Calif. Barracuda Networks has offices and distributors in over 43 countries. More information is available at www.barracudanetworks.com.

DMA Bans Members from Pushing Spyware

Learn to Remove Spyware With Free and Available Programs! Click me

The Direct Marketing Association (DMA) has set up its first requirements governing members' use of software distribution.

The rules are designed to curb unethical installation practices, the industry group said, as well as to draw a line in the sand it hopes will preserve the legitimate uses of downloaded software. Many online marketers -- such as Southwest Airlines with its "DING!" application and Walt Disney with its "Chronicles of Narnia" video podcasts -- have been experimenting with using downloadable software as part of their marketing plans.

The guidelines say marketers "should not install, have installed, or use...software that initiates deceptive practices or interferes with a user's expectation of the functionality of the computer and its programs." They single out as unacceptable software that relays spam, serves "endless loop pop-up advertising," or deceptively modifies security or browser settings.

Regarding the use of permissible software downloads, the DMA insists members give notice to users when they join a service or when new software begins operating on their machines. Users are to be informed of all "significant effects" of having the software installed, and must be given a clear means to uninstall the program. Additionally, the trade group asks its members to provide a link to privacy policies and contact info.

The guidelines do not specify exactly what form this notice should take -- only that it should be clear and conspicuous.

"Beyond the narrow problems it causes in reductions of performance, hijacking and spreading of spam, [spyware] causes a much more pernicious problem in making consumers less confident in [doing business online]," said Louis Mastria, the DMA's VP of interactive and emerging media. "That problem drove us to usher this new guideline."

The DMA's board approved the guidelines last week, and they henceforth become part of the group's overarching ethical business practices document. Another trade group, The Network Advertising Initiative (NAI), is in the process of developing guidelines for adware applications.

Bill targets spyware, high-tech hackers

Learn to Remove Spyware With Free and Available Programs! Click me

You might not be a target of the Bush Administration eavesdropping and wiretapping program, but if you own a personal computer, someone is probably watching you and gathering information about you.

“People are sick and tired of having their personal information pilfered and having their computers hijacked by thieves who want to know what you eat, what you wear, what you read and how you spend your personal time,” said Rep. Brian Patrick Kennedy (D-Dist. 38, Hopkinton, Westerly). “I am introducing legislation that will make Rhode Island one of a handful of states that will officially and under penalty of civil action put an end to all that.”

Titled “Software Fraud,” the bill introduced by Representative Kennedy,(2006 - H6811), would prohibit the installation of spyware on computers and would make installing spyware a crime, punishable by civil action including up to $1,500 in damages per violation.

Spyware is software the tracks a computer user’s actions, gathers data about customers or reconfigures computer settings. It is often placed on a user’s computer unknowingly when the user visits certain Web sites or downloads certain programs, and can lead to such things as computer viruses or identity theft.

The Kennedy bill, which has been referred to the House Committee on Judiciary, targets spyware that modifies, through deceptive means, a user’s personal home page, the operator’s default Internet provider or Web proxy, or list of bookmarks. It also targets spyware that collects personal information from the user, prevents the user from blocking or disabling such programs, and disables any anti-spyware or antivirus software installed on the computer.
It also applies to spyware that accesses a user’s modem or Internet service to cause damage to the computer or cause the owner to incur financial charges for an unauthorized service, and spyware that opens multiple, stand-alone ads that cannot be closed without turning off the computer or closing the Internet browser.

“Spyware has eclipsed pop-up ads as one of the most annoying hazards on the Internet today,” said Representative Kennedy. “I’ve had spyware programs on my computer that actually wanted me to pay to remove them when the actual solution cost nothing. Unfortunately, not everyone can research these parasitic programs and they end up paying for something they don’t need.”

California and Utah were the first two states to put anti-spyware laws on the books, although the Utah law has been under attack for being too broad. In 2005, Arizona, Arkansas and Virginia joined the anti-spyware law fold. Similar measures are currently being considered in several other states and it appears likely that Congress, and specifically the Senate Commerce Committee, will be investigating the feasibility of federal action.

Published 01/19/2006
Issue 20-40

More super rogue anti-spyware

Learn to Remove Spyware With Free and Available Programs! Click me

Posted by Suzi Turner @ 11:29 pm

Be on the lookout for another new supposed anti-spyware program that might be hijacking desktops any day now. This one is called PestTrap and it's a clone of SpySheriff. SpySheriff was one of the top 10 rogue anti-spyware apps of 2005, coming in at number 2. You can see a screenshot of the PestTrap website at SunbeltBLOG and a screenshot of the app itself, along with the false positives in the scan results here. You'll see that SpySheriff, SpyTrooper, SpyDemolisher, SpywareNo! and Spyware-Stop are almost identical. If you scroll down the page a bit, you can see the other families of apps like SpyAxe and RazeSpyware that are deemed to be CoolWebSearch related by spyware researchers.

PestTrap was found being advertised on a new fake security center web page, uptodatesecurity.com (link to whois info). I don't recommend going to that page in Internet Explorer. Even in Mozilla a fake warning pops up saying "your pc is infected with spyware blah.. blah…". The domain is showing up in HijackThis logs already. Example here.

Last week I mentioned ISPs hosting spyware, but where are these CWS related rogue apps being hosted? Look at the whois info for pesttrap.com. Unlike SpyAxe which is hosted in the Ukraine, the PestTrap site is hosted at IP address 69.50.167.173 which belongs to an ISP in California, InterCage, Inc., formerly known as Atrivo. Note the nameservers are mail.atrrivo.com and pavel.atrivo.com.

OrgName: InterCage, Inc.
OrgID: INTER-359
Address: 1955 Monument Blvd.
Address: #236
City: Concord
StateProv: CA
PostalCode: 94520
Country: US

The IP address is currently blacklisted by SORBS and Spews. Even the Intercage.com domain has been blacklisted for spam back to September 2005. The Spews record has some interesting info as well.

Not surprisingly, SpySheriff.com (link to whois) is hosted at InterCage, and we have SpyTrooper.com on the same IP address, 69.50.170.82. The other domain on the IP is Spy-Sheriff.com. This IP is also currently blacklisted.

InterCage, Inc. INTERCAGE-NETWORK-GROUP (NET-69-50-160-0-1)
69.50.160.0 - 69.50.191.255
William Lu STANDARDSHELLS (NET-69-50-170-0-1)
69.50.170.0 - 69.50.170.255

The Intercage.com (link to site) home page is white and blank except for "…" in the upper left corner. Now, that seems odd to me. An ISP with a blank homepage? Google searches for Intercage.com and Intercage, Inc. bring up all kinds of interesting links. A Google search for Atrivo produces even more fascinating information like this and this. More on this one later.

Spy on yourself online

Learn to Remove Spyware With Free and Available Programs! Click me

Forget spyware. Here comes myware. Soon you'll collect data on your own Web use for fun and profit.
Erick Schonfeld, BUSINESS 2.0 editor at large

NEW YORK (Business 2.0) - For a nice dose of paranoia, open up your Web browser preferences and take a look at your cookies.

Every click at Amazon.com, every search at Google, and all the stops in between are reported back to the websites you visit. All you get in return is the odd suggestion for a bird feeder you might want to purchase or some text ads you might want to click on.

Then there's the truly malicious stuff -- spyware that inserts itself on your computer's hard drive and reports back everything you do to some spammer or an online marketer willing to pay the price.

Strange as it may sound, though, soon you may be spying on yourself. Why would anyone want to do that? Entrepreneur Seth Goldstein, whose startup Root Markets aims to create a financial market for consumer data, offers a compelling reason.

"Everybody else is spying on me," he says, "so I want to spy on myself."

But Goldstein wants a better copy of his online behavior than anyone else has, and he wants to have complete control over who gets to see it. Instead of spyware, he calls the software that will let him do this "myware."

Beyond the curiosity factor, he sees myware as a way people can deal with information overload simply by measuring how they spend time online. He also sees it as valuable information that they someday could exchange for something else beneficial.

Companies like Google, Microsoft, and Yahoo are trying to collect as much information about you as possible. Whenever you sign up with them for a service that requires a password (such as e-mail, My Yahoo, or personalized search), you are laying the groundwork for them to one day track your behavior across different parts of the Web through your online identity. If this information is so valuable, why not collect it yourself?

Taken together, the books you buy on Amazon, the movies you rent from Netflix, and the stories you read on www.nytimes.com all say something about who you are. They make up your clickstream, the history of all the places you visit and all the things you do online.

"All those streams of online data are what make me me," insists Goldstein.

His company is in the early stages of testing a myware service called Root Vaults (http://root.net/), an information bank that stores all the sites you visit and shows graphs of which ones you visit the most, how many hours you spend online each day, as well as the topics the sites can be grouped into (such as business, travel, or news). The first step to deal with information overload, after all, is to measure it.

Root Vaults work in conjunction with a piece of myware supplied by a nonprofit called AttentionTrust.org (spearheaded by tech journalist Steve Gillmor). Right now, it only works with the Firefox browser by adding an "attention recorder" extension. You can choose whether to send this data to your Root Vault, some other service, or just store it on your computer.

Any company that uses this data must agree to four basic principles: the data is the property of the user, it can be moved from one service or device to another at will, it can be exchanged for something of value, and the user has the right to know who is using it and how.

With these principles in mind, Goldstein hopes to bring advertisers and publishers into the mix and create a market for consumer data. His co-founder and chairman is Lew Ranieri, the Wall Street financier who helped launch the mortgage-backed securities market in the 1980s. Besides your clickstream data, you will be able to add other data to your vault, such as your address, social security number, or credit scores. Goldstein emphasizes, "It is the user's data, not ours."

But if a travel marketer made a sweet offer for access to, say, the travel-related sites you visit so that he can send you deals on places you like to read about, you would be able to strike that bargain.

Or if you are looking to refinance your home, you might make available your credit score to home lenders along with your clickstream for real-estate sites. (If a lender sees you've been spending three hours a day looking at real-estate listings, he is more likely to bid for your attention with a lower rate or a special deal).

Root Markets would sit in the middle, presumably taking a tiny slice off each transaction.

Whether or not Root Markets catches on, the idea of controlling the data about your own consumer behavior is a powerful one. And at least online, collecting that clickstream information is a relatively easy thing to do.

So expect to see more companies that help you do creative things with your clickstream. Some will give you complete control over how your data is used, like Root Markets. Others will entice you with a cool service to capture that data so that they can then improve their service even more.

A U.K. startup called Last.fm fits into this category. It offers a free software download that records a history of all the music you listen to on your PC, and then shares that with other Last.fm members. Based on your listening habits, it creates a personalized radio stream for you over the Internet, and lets you see what other people with similar musical tastes are listening to as well.

Your clickstream, in this case, is your playlist (the collection of songs you click on the most). By sharing it, you contribute to a social good (discovering new music) that you yourself may benefit from.

Today, companies collect information about us and consider it theirs. If myware becomes more prevalent, we will be collecting the information ourselves and either selling it to the highest bidder or sharing it with those who choose to give something back. How do you like those cookies?

Information Security Center test shows that most Anti-Spyware and Anti-Viruses software do not prevent data from being stolen

Learn to Remove Spyware With Free and Available Programs! Click me

According to the result of testing from Information Security Center Ltd, a number of anti-virus and anti-spy software products do not protect information from most dangerous, custom-made keyloggers. The testing simulated a situation when a thief applies a custom-made keylogger compiled from source code freely available from the Internet.

It is efficiency of data protection that was made the only criterion in the comparative testing. The experts tested how 44 most popular anti-spyware and anti-viruses perform against the most dangerous information-stealing software, i.e. the very kind of programs which cybercriminals use to steal confidential information.

The testing simulated the situation when a computer is infested with custom-made keyloggers – extremely dangerous software created specially for identity theft or espionage. Everybody can take source code of keylogging programs from the Internet and compile an entirely new "spy" which no product based solely on signature analysis will detect.

Another goal of the testing was to check efficiency of heuristic algorithms, that most anti-virus and anti-spyware vendors proclaim they apply for detecting spyware.

The testers used 9 "test spies" compiled of the source code they took from the Internet. The results turned out to be shocking:
· 29 out of 44 anti-virus and anti-spy software products couldn't do anything – they detected none of these spies
· 10 products managed only 1 spy out of 9
· 5 programs caught only 2 out of 9
· The only product that blocked all the 9 spies was PrivacyKeyboard – a dedicated anti-keylogging solution based solely on heuristic algorithms.

To avoid the blame for being biased in favor of their own product, the specialists described the method of testing in detail in their article. Everybody who has basic programming skills can try it.

"Everybody is welcome to repeat the testing", – said Dennis Kudin, the Chief Technology Officer of Information Security Center, Ltd. "The method we used is simple enough to apply. Even a user not very experienced in programming can do this testing himself – and we are sure the results will be the same."

Is Secure Computing Coming Soon?

Learn to Remove Spyware With Free and Available Programs! Click me

By David Needle
January 18, 2006

SAN FRANCISCO -- The computer industry is saddled with old computers and outdated software among much of its user base and reactive security solutions that aren't always effective.

That gloomy assessment from HP's vice president and CTO of services came toward the end of a largely upbeat discussion on his company's manageability and security solutions.

"We're the cheerleaders for security across the company," HP's Tony Redmond told a small group of reporters in a briefing here. "We can't ship products without security and make sure that everything works right to support our security strategy."

But while Redmond thinks HP (Quote, Chart) has its security act together, he says the bigger challenge for the industry is dealing with legacy systems ill-suited to fend off increasingly complex and virulent outbreaks of computer viruses, spyware and the like.

"The PC has been a business platform since IBM introduced it in 1981. That's 25 years," Redmond told internetnews.com. "We need a new generation of hardware and software where trustworthiness is fundamentally built in."

In its earnings call yesterday, Intel CEO Paul Otellini said the chip giant would be introducing its first brand designed for enterprise manageability about mid-year. The new processor, code-named Conroe, (Quote, Chart) is a dual-core 64-bit chip.

Otellini said the timing for the introduction would be appealing to enterprises looking for Vista-ready desktops.

Vista is the successor to Microsoft's Windows XP operating system for desktop computers, and has more security features. But Vista isn't due until the end of this year, and enterprise customers typically take a few years to move to a new architecture.

"There are so many old versions of Windows out there," said Redmond. "You have to give people a reason to move from XP, and Vista does that."

Still, he said that enterprises typically don't like to migrate in pieces. They are more likely to migrate to Vista when the new Office 12 applications suite and other Vista apps are available and perhaps even wait for Longhorn, the server version of Vista, which isn't due till next year at the earliest.

"My belief is there will be a more gradual acceptance at the corporate level," said Redmond.

He said the addition of features such as secure boot make Vista important along with add-ons like HP's Protect Tools, but "it could conceivably take a decade after Vista ships before [most all users can assume] a true trustworthy environment."

Today Redmond said there are two paths to try and ensure a secure environment.

One strategy is to be "hyperactive," using all the security tools available, and take great care in what files you accept in e-mail and over networks. "But [viruses and spyware] can still hit you."

The more likely scenario, Redmond said, is that users come to accept what sounds very much like the parental controls families use to monitor their kids' Internet use.

"You take away a little openness and only run stuff that adware and spyware can't get at," said Redmond. "I won't guarantee that Vista [and other technologies] eliminate the threats, but people will have a platform that is more resistant to the vast bulk of threats out there."

Network Engines Integrates NS Series Appliances with Websense® Web Security Suite

Learn to Remove Spyware With Free and Available Programs! Click me

Award-Winning Security Solutions Now Combined on Integrated Security Appliances Powered by Microsoft ISA Server 2004 /noticias.info/ Network Engines, Inc. (NASDAQ: NENG), a leading appliance partner for Microsoft security solutions and Websense, Inc. (NASDAQ: WBSN), the world’s leading provider of employee internet management solutions, today announced the integration of Websense® Web Security Suite® software with Network Engines NS Series Security Appliances. Websense Web Security Suite is now shipping on the NS6400 and NS8400 security appliances.

The NS Series, powered by Microsoft® Internet Security and Acceleration Server 2004, is a family of multi-functional security appliances designed to meet stringent security requirements and regulatory compliance mandates.

“The integration of Websense Web Security Suite on the NS Series delivers a highly integrated security solution designed specifically to offer the best protection for Microsoft web based infrastructure,” said Mike Riley, VP marketing and corporate strategy for Network Engines. All features of the Websense Security Suite, including Websense Enterprise, Websense Removable Media Lockdown™, real-time security updates, Instant Messaging (IM) Attachment Manager™, and others, are supported on the NS Series Security Appliances.

“Integrating our offering with Network Engines NS Series pairs two award winning security solutions together to protect customers from a wide spectrum of internet threats,” said Steve Kelley, director of strategic alliances for Websense, Inc. “We feel privileged to be the only web security and filtering solution available on the NS Series. This distinction is a credit to our market-leading capabilities that enable us to effectively provide protection against harmful web-based threats.”

David Oliver, network administrator at Safe Auto Insurance, can attest to Network Engines’ reputation for ease of use and customer satisfaction. "We were incredibly impressed by the ease of deployment of the NS6400s we purchased,” said Oliver. “Within 30 minutes we had a true application-layer firewall protecting our critical Microsoft applications, including automatic fail-over to a second appliance and automatic fail-over from our primary Internet Service Provider to a back-up ISP. A click of a button activated the full Websense Web Security Suite already integrated with the ISA firewall. Another click started the appliance's agent for Microsoft Operations Manager – and with the NEWS™ appliance manager, we can be sure that the pre-tested updates Network Engines provides us won't impact our production environment."

“End users are demanding more comprehensive, integrated security solutions that reduce the total cost of ownership,” said Charles Kolodgy, research director at IDC. “Network Engines is responding to these customer needs by integrating best of breed security software, from such providers as Websense, in a single ISA-based integrated security solution designed specifically to protect Microsoft business infrastructures. Meanwhile, Network Engines has also set a standard for ease of maintenance with its NEWS service. This automated update system reduces human error and increases the speed in which security updates are delivered.”

Network Engines is a founding member of the Websense Web Security Ecosystem™ — a comprehensive ecosystem of world class security and networking technology providers to enable easy deployment and integration of Websense solutions in enterprise environments. The Websense Web Security Ecosystem incorporates vendors from leading security and networking markets, including: network access control, internet gateways, certified appliance platforms, security event management, and identity management. The Websense Web Security Ecosystem provides interoperability of joint solutions to ensure seamless integration in enterprise environments.

Websense web filtering software helps protect organizations and employees from an increasing number of internal and external online threats. Websense software features over 90 categories of web content, in more than 50 languages, allowing organizations to set highly flexible internet usage policies for employees. For more information on the Network Engines integration please visit: www.websense.com/global/en/Partners/ or www.networkengines.com. Websense Security Labs™ offers free email security updates as new internet threats are discovered and is available at www.websensesecuritylabs.com.

About Websense, Inc.

Websense, Inc. (NASDAQ: WBSN), the world’s leading provider of employee internet management solutions, enables organizations to optimize employee use of computing resources and mitigate new threats related to internet use including instant messaging, peer-to-peer, and spyware. By providing usage policy enforcement at the internet gateway, on the network and at the desktop, Websense products enhance productivity and security, optimize the use of IT resources and mitigate legal liability for our customers. For more information, visit www.websense.com.

© 2006, Websense, Inc. All rights reserved. Websense and Websense Enterprise are registered trademarks of Websense, Inc. in the United States and certain international markets. Websense has numerous other unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners.

Busting spyware: More tips

Learn to Remove Spyware With Free and Available Programs! Click me

Dave Methvin, 19-Jan-2006

Part two of our spyware-busting series.

In the first article of this series, I covered some of the tools and techniques that users and administrators can apply to remove spyware and other unwanted software. However, an ounce of prevention is worth a pound of cure, especially when it comes to spyware. It's much more effective — and much less stressful — to keep spyware off systems by preventing infection in the first place. This article will show you how to set up those spyware defenses.

Essentially, there are two ways that unwanted software invades a system: Either the software exploits some sort of security hole and installs without any user intervention, or the software installs with permission from the person at the keyboard, often using varying degrees of using trickery or deception. The second method — user-assisted invasion — is much more common.

For example, a Web site may imply that users cannot view the site's content until they agree to install an ActiveX control. In reality the ActiveX control is unrelated to the site and only installs spyware. (Users that visit the site with browsers that don't support ActiveX, such as Firefox, don't see that message, but have full access to the site's content.) In other cases, the software may emphasize the benefits ("fun Web icons!") but play down the drawbacks ("endless popup ads"). If you're in doubt about a site, a Google search can often reveal a lot about the software, the company, and their motives.

Short of simply recognizing when something is spyware, there are a number of ways to keep more devious forms of spyware off systems. What follows are are few of the more effective.

Stay Patched
One of the most important steps that system administrators and users can take is to keep Windows and applications patched. Most major software vendors try to stay ahead of the bad guys and issue regular patches to prevent security problems. In particular, patches to Microsoft Windows and Microsoft Office, which are frequently targeted by malware writers, are critical to keeping a system free of spyware and other unwanted software.

Revoke Their Privileges
Perhaps one of the biggest spyware risks arises when otherwise sensible people install problematic software on their systems — or allow others to do so. Company notebooks can be at risk when they're taken home and used, even briefly, by family members. Kids tend to click OK when they shouldn't, and don't worry about running an executable file that they get from a friend or download off a peer-to-peer network like Kazaa or BearShare. Before you know it, you've got a heavily infected system to clean.

Unfortunately, a lot of this happens because nearly nearly all Windows users log in as administrators.

This isn't unusual; so many functions today depend on having administrative privileges, that it's been a lot easier to allow administrative sign-ons (the alternative is for users to have to call tech support every time they have to make a significant change). However, it can mean a higher probability of infection.

If you're the sysadmin for your company, a good way to prevent this situation is to either avoid setting up most employees as administrators, or to make sure that all users are educated as to the dangers of random installs. (Note: With luck, things will get easier once Windows Vista is released. Its User Account Protection feature will allow users to temporarily access administrative tools while not giving them full admin privileges.)

Avoid Danger Zones
Where possible, companies should have a policy that prohibits users from installing unapproved software on company computers, and from visiting Web sites that are possible danger zones for malware (such as porn sites and clickthroughs from spam). If employees are repeatedly infected in spite of warnings, consider filtering and/or blocking unauthorized Web use.

Dangerous software can come from surprising sources; it's not just an Internet problem. The recent controversy about Sony BMG including spyware on its music CDs underlines that the risks aren't just limited to the Internet. Some Sony music CDs installed software even if they didn't accept the license agreement, as long as they had the Autoplay feature turned on, which is the default in Windows. (You can bypass Autoplay by holding down the Shift key when you insert a CD, or you can disable Autoplay for CD drives using Microsoft's TweakUI utility.)

Did You Read Your EULA?
Okay, be honest — when was the last time you read the End User License Agreement (EULA) before clicking "Okay" and proceeding with installation? You're not the only one — almost nobody reads those dense paragraphs full of legalese. Typical license agreements run to 20,000 words or more.

In 2004, my company tried an experiment with the EULA for one of our software products. Buried in the license was a clause that offered "financial compensation" for sending feedback to a particular e-mail address. It took four months and nearly 3,000 downloads before we finally got our first e-mail asking about that clause.

EULAs can be weapons of mass deception for spyware makers. For example, many of these agreements say that the software maker can install new software without notice, collect extensive data about the system configuration, record information that the user types into Web forms, and even change the license terms at any time without notifying users. Some EULAs include links to online Web pages that are supposedly part of the legal agreement. Users would need to regularly visit these Web pages to find out what new conditions they have to endure while the software is on their systems.

There are tools to help you evaluate the risks. JavaCool Software has written a utility named EULAlyzer that searches lengthy EULA documents and roots out words that can mean trouble. It's a good idea.

Spyware Sentinels
Even a well-patched PC with an astute user can still be at risk of being infected with spyware or other unwanted software. That's where the prevention and inoculation features of anti-spyware software can provide even more protection. Using a variety of strategies, such as lists of known threats and threat signatures, detecting attempts to install applets, or through other means, anti-spyware can block the software from installing on the system.

This real-time protection is offered in the free Spybot Search & Destroy and Microsoft Antispyware products. It is also available in the paid versions of Ad-Aware and Spy Sweeper, and in the spyware protection offered by Symantec, McAfee, Panda, and Computer Associates, among others.

The free SpywareBlaster application from JavaCool Software can offer another layer of safety. Unlike the real-time protection of anti-spyware programs, SpywareBlaster doesn't actually run any software in the background. Instead, it manages a "blacklist" of software that Internet Explorer is told that it should not run.

Why Prevention Matters
Spyware and unwanted software installations pose many dangers, including the risk of data loss or information theft. Although several good tools exist to identify and fix spyware problems, cleanup is tedious and time-consuming. Plus, most users act to clean up spyware only after they detect a problem with the computer; as spyware becomes more sophisticated those outward signs become harder to detect.

Prevention is a much better way to address the problem. With the right preparation, education, and policies, it's possible for users and administrators to minimize the problem of recurring spyware infestations. --TechWeb Small Business Pipeline

Dave Methvin is Chief Technical Officer at PC Pitstop, a security Web site.

1/12/2006

Dangerous MSN trojan blends spyware and keylogger threats

Learn to Remove Spyware With Free and Available Programs! Click me

William Eazel 12 Jan 2006 11:35

IT security watchers today warned of a newly intercepted malicious trojan that disguizes itself as MSN Messenger in order to prevent detection.

Described as "dangerous" by PandaLabs, the Spymaster.A trojan combines spyware and keylogger characteristics in an attempt to steal all types of information from compromised computers.

As with most Trojans, Spymaster.A is not able to spread by itself, and therefore needs the intervention of a malicious user. It can reach computers as an attachment to email messages, or could be downloaded from web pages, P2P applications, instant messaging systems or infected CDs or diskettes.

After it reaches a computer, should a user run the file that contains Spymaster.A, a copy of this trojan is created as a file called syscont.exe. The process associated to this file has the name Win servico. However, PandaLabs warns that if the user views active processes in the task manager, they will only see it as a process supposedly corresponding to MSN Messenger. This process actually hides the actions of Spymaster.A. Similarly, it creates several Windows registry entries to ensure that it runs every time the computer starts up.

The trojan also creates a text file called syslogy.cc. This file stores data on the programs used on the computer, web pages visited and all information entered on the keyboard. This is the file that will be sent, via FTP, to an address from which the attacker can collect it.

Luis Corrons, director of PandaLabs said: "Keylogger Trojans are usually used by cyber-crooks to steal confidential information for fraudulent purposes. Given that, nowadays, financial gain is the main motivation for the creators of malicious code, it is almost certain that more examples will appear, and that they will be increasingly sophisticated and difficult to detect. The way that Spymaster.A hides the process in memory is a good example of this."

iTunes Updates Spies

Learn to Remove Spyware With Free and Available Programs! Click me

Wednesday, January 11, 2006

iTunes update spies on your listening and sends it to Apple?
Update: An Apple "spokesman" (reliable word has it that it was Steve Jobs himself)
told MacWorld that Apple discards the personal information that the iTunes Ministore transmits to Apple while you use iTunes.

A new version of Apple's iTunes for Mac appears to communicate information about every song you play to Apple, and it's not clear if there's any way to turn this off, nor what Apple's privacy policy is on this information.

Yesterday, I updated my version of iTunes to 6.0.2, at the recommendation of Apple's Software Update program. I noticed immediately that iTunes had a new pane in the main window -- the "Mini-Store" which showed albums and tracks for sale by the artist whose song was presently playing.

The question is: how does Apple know which version of the Mini-Store to show you unless iTunes first transmits the current song that you're playing to Apple? I've turned off the Mini-Store, but a look at Apple's site, the iTunes license, and the iTunes documentation does not state whether this turns off this spyware behavior, or whether it merely causes iTunes not to show me things to buy based on the track I'm presently playing.

As Marc at Since1968 points out, there's no language in Apple's privacy policy that addresses this specific behavior.

I love iTunes because it's a clean music player. But no amount of clean UI is worth surrendering my privacy for -- I wouldn't buy a stereo that phoned home to Panasonic and told it what I was listening to; I wouldn't buy a shower radio that delivered my tuning preferences to Blaupunkt. I certainly am not comfortable with Apple shoulder-surfing me while I listen to digital music, particularly if they're doing so without my meaningful, informed consent and without disclosing what they intend on doing with that data.

At very least, Apple must deliver information about whether iTunes gathers and transmits your data when the Mini-Store is switched off, and about what it does with the data the Mini-Store transmits when it's loaded.

Each time you play a different song, the MiniStore features information about the artist currently playing, as well as "Listeners Also Bought..." Here's a full size capture of Apple marketing in action: as you can see, I'm playing Mary J. Blige covering U2's "One", and the MiniStore shows other albums from Mary J. Blige and U2.

This means, of course, that every single time I play a song the information is sent back to Apple. You can turn off the MiniStore at the click of a button, but it's not clear whether turning off the MiniStore is the same as turning off the flow of data (one doubts it). And don't bother looking for a way to turn this "feature" off in the Preference pane: it's not there.

Link (Thanks, Marc!)

Update: John sez, "With the Mini-Store turned off, no data is passed back to Apple. Verified with Little Snitch and Ethereal." I'd be interested in deeper analysis than this, though -- is this under all circumstances?

Update 2: John sez, "The iTunes MiniStore does not transmit the current song data if the MiniStore pane is hidden. I ran TCPFlow to check my outgoing data and it only queried the server when the pane was open."

Update 3 Merlin reports that iTunes appears to be phoning 2o7.net when the Ministore is loaded. That domain is registered to Omniture, Inc. of Orem, Utah. From Omniture's site:

2o7.net is an Internet domain used by Omniture, Inc. on behalf of our customers to improve Web site design and to generally improve the user experience on the Web. This domain is used by Omniture’s data collection systems, and is the domain under which Omniture places cookies. These cookies are NOT spyware – they are simple text files that help Omniture customers measure usage of their Web sites and performance of their marketing campaigns.

Update 4: Kirk has verified that hiding the Mini-Store appears to deactivate the spyware behavior in iTunes.

Update 5: Marc, who broke this story, has posted a snappy comebacks to silly apologists message that addresses the common objections to this subject (e.g., "It's not spyware if Apple does it," and "You have a duty to monitor all your applications' use of TCP sockets and filter the ones you object to," and "Privacy is dead, stop acting like companies are immoral for spying on you.")

Update 6: Timo sez, "I just ran a packet trace of the new iTunes - it only connects to Apple if the Mini Store is open. For regular MP3s, it'll run a full text search to find related articles, for purchased music, it searches by the original product ID. Sample query string is:

/WebObjects/MZSearch.woa/wa/ministoreMatch?an=Daft% 20Punk&gn=Electronic&kind=song&pn=Discovery

Update 7: Kirk adds, "after more analysis, this does not send info to Apple when you are playing music, but rather when you click on a song. So if you start playing a song by double-clicking, it will send info to the iTunes Music Store and retrieve suggestions. But if the song is in a playlist, the MiniStore display will not change when the next song begins."

Update 8: An Apple "spokesman" (reliable word has it that it was Steve Jobs himself) told MacWorld that Apple discards the personal information that the iTunes Ministore transmits to Apple while you use iTunes.

HOSTS file hijacking and bank password stealing trojans

Learn to Remove Spyware With Free and Available Programs! Click me

Posted by Suzi Turner @ 11:14 pm

HOSTS file hijacking combined with bank password stealing trojans is one of the more egregious spyware tricks currently being seen. Here's the scenario. A user is infected with a trojan and other malware that, among other things, changes the HOSTS file so that websites commonly used for online banking are redirected to the spyware pusher/thief's site which is made to look nearly identical to the real bank site. Everyone in the anti-spyware community knows who these ISPs are.

HOSTS file hijacking can be prevented with a number of apps including several anti-spyware programs and utilities including one of my favorites, WinPatrol.

SunbeltBLOG has an excellent write up describing this trick and a video for demonstration. Host file hijacking is not new on the spyware scene and has been used by CoolWebSearch and similar groups to redirect users' browsers to alternative search sites or adware/spyware sites. In many cases the IP address or domain being used to collect users' IDs and passwords is located outside of the US, but in Sunbelt's write up, the IP address is right here in River City and belongs to an ISP headquartered in Dallas, Texas, Layered Technology.

The IP address in question is 216.32.94.147, and the whois information can be seen here and here.

Savvis SAVVIS (NET-216-32-0-0-1)
216.32.0.0 - 216.35.255.255

Layered Technologies, Inc. NET-216-32-64-0 (NET-216-32-64-0-1)
216.32.64.0 - 216.32.95.255

Interestingly enough, a Google search for Layered Technologies, Inc. produces a number of links related to blacklists and spam.

The one domain residing on that IP can be seen at http://www.whois.sc/nikavonejalko.com and was registered with incomplete information to a entity in Russia. Let's hope that Layered Technology acts responsibly and shuts down this site ASAP.

I'm preparing for a huge rant about ISPs in the US of A hosting sites running exploits, foisting spyware of the worst kind on users and in some cases hosting child porn. Everyone in the anti-spyware community knows who these ISPs are. One of them has been reported to authorities but is still up and still running CWS exploits as I type. I'm prepared to name companies and individuals, so Watch Out!

1/10/2006

Dodgy anti-spyware firms to cough up $2m

Learn to Remove Spyware With Free and Available Programs! Click me

Published Tuesday 10th January 2006 16:30 GMT

Two dodgy anti-spyware operators have agreed to cough up $2m to settle charges brought by the US Federal Trade Commission (FTC).

The US consumer watchdog alleged that Spyware Assassin and TrustSoft used email and pop-up ads to drive net users to their websites for a "free spyware scan". The "scans" revealed that spyware was present on computers even when they were clean and went on to flog anti-spyware software to concerned punters for up to $39.95 a throw.

In the case of Spyware Assassin, the FTC alleged that the free remote scan was "phony" and that claims that they had "detected spyware on the consumer's computer were deceptive".

Regarding TrustSoft's SpyKiller "scan", the FTC alleged that the software "deceptively identified anti-virus programs, word processing programs, and other legitimate processes running on the system as spyware". Even though SpyKiller promised to remove "all traces" of particular spyware on consumers' computers, the FTC alleged that the software "failed to remove significant amounts of spyware, including specified spyware the defendants claimed to remove".

In a ruling published last week, it was announced that Danilo Ladendoft and TrustSoft are to cough up about $1.9m to settle the charges brought by the FTC. "The settlement will prohibit them from making deceptive claims in the sale, marketing, advertising, or promotion of any goods or services and prohibits the specific misrepresentations used in promoting SpyKiller," said the FTC in a statement.

Thomas L. Delanoy and his corporation, MaxTheater - behind Spyware Assassin - will pay $76,000.

"Two operations that promoted spyware detection products by making bogus claims have agreed to settle Federal Trade Commission charges that their claims were deceptive and violated federal law," said the FTC. "The settlements require the defendants to give up a total of nearly $2m in ill-gotten gains, and prohibit deceptive claims." ®

Fighting Spyware Is Never-Ending Battle

Learn to Remove Spyware With Free and Available Programs! Click me

By Andrew Garcia


Tech Analysis: Products and enterprises must evolve to meet new challenges.

Early adopters of anti-spyware products may focus primarily on a product's ability to identify and clean spyware on the desktop, but eWEEK Labs recommends that administrators be proactive—emphasizing new practices or technologies that thwart malware threats before installation while being aware of the potential for complications that could arise in doing so.

Anti-spyware vendors are in a constant tug of war with malware writers, trying to cope with and compensate for new technologies that make malware harder to identify and eradicate. For example, the latest malware instances may use rootkits to hide their presence, self-healing mechanisms to spontaneously regenerate when threatened and active processes that try to disable resident security programs.

Because signature-based scanning and cleaning is, in essence, a reactive process, any anti-spyware program under test is unlikely to be able to identify and clean each malware instance in an enterprise network. In fact, it's commonly accepted wisdom in the field that administrators may need to use a combination of products to eradicate every threat.

Administrators would be wise to examine methods of keeping spyware off the desktop in the first place. Last month, eWEEK Labs spoke with several organizations that are successfully avoiding malware by restricting users' privileges on the local system—in short, they are effectively avoiding spyware by denying users the right to install it. Another tack, implementation of gateway-based detection technology, will help protect users connected to the corporate network. (eWEEK Labs will examine gateway-based anti-spyware in a forthcoming issue.)

Desktop anti-spyware vendors also are making dramatic leaps in their products' ability to block spyware installation. Early blocking technologies using real-time scans that instigate scanning and cleaning as files are written to disk have proved insufficient against the latest hardened threats, but newer technologies seen from vendors including Aluria Software, Tenebril Inc. and Webroot Software Inc. are increasingly using kernel-level drivers to identify threats before they are installed.

By hooking into the kernel, these products are more effective at blocking threats because they monitor read and write commands from the operating system to the file system, identifying and eliminating threats before they are written to disk.

Unfortunately, this penetration deep into the operating system provides more opportunities for conflict with existing security solutions, such as anti-virus software, that also use kernel-hooking techniques. As more programs interact at the kernel level, there is a greater chance that the programs will conflict with one another, which could cause the system to become unstable.

In past reviews, we've praised integrated solutions from McAfee Inc. and Panda Software International S.L. for their advanced ability to block spyware before installation. Combining this anti-spyware capability into a single-agent architecture on the desktop, these products and others like them are in a position to provide a more stable computing environment (even as we await further improved scanning and cleaning capabilities from these integrated systems).

By increasing the emphasis on blocking spyware before it can gain a foothold on the desktop, enterprises can also use regular scans for auditing purposes rather than as a front line of defense. To achieve compliance with regulatory mandates including the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, HIPAA (Health Insurance Portability and Accountability Act), and Payment Card Industry regulations, organizations will need to ensure—and demonstrate—that desktop systems are not compromised. Reports from regularly scheduled scans can provide the necessary proof, while also offering cleaning services for the occasional threat that may slip through the front line of defense.

Of course, this new role for anti-spyware defenses will require across-the-board improvements in reporting capabilities. Anti-virus and anti-spyware vendors would do well to create new report templates that are tailored to each particular set of regulations.

We predicted in anti-spyware reviews early last year that the shelf life of the stand-alone anti-spyware system is coming to an end. Customers will demand and will be better served by an integrated security solution that provides anti-virus, anti-spyware, intrusion prevention and desktop firewall capabilities, while reducing management complexity and opportunities for system conflicts.

We remain confident that this prediction will come to pass. As Trend Micro Inc., EarthLink Inc. and CA have gobbled up various anti-spyware companies during the last year and a half, the number of relevant independent anti-spyware-only vendors has dwindled. And Sunbelt Software Inc.'s recent acquisition of Kerio firewall technology indicates that this anti-spyware pure play will soon produce its own integrated suite as well.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.