3/27/2006

Recent developments in adware and spyware

Learn to Remove Spyware With Free and Available Programs! Click me

Computer users accustomed to treating adware and spyware as just a low-level annoyance came in for a shock recently.


According to Reuters, a California man was indicted earlier this month on federal charges of creating a robot-like network of hijacked computers that helped him and two others bring in $100,000 for installing unwanted adware.

The indictment from a federal grand jury in Seattle also accused Christopher Maxwell, 20, and two unidentified conspirators of crippling Seattle's Northwest Hospital with a "botnet" attack in January 2005.

Authorities said the hospital attack caused $150,000 in damages, shut down the intensive care unit, and disabled doctors' pagers.

If he is convicted, Maxwell will face a maximum 10 years in prison and a $250,000 fine.

Reuters quoted the following statement by U.S. Attorney John McKay: "Some people consider botnets a mere annoyance or inconvenience for consumers, but they are highly destructive. In this case, the impact of the botnet could have been deadly."

Let there be no misunderstanding: adware and spyware are among the fastest-growing risks to consumers and organizations today. This article looks at recent developments in adware and spyware, as well as recommended steps to reduce the risks posed by these programs.

Growing volumes

While adware and spyware are not categorized as malicious code, Symantec monitors them using many of the same methods used for tracking malicious code development and proliferation. This involves an ongoing analysis of reports and data delivered from over 120 million client, server, and gateway email systems, as well as filtration of 25 million email messages per day. Symantec then compiles the most common reports and analyzes them to determine the appropriate categorization.

Adware programs enable the delivery and display of advertising content onto the user's device. This may be done without the user's prior consent or knowledge. It is often, but not always, presented in the form of pop-up windows or bars that appear on the screen.

Adware isn't always a security risk. In some cases, it simply delivers an advertising message to the user's screen. But depending upon its functionality and the context in which it is deployed, adware can constitute a security risk.

According to the latest edition of the Symantec Internet Security Threat Report, during the first six months of 2005, the prevalence of adware increased dramatically over the two previous reporting periods. Between January 1 and June 30, 2004, adware comprised 4 percent of the top 50 programs reported to Symantec. In the second half of 2004, it made up 5 percent of the top 50 programs. Between January 1 and June 30, 2005, however, it made up 8 percent of the top 50 reported programs.

For their part, spyware programs can secretly monitor system activity and either relay the information back to another computer or hold it for subsequent retrieval. In some cases, spyware is used by organizations to monitor Internet usage or by parents to monitor their children's Internet usage. Spyware can be surreptitiously placed on users' systems in order to gather confidential information such as usernames, passwords, banking information, and credit card details. This can be done through keystroke logging and by capturing email and instant messaging traffic.

Spyware is one of the fastest-growing risks, increasing at an estimated rate of 50 to 100 percent year over year, according to some security experts.

The chief offenders

The most frequently reported adware program between January 1 and June 30, 2005 was ShopAtHomeAgent, which accounted for 19 percent of the top 10 adware programs reported. It downloads and displays advertisements; however, it may also redirect access to certain Web sites through www.shopathomeselect.com.

The second most common adware program in this period was Istbar, which accounted for 14 percent of the top 10 reports. Istbar is a family of adware programs that install via an Internet Explorer toolbar, often using aggressive, persistent techniques.

CoolWebSearch was the third most commonly reported adware, making up just over 13 percent of the top 10 reports. CoolWebSearch is a large family of security risk programs that can be manually installed or bundled with another program. The programs have been observed hijacking searches, which are then redirected to the CoolWebSearch Web site or an affiliate.

Turning to spyware, Webhancer was the most reported program in the first six months of 2005, accounting for 29 percent of the top 10 spyware programs reported overall. (It was also the most reported spyware program in 2004.) Webhancer monitors the user's browsing habits, sending the information back to its centralized servers. While the program includes an End User Licensing Agreement (or EULA), it is also capable of updating itself from servers. This means that updated versions may contain additional functionality that the user may not have agreed to as part of the original EULA.

Apropos was the second most reported spyware program in this period, making up 27 percent of the top 10 spyware reports. An Internet Explorer browser helper object (or BHO) installed by an ActiveX control, Apropos installs a toolbar that links to Web sites and sends information back to its server.

The third most reported spyware program, Marketscore, is a new addition to the top 10, making up 19 percent of the top 10 reported spyware programs. When Marketscore is installed on a computer, it starts a proxy service. Once this service has executed, all of the system's Internet connections will be routed through the Marketscore's proxy, called OSSProxy.

Of the top 10 adware programs reported in the first six months of 2005, five hijacked browsers. During this same period, two spyware programs performed this function.

Prevention and mitigation

Because adware and spyware can be placed on a user's computer by exploiting software vulnerabilities, Symantec recommends that users update their antivirus software regularly. Security administrators should also take extra measures to ensure that patch levels on all computers are up-to-date. Users and administrators should employ defense in-depth, which means deploying a properly configured firewall and integrated antivirus and intrusion detection systems. In addition, users should exercise caution when installing any software through a Web browser and avoid downloading any software from sources that are not known and trusted.

Besides the deployment of defense in-depth, Symantec recommends that acceptable usage policies be put in place and enforced. System administrators should regularly audit systems to ensure that no unauthorized software is installed on them. In all cases, administrators and end users should read the EULAs of all software programs before agreeing to their conditions.

Security risks such as adware and spyware have the potential to compromise users' personal information and privacy, and their prevalence is increasing globally. Enterprises should consider an approach that detects these risks in a way that is non-intrusive, allowing users to make informed decisions based upon their own level of acceptable risk.

Spyware And Adware Continue To Plague PCs

Learn to Remove Spyware With Free and Available Programs! Click me

More businesses deploy anti-spyware apps, while efforts to control the parasitic code are widening as watchdog groups employ new tactics and law enforcement cracks down on suspects.




The characters who create and distribute spyware eventually reach a crossroads. Some clean up their acts, present themselves as adware aficionados, and do their best to legitimize questionable marketing techniques. Others continue their shady work on the sly. One major player reached a dead end: Adware pusher Claria last week revealed plans to exit the controversial business.

Efforts to control the parasitic code are widening as watchdog groups employ new tactics and law enforcement cracks down on suspects. The Center for Democracy and Technology last week issued a report that points the finger not just at adware distributors, but also at nearly a dozen of their clients, including Club Med Americas, NetZero, and ProFlowers. "These advertisers see the benefits of advertising with these companies that engage in unfair and deceptive practices, but they haven't seen the downside," says Ari Schwartz, deputy director of the nonprofit public policy group.

StopBadware.org, a new watchdog group, last week added four popular programs to its "badware" list: file-sharing program Kazaa, spyware removal software SpyAxe, download manager MediaPipe, and Screensaver.com's Waterfalls 3 screensaver. And the Los Angeles City Attorney's office revealed that it filed the first criminal spyware case in California, charging three people with running companies that distributed spyware in the guise of legitimate software tools.

IT departments have been fighting spyware and adware--they're different, but both troublesome--for several years, and there's something to show for their efforts: Fewer machines are getting infected. While spyware infected 81% of consumer PCs last year, that's down from 91% in 2004, according to anti-spyware vendor Webroot, which scanned more than 2 million PCs to arrive at those findings.

That's progress, but there were setbacks, too. The average spyware count on each machine climbed in 2005, to 25 instances, and the programs are increasingly malicious, with more Trojan horses than before.

It's not just a consumer problem. Spyware was reported by 80% of respondents last year in an FBI survey of 2,066 companies.

Spyware also is growing in seriousness and complexity, as miscreants use the embedded code to pilfer funds and steal data that can be sold. Adware tends to be less sinister, but it's problematic in other ways, slowing PCs and clogging networks with the traffic it generates. "I know there's a major difference functionally," says Scott Larsen, IS manager at the online group travel agency Groople. "Obviously, the repercussions of spyware versus adware are different. But they're one and the same in one respect: I don't want them on my box."

A year ago, the IT team at Groople found spyware on at least one of its PCs every day or two and spent part of most days digging it out. The company installed anti-spyware software from Trend Micro and Microsoft at its Internet gateway and on PCs and laptops, at a cost of about $10,000. Spyware infestations have dropped to one every two weeks, and staffers now spend only an hour every few weeks getting rid of it.

An average company spends more than $1.5 million a year getting rid of the junk, according to a study of more than 600 IT managers conducted last summer by research firm NewDiligence for security software vendor FaceTime Communications. Worldwide business spending on anti-spyware software will jump from $214 million this year to nearly $1.4 billion by 2010, predicts research firm Radicati Group.

Criminal Intent
Spyware purveyors are part of a shadowy underworld. Israeli authorities this month indicted a couple for creating Trojan horse software and selling it to private detective agencies to spy on the business rivals of their clients. Victims included an automobile importer, public relations firm, and television company, according to published reports.

Israeli officials allege Michael Haefrati crafted the malware--a variant of a keystroke-logging program called Hotword, according to Dave Cole, director of Symantec Security Response--and provided technical support while his wife Ruth marketed it to private investigators and at times inserted the virus into victims' computers herself. The indictment suggests that the couple, whose company, Target-Eva, was registered to operate in Israel, the United Kingdom, and the United States, tried to market the software to legitimate security agencies as early as 2000 but began selling it illicitly after private investigators two years ago solicited them to modify Hotword.

There's also the example set by spyware purveyor Carlos Enrique Perez-Melara, who was indicted last summer for distributing a program called Loverspy. Here's how it worked, according to the indictment: For $89, a buyer could get Loverspy through a Texas Web site, which directed people to servers in Perez-Melara's San Diego apartment. On the site, people selected an innocuous-looking electronic greeting card featuring puppies, kittens, or flowers that contained the malware. Purchasers could send the E-card to as many as five E-mail addresses. When the targets opened the E-card, Loverspy would be secretly installed on their PCs.

According to the Justice Department, all activities on the PCs--E-mail, Web site visits, passwords entered--were captured and forwarded on to the purchasers, either directly or through Perez-Melara's servers. Loverspy gave purchasers the ability to remotely control the victims' PCs, including accessing, changing, and deleting files, even turning on Webcams connected to them. The government contends that more than 1,000 people bought Loverspy and installed it on 2,000 computers. A person who received spam touting the product tipped off authorities. The indictment also charged four purchasers of Loverspy with computer hacking. No trial date has been set for Perez-Melara, who's on the lam in El Salvador.

Spyware can even be a threat to personal safety, as stalkers use keystroke loggers, says Schwartz of the Center for Democracy and Technology, which led the formation of the Anti-Spyware Coalition, a group that includes America Online, Microsoft, and Symantec. He cites a recent case in Michigan where a batterer secretly installed keystroke-logging software on his estranged wife's computer and tracked her and their kids by reading her E-mail and viewing her online activities. "He followed them from battered women's shelter to battered women's shelter," Schwartz says. "That's kind of the worst-case scenario."

Much of the spyware aimed at stealing individual identities, money, and corporate trade secrets involves organized criminal groups, says Chris Painter, deputy chief of the Department of Justice's computer crime and intellectual property section. "If there's a way to make money, they're going to try to find it," he says.

These criminal groups may be patterned after the Shadowcrew Organization, a one-stop online marketplace for identity theft busted by the government a year and a half ago, Painter says. Shadowcrew operated in the United States and eight other countries. Members of the gang found each other through chat rooms and Web sites that attract criminals. "We see a lot of cooperation among groups," he says. "Once money is involved, it's a good reason for people to team up."

The culprits offer specialized skills: writing malicious code, placing spyware on PCs, creating false IDs and ATM cards from stolen information, and selling stolen identities. Spyware is an international problem, and much of the malware placed on people's PCs originates from countries, including those in Eastern Europe, where educated but underemployed people can be drawn to virtual crime. That makes it tougher to stop. The feds busted people in Shadowcrew by infiltrating the gang with undercover agents.

What these groups and individuals do is clearly criminal, and they have no defenders. But there's another class of software trying to claw its way to respectability.

Nobody's Friend
Adware, spyware's close cousin, is loaded onto PCs to track user Internet behavior in order to deliver pop-up ads to market specific products or services. People often load adware onto PCs along with free content such as toolbars, games, and wallpaper. Like spyware, adware can be delivered clandestinely when users visit an unscrupulous Web site that exploits a browser vulnerability to make the transfer.

It's possible, albeit inexcusable, that advertisers might be unaware that spyware is delivering their messages. Anti-spyware gadfly Ben Edelman analyzed HTML coding to trace a pop-up ad from music retailer Columbia House to spyware transmitter ICanNews. Columbia House had retained aQuantive to place its ads on the Web, which subcontracted ad placement to Yfdmedia, which contracted Azoogle, which signed up MyGeek, which engaged ICanNews. "The net effect is that the user was shown this pop-up ad when the user never consented to receive this kind of advertising," Edelman says.

The largest adware companies say they give users' sufficient notice about adware and its properties, and they shun the spyware label. But critics, including corporate users, don't see the difference. "As much as these companies want to call it adware, spyware sure feels like the right name, because it's really surreptitious," says Jonathan Johnson, senior VP of corporate and legal affairs at Overstock.com, an online retailer that itself once used adware but now is suing a competitor that used it to deliver ads to people looking at the Overstock site (see story, "Are Pop-Ups Unfair Competition?").

Adware has well-heeled backers. Claria raised more than $58 million from U.S. Venture Partners and Greylock Partners, 180solutions received $40 million from Spectrum Equity, and WhenU.com obtained back- ing of $35 million from ABS Capital Partners and Trident Capital.

Adware pioneer Claria last week disclosed plans to leave the adware market by June. Claria, founded in the late 1990s as Gator, has retained Deutsche Bank Securities to sell its adware assets and is in discussions with a number of interested buyers. Alex Eckelberry, CEO of anti-spyware software maker Sunbelt Software, says he wouldn't be surprised if two other major adware companies--180solutions and WhenU--bid on Claria's adware business. Eckelberry suggests that venture capital firms that funded Claria see the adverse publicity surrounding adware as diminishing the company's value.


But Claria may not be getting out of the business of placing software on PCs. It's focusing on a new service it will introduce next month called PersonalWeb, which automatically generates personalized Web pages that provide users with information they want, such as sports scores or community news.

Is Reform Possible?
Adware's critics are relentless. The Center for Democracy and Technology in January asked the Federal Trade Commission to take action against adware company 180solutions for repeated and deliberate attempts to dupe Internet users into downloading intrusive software. Last month, adware critic Edelman posted information on his Web site showing that new software 180solutions developed to prevent unauthorized downloads didn't work and that unethical business partners could get around it to plant adware on PCs.

180solutions' executive VP of business development, York Baur, says the company has changed the way it conducts business. "The only valid criticism is that we were perhaps naive about the world of Web publishing earlier on in our history, and it has taken us through 2005 to truly take control of that ownership of [our] network and get practices that we think are poor cleaned up," Baur says.

180solutions, like other adware companies, offers users bundles of free products from thousands of content providers in exchange for placement of software on their computers to deliver targeted ads based on the Web sites they visit. 180solutions' premier product is Zango, which offers a variety of games as well as tools to access simultaneously AOL, Yahoo, and MSN instant messages; burn CDs and DVDs; and get desktop TV listings, astrology readings, and weather forecasts. In addition, scores of scripts and software are available. Soon the company will offer video programming, too.

180solutions' problem was that it paid others to distribute that software and didn't make sure its distributors had people's permission. The company has more than 5,000 affiliates--it calls them Web publishers--that are paid to place adware on computers and are responsible for 90% of its adware downloads. Until a year ago, 180solutions used distributors to sign up affiliates. Last year, it severed relations with six of its distributors, acquired a seventh, and started using an automated system to manage affiliate relations. The company now deals directly with its affiliates and vets each one by requiring banking and payment histories and checking each Web site to see if it meets 180solutions' standards, Baur says.

he company makes money from advertisers, mostly direct marketers that pay to have pop-up ads appear on users' computers, often when the adware software detects the consumer perusing a competitor's E-commerce site or seeking services and products similar to those offered by the advertiser. Based on the contract, 180solutions is paid per view or, when a purchase is made through the ad link, per acquisition.

180solutions says its user base numbers more than 20 million, and its revenue last year topped $50 million. The company says it spent $2.5 million on software--known as S3 for Safe and Secure Search--that's supposed to keep affiliates from surreptitiously installing 180solutions software on users' PCs, but it's not perfect. Co-founder Ken Smith, writing in a blog, blamed the recent failure of the software to prevent unauthorized downloads on his company's detection and reporting mechanisms, not the S3 technology.

Skeptics aren't buying it, and they're trying to pressure advertisers not to use 180solutions. "We want to give fair notice to companies thinking about advertising with 180solutions that they keep this in mind," says Schwartz of the Center for Democracy and Technology. Azoogle, one of the largest third-party online ad networks, heeded that advice and terminated its relationship with 180solutions this month.

Adware makers need to rein in out-of-control affiliates. In January, according to the Justice Department, Jeanson James Ancheta confessed to using servers he controlled to transmit malicious code over the Web to scan for and exploit vulnerable computers, redirecting thousands of PCs to an Internet Relay Chat channel that he controlled. Ancheta generated $60,000 in advertising affiliate earnings by directing more than 400,000 infected computers to servers he controlled where adware he had modified was surreptitiously downloaded. Ancheta also admitted to commandeering computers to create botnets--or robot networks--to launch denial-of-service attacks and transmit spam. He also earned about $3,000 from selling access to his botnets.

Serious Business
Among Ancheta's victims were the Weapons Division of the U.S. Naval Air Warfare Center in China Lake, Calif., and the Defense Information Systems Agency, the combat support unit responsible for IT and communications. The 20-year-old agreed to pay $15,000 to the two Defense Department units as restitution and forfeit all proceeds from his illegal activity, including $60,000 in cash, his computer equipment, and a BMW. He faces up to 25 years in prison; a federal judge will decide sentencing on May 1.

Adware provider WhenU.com doesn't use affiliates, but it, too, has had to change some practices. When CEO Bill Day, one-time head of the search site About .com, joined WhenU as CEO in 2004, one of his first actions was to stop marketing its software through banner ads on Web sites, for which WhenU paid the site operator a fee per download. Customers of WhenU's newer pop-up ads include ABC, which last fall used WhenU to promote two new shows, Invasion and Commander In Chief.

It's possible that adware could shake off its troubled youth and become a legit form of advertising--even if, like telemarketing, it's never exactly loved. Day notes that advertisers pay WhenU only when users click on ads, a model similar to that used by paid-search companies like Google and Yahoo. Users get only about an ad an hour, maybe less, says Day, who claims 10 million to 15 million users and growing revenue.

If adware cleans up its act, it might eventually get the likes of the Center for Democracy and Technology off its back, and it could become a viable way for people to get content free. But that won't necessarily help business IT people, who still will have one more potentially risky and bandwidth-eating software program to keep off their networks.

Defining The Problem
It's not just adware companies feeling the backlash. The Australian media has had a field day reporting that skier Dale Begg-Smith, who won a gold medal in the 2006 Winter Olympics in the men's mogul event, was once a spyware master. The Australian reports say Begg-Smith's defunct Adscpm.com Web site spawned 20 million pop-ups a day, though Begg-Smith's associates are quoted as insisting the 21-year-old skier was involved in legitimate businesses.

Sony BMG Music Entertainment last year got nabbed selling music CDs that contained a rootkit--software that can be used by hackers to hide malicious code from antivirus and anti-spyware defenses--within the copy-protection scheme used to prevent music CDs from being copied to computers. To prevent software for digital rights management from easily being thwarted, Sony BMG used a rootkit to hide the copy-protection files from customers and make them difficult to remove. Bloggers, researchers, and law enforcement cried foul, and Sony BMG eventually recalled the CDs and alerted users about how to remove the DRM software.

It's enough to cause concern among PC users. Princeton University computer science and public affairs professor Edward Felten is a typical--and anxious--one. He knows there are tools on the Web that could help with his new hobby of music editing. But because of the threat of malicious software, "I'm less prone to try new software," Felten laments. "I'm more careful of what Web sites I go to. I spend time trying to protect myself."

That's important, but unfortunate. Spyware, Felten says, causes him "to shy away from small companies, shy away from using software from sites I don't know." That hesitation could mean a lost opportunity--adding to the price we pay for spyware.


LG Card Selects Blue Coat to Strengthen Web Security While Increasing Performance

Learn to Remove Spyware With Free and Available Programs! Click me

SEOUL, South Korea, March 27 /PRNewswire-FirstCall/ -- Blue Coat(R) Systems , the leader in secure content and application delivery, today announced that LG Card, the leading credit card company in South Korea, has deployed Blue Coat's SG-Series and AV-Series appliances to protect its corporate network and customer database from spyware, viruses and other security threats and to ensure the privacy and integrity of its data.

LG Card offers installment financing, consumer loans and leasing as well as credit card services to more then 9.8 million cardholders in South Korea. Since protection of its customer database is vital to its operations and reputation, LG Card endeavors to utilize the highest levels of security infrastructure and practices. In the past, its network had experienced several security threats, including spyware and other virus attacks that caused a slow down in overall operations.
"Traditionally, the true cost of security has always been performance, but with Blue Coat we get the highest levels of security along with significant acceleration of content and applications," said IC Jeong, manager of the network operation team for LG Card. "Without impacting transaction performance, we can block spyware and other malware before it has a chance to penetrate the corporate network or individual client and server. We can also protect our customer database with the highest level of security."
"LG Card is a trusted name and company in Korea, and we are happy to provide both the protection and acceleration they needed to maintain the confidence and excellence of operations," said An Seung-Ryong, Country Manager of Blue Coat Korea. "Only a proxy infrastructure has the power to simultaneously control, protect and accelerate Web communications and applications."
About Blue Coat Systems
Blue Coat secures Web communications and accelerates business applications across the distributed enterprise. Blue Coat's family of appliances and client-based solutions -- deployed in branch offices, Internet gateways, end points, and data centers -- provide intelligent points of policy-based control enabling IT organizations to optimize security and accelerate performance for all users and applications. Blue Coat has installed more than 25,000 appliances worldwide and is ranked #1 by IDC in the Secure Content and Application Delivery market. Blue Coat is headquartered in Sunnyvale, California, and can be reached at 408-220-2200 or http://www.bluecoat.com/.
FORWARD LOOKING STATEMENTS: The statements contained in this press release that are not purely historical are forward-looking statements, including statements regarding Blue Coat Systems' expectations, beliefs, intentions or strategies regarding the future, and including statements regarding the capabilities and expected performance of Blue Coat Systems' products. All forward-looking statements included in this press release are based upon information available to Blue Coat Systems as of the date hereof, and Blue Coat Systems assumes no obligation to update any such forward-looking statements. Forward-looking statements involve risks and uncertainties, which could cause actual results to differ materially from those projected. These and other risks relating to Blue Coat Systems' business are set forth in Blue Coat Systems' most recently filed Form 10-Q for the quarter ended January 31, 2006 and Form 10-K for the year ended April 30, 2005, and other reports filed from time to time with the Securities and Exchange Commission.
NOTE: All trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
Blue Coat Systems

CONTACT: investors, Carla Chun, +1-408-220-2318, orCarla.chun@bluecoat.com, or media, Steve Schick, +1-220-2076, orsteve.schick@bluecoat.com, both of Blue Coat Systems; or media, Kevin Kosh ofCHEN PR, +1-781-672-3111, or kkosh@chenpr.com, for Blue Coat Systems

Web site: http://www.bluecoat.com/

Columnist arms computer users for war with hackers, spyware and more

Learn to Remove Spyware With Free and Available Programs! Click me

By Bill Husted, bhusted@ajc.com
March 27, 2006

I'd be forced to find a real job were it not for hackers, viruses, spam and spyware. Without all that stuff, using a computer would be easy. All you'd need to know would be the location of the on/off button.

The computer is pretty much used as an appliance these days, but it's different from most. You won't find magazines and columns devoted to advice on using your microwave oven, for instance. Nor do you need them. We haven't reached that level with the computer, however. Instead, you fight a bitter daily war to keep data safe. And the computer criminals on the other side are pretty darned good at what they do.


<A TARGET="_blank" HREF="http://adsremote.scripps.com/event.ng/Type=click&FlightID=2031144&AdID=2038166&TargetID=2004402&Segments=351,427,2300,2426,2488,2501,2542,2545,2888,2000340,2000843,2000856,2000962,2001044,2001081,2001256,2001761,2001784,2001916,2002090,2002623,2003087,2003137,2003524,2003526,2003720,2003919,2004128,2004213,2004238,2004265,2004491,2005817,2006162,2006188,2008092,2008093,2008094,2008711,2008734,2008740,2008787,2009205,2009270,2009431,2009453,2009556,2009728,2009729,2010386,2010510,2010753,2010754,2010755,2010756,2010869,2010967,2011117,2011263,2011596,2012309,2012449,2012909,2013460,2013769,2013970,2014004,2014005,2014164,2014210,2014234,2014454&Targets=2001053,2003385,2004402,2005014,2017935&Values=30,50,60,72,81,90,100,110,150,314,386,531,593,621,672,674,745,764,847,848,1169,2000134,2000705,2000707,2001542,2002057,2002824,2003032,2003807,2003823,2004194,2004296,2004338,2004371,2004415,2004420,2004425,2004426,2004427,2004428,2004429,2004460,2004462,2004463,2004479,2004639,2004778,2005009,2005247,2005434,2005559,2005724,2005930,2006027,2006201,2006221,2006303,2006337,2006338,2006407,2006724,2008580,2008589,2008618,2008636&RawValues=&Redirect="> <IMG SRC="http://images.scripps.com/1x1.jpg" WIDTH=120 HEIGHT=600 BORDER=0></A>
Today we'll talk about the basics of computer security. I'll tell you how to enlist in Husted's Army of Computer Righteousness to give you more firepower in that war with the bad guys. I'll be your supply sergeant. I can equip you with weapons that will help you survive the coming battles. When you enlist in the Army, you are not expected to pay for your rifle and helmet. So your weapons are free, too.

Let's start with the firewall. The firewall blocks attempts to invade your computer. While there are both hardware and software firewalls, most home users are candidates for firewalls of the software variety. Every computer needs a firewall. Windows XP includes a built-in firewall — it's not a great one, but it is much better than no firewall at all.

A better free firewall can be downloaded at http://www.zonelabs.com. The company also sells firewall programs, so look for the link on the main page called "Free ZoneAlarm and Trials." Click on that and look for the heading "ZoneAlarm Free Download for business use only." I can't give you a free router. But if you have a home computer network, you probably use one. Routers furnish additional protection against intrusion. That's because, quite literally, your computers hide behind the router while online. But even computers hiding behind a router still need a software firewall.

I wish I could say we're done. But we've just gotten started. Anti-virus protection also is essential. A computer virus is just another computer program. But unlike your favorite game or word processing program, it is software designed to do harm.

When I started writing about computer viruses, most were created with destruction in mind. Some would erase the hard disk, others would put annoying messages on the screen. There's been a big change in viruses over the past couple of years. Nowadays, they try hard not to be noticed. Many are created by skilled professionals instead of hackers and are designed to take control of your computer. Once that happens, your computer is enlisted in an army of zombie machines.

Often these captive computers are used to send out spam. That way the real spammers are less likely to be located. Besides putting you at risk of being a secret spammer, these viruses will slow your computer. A good anti-virus program is needed here. And it should be regularly updated, otherwise it won't be able to find newly created viruses. Luckily the equipment I'll issue you here fits the bill.

The free anti-virus program I recommend comes from Grisoft and can be found at http://free.grisoft.com. Besides being free, it will automatically update itself. Even if Grisoft charged for this program, I would still recommend it.

I know you are staggering under the weight of supplies, but there's still more. We need to do something about spyware and adware.

The worst of this stuff literally spies on you. The best of it — and that's not saying much — tracks Web sites you visit so marketers can send you targeted spam. For instance, if you hang out on tennis sites, you can expect to get spam offers for tennis balls. God knows what you can expect if you hang out on seamier Web sites.

Even the relatively harmless variety of adware slows your computer down — way down. I've seen computers with more than 200 adware and spyware programs hidden away. Computer repairmen tell me that the leading cause of slow computers is adware.

For a long time I've recommended two programs: SpyBot Search & Destroy and Ad-aware. You can find free versions of both at http://www.download.com. I still think both work fine, but I've added still another free program to my list. It's a free Microsoft product called Windows Defender. At the moment, there's a link to Windows Defender on the main http://www.microsoft.com page. But things change fast on the Web. So if you can't find Defender on the main page, use the search box at the top of the Microsoft page. OK, you're in the army now. Unfortunately, given the state of computer security, your term of enlistment is for life.

— Bill Husted writes for the Atlanta Journal-Constitution.E-mail: bhusted@ajc.com.

Spyware kits sold for fifteen dollars available on the web, Sophos reports

Learn to Remove Spyware With Free and Available Programs! Click me

Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have discovered a Russian website that sells spyware kits, called WebAttacker, for fifteen US dollars (about ten UK pounds). The website, which refers to its creators as spyware and adware developers, markets the strengths of its kits, makes the kits available for online purchase and offers technical support to its buyers.

Included in the kits are scripts designed to simplify the task of infecting computers - the buyer spams out a message to email addresses, inviting recipients to visit a compromised website. Samples found in Sophos's global network of monitoring stations used newsworthy topics to lure unwary users. One presented itself as a warning of the deadly H5N1 bird flu virus, providing links to a bogus website, which purported to contain advice on how to protect "you and your family". The other claims that Slobodan Milosevic was murdered and invites users to visit the site for more information. These websites then attempt to download the malicious code remotely onto the user's PC by taking advantage of known web browser and operating system vulnerabilities.

"This type of behaviour is inviting the return of what we call script-kiddies," said Carole Theriault, senior security consultant at Sophos. "By simplifying the task of the potential hacker and making it available so cheaply, sites like this one will attract opportunists who aren't necessarily very skilled and turn them into cyber-criminals."

JavaScript code on the infected websites detects the visiting computer's browser version and operating system, including any installed patches, and launches the most appropriate exploit. The exploit downloads a program that attempts to turn off the firewall and install malware, generally a password stealer, keylogger or a banking Trojan. Sophos protection, Troj/Dloadr-ADU, has been available since 13 March, 2006.

"The underground cyber economy is, in some ways, very similar to the one most of us operate by - everyone wants a piece of the action," continued Theriault. "The more common cyber attacks become, the more of these types of sites offering kits, databases of email addresses, and bespoke Trojans and spyware we will see. So as long as the money continues to flow, there will be interested parties."

Kazaa crowned 'king of spyware'

Learn to Remove Spyware With Free and Available Programs! Click me

P2P giant Kazaa has been told to stop insisting its software is spyware-free by independent testers who claim it interferes with computer use, modifies other applications and never completely removes all components during the uninstall process.

Sharman Networks, makers of Kazaa, ‘the world’s most downloaded software,’ believe it installs with ‘no spyware’ – because no personally identifiable data is sent by the program.

But Internet experts, consulting with researcher group Stopbadware.org, found Kazaa’s installation included several bundled programs, considered ‘spyware’ under the definition of ‘software that subverts a PC’s operation for the benefit of a third party.’

Finding Kazaa guilty on all three counts of so-called ‘Badware behaviour,’ the researchers found that one of the eight bundled applications, The Best Offers Network, “cannot be closed at all by the typical user.”

Instead, the researchers said the application must be closed by killing the process from within the Windows Task Manager - the only viable solution that the software makers fail to disclose.

Likewise the report from the online group, which was recently founded by researchers at Harvard and Oxford University, reveals no warning to users, during installation or otherwise, of three other side-effects slowing performance in Kazaa-installed PCs.

The file-sharing program automatically adds two new hyperlinks to the Windows Desktop, installs programs that modify Internet Explorer, while changing the default 404 and DNS error pages in IE.

Sharman Networks does however inform Kazaa users at pre-installation stage of two included applications, namely Anti-Virus and a host of links to websites, admitted as adware programs.

Those downloading the current version, Kazaa 3.0, who wish to reject AV BullGuard, or the adware programs, have the option of proceeding with the installation or cancelling it.

Responding to the study, Sharman Networks told the Associated Press agency that they dispute the research group’s findings.

“We disagree with it,” spokeswoman Felicity Campbell said of the report. “We really don't have sinister desires to get into people's computers and stay there.”

Out of three other applications tested, ScreenSaver.com’s ‘Waterfalls 3’ was found to bundle a Trojan-horse like program, though overall, Kazaa emerged with the highest ‘badware’ rating.

IE Exploit Strikes, Installs Spyware

Learn to Remove Spyware With Free and Available Programs! Click me

By Gregg Keizer, TechWeb News
March 24, 2006 (8:25 PM EST)
URL: http://www.techweb.com/wire/183702818

The unpatched CreateTextRange vulnerability in Internet Explorer is already being used by at least one Web site to install spyware on users' machines, a security organization said Friday.

"We just received a report that a particular site uses the vulnerability to install a spybot variant," the SANS Institute's Internet Storm Center (ISC) warned Friday in an alert. "It is a minor site with insignificant visitor numbers according to Netcraft's 'Site rank.'"

Disclosed only Wednesday, the flaw in IE 5.01, 6.0, and the January version of IE 7 Beta 2 Preview has security vendors worried because a patch isn't available from Microsoft. Thursday, as news circulated that a working exploit had been publicly posted, Microsoft said it was working on a fix.

Even before the site exploiting the CreateTextRange bug was discovered, security companies had raised alarms. The ISC bumped up its InfoCON level to "yellow" for the first time since the Windows Metafile fiasco in late December, when another "zero-day" flaw hit Windows users.

"It's a relatively trivial mod[ification] to turn [the exploit] into something more destructive," the ISC warned. "For that reason, we're raising Infocon to yellow for the next 24 hours."

Symantec raised its ThreatCon status indicator to "2" and boosted its Internet Threat Meter's warning for Web activities to "medium" because of the bug.

Although it's unclear exactly whether the Spybot-distributing site is drawing users to its poison or simply waiting for the unwary to stumble across the URL, it's likely the former, Scott Carpenter, director of security at Secure Elements, said in an e-mail to TechWeb. "The most probable vector for this worm will be in the form of spam with malicious links that will tempt users into clicking on a link that takes them to a malicious site."

In December (and after), hundreds of sites used the Windows Metafile bug to load spyware, including keyloggers and backdoor Trojans, onto unsuspecting users' PCs.

Rumors that Microsoft would release a patch before April 11, the next regularly-scheduled patch day -- such releases are dubbed "out-of-cycle" -- was quashed by a Microsoft spokesman who refused to commit the company to a date.

"Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers," he said in a verbatim repeat of Thursday's advisory. "This will either take the form of a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

So, what should users expect, say, over the weekend and early next week?

"It's hard to say at the moment, since this is just the beginning," said Alain Sergile, a technical product manager at Internet Security Systems' X-Force research. "But if SANS' report is accurate, I think we'll see additional targeted attacks where spam is sent to users at a specific organization in the hope that someone clicks on the link and downloads the malicious code so the attacker can infiltrate the network."

Because it remains an unpatched vulnerability, "everyone should consider this a zero-day kind of threat," added Sergile. "That means people will be caught flat footed."

Microsoft has recommended that users disable Active Scripting in IE until a patch is posted, but Sergile said that wasn't really a workable solution. "That will kill the capability of a large number of Web sites. The Web isn't much fun without those [scripting] capabilities." Instead, he recommended users visit only sites they know are safe.

Or turn to another browser. "The problem is in how Internet Explorer interprets the scripting call. Firefox doesn't have this problem."




3/15/2006

Spyware-for-hire couple plead guilty

Learn to Remove Spyware With Free and Available Programs! Click me

Israeli prison looms for Haephratis

Published Wednesday 15th March 2006 10:16 GMT
Get breaking Reg news straight to your desktop - click here to find out how.

An Israeli couple faces prison after confessing to the development and sale of a spyware Trojan horse that helped private investigators snoop on their clients' business competitors.

Ruth Brier-Haephrati, 28, and Michael Haephrati, 44, have entered guilty pleas to industrial espionage charges over the Trojan horse case. Ruth was charged with a litany of offences including fraud, planting computer viruses, and conspiracy. Her husband, Michael, is charged with aiding and abetting those offences, Ha'aretz reports. Ruth faces four years in jail while Michael faces two years' imprisonment. Each also faces a suspended sentence and a fine of one million New Israeli Shekels ($212K) under a plea-bargaining agreement. Tel Aviv District Court Judge Bracha Ofir-Tom will rule on whether the Haephrati's plea is acceptable on 27 March.


Investigators allege the duo developed and sold customised spyware or Trojan horse packages designed to evade detection by security tools to three private investigation companies in Israel - Modi'in Ezrahi, Zvi Krochmal, and Philosof-Balali. This spyware code was allegedly installed on victims' PCs by private detectives from a diskette or via email, as part of a spying scam that ran for up to two years. The malware sent stolen documents to an FTP site, allowing unscrupulous firms to swipe confidential documents from rivals. Each software installation allegedly netted the Haephratis 2,000 New Israeli Shekels ($425), The Jerusalem Post reports. According to court documents, Michael Haephrati developed the spyware Trojan horse, while his wife, Ruth, marketed it via a firm called Target-Eya.

Firms suspected of using the malware include Mayer Motors (an importer of Volvo and Honda cars) against Champion Motors (an Audi and Volkswagen dealership). Satellite television company Yes is accused of spying on rival cable TV outfit HOT. Another alleged victim is a PR agency, whose clients include Israel's second biggest mobile phone operator, Partner Communication. The Haephratis are among 22 people arrested in Israel and the UK in connection with the case last year. ®

Take the spyware quiz

Learn to Remove Spyware With Free and Available Programs! Click me

Posted by Suzi Turner @ 8:29 pm

How good are you are recognizing unsafe websites — sites that have unsafe downloads or sites download spyware and use exploits, sites that collect email addresses to spam? SiteAdvisor has a quiz to check your site-sniffing abilities. They say:

[…] it's hard to judge a book by its cover. We'd argue that it's even harder to judge the safety of a Web site by its looks. Think you can sniff out which sites are adware & spyware free? Take our spyware quiz and see.

SiteAdvisor is a browser plug-in that helps you decide if web sites are safe or unsafe. For details on how it works click here. You might have already heard about SiteAdvisor by now. It unofficially debuted in December. Ben Edelman, who is on the board of advisors, has an article here about SiteAdvisor and why it's different from other programs like TRUSTe's Web Privacy Seal, different from Verisign's certification program and TrustWatch's toolbar.

I wholeheartedly endorse SiteAdvisor now — I think it's an excellent program. I'll admit to being a bit reluctant at first because I checked some sites that I know to be sources of malware, and those sites were given a green rating. At that time, SiteAdvisor did not have the ability to detect web pages with exploits; however, that functionality has since been added. You can download the SiteAdvisor toolbar for Internet Explorer or for Firefox and plug-ins for other browsers are in the works.

I took the quiz. My score was just over 50% and I think I'm pretty good at picking out the baddies. Go take the quiz; you can post your score in the talkbacks.

`Spyware' firm agrees to limits on software

Learn to Remove Spyware With Free and Available Programs! Click me

Published March 14, 2006

CHICAGO -- A Lemont man's class-action suit against a New York "spyware" company was settled Monday when the firm agreed to stringent restrictions on how it does business.

DirectRevenue, which distributed adult Web site "pop-up" ads over the Internet, admitted no fault and will pay no damages in its settlement with Stephen Sotelo and others, ending a federal lawsuit in Chicago.

But the company did agree to change its business practices, said Sotelo's lawyer, Shawn Collins.

Among other changes, DirectRevenue will not install its software on computers without clear consent or collect personal information. It will also help consumers remove its software from their computers and will not distribute the software on Web sites targeting children.

If the company violates the agreement, it can be found in contempt of court, Collins said.

CA Security Solutions Earn Checkmark Certification for Detecting Spyware, Viruses and Trojans

Learn to Remove Spyware With Free and Available Programs! Click me

ISLANDIA, N.Y., March 13 /PRNewswire-FirstCall/ -- CA today announced that its anti-spyware and antivirus solutions for the enterprise and consumer markets have been awarded Checkmark certifications by West Coast Labs, a leading independent testing organization for information security products.

The Checkmark System is a quality testing and certification service with established, independent standards on product effectiveness. It is a global service, which benefits both technology developers and information security buyers and decision makers.

"Checkmark Certification once again confirms that CA's threat management solutions deliver superb protection from the growing spectrum of spyware and related security threats faced by today's enterprise," said Sam Curry, vice president of security management at CA. "CA customers around the world benefit every day from this protection -- as well as the ease our solutions bring to the task of administering security across increasingly large and complex IT environments."

eTrust PestPatrol Anti-Spyware Corporate and Consumer editions, along with the newly released CA Integrated Threat Management were awarded the Anti- Spyware, Anti-Virus and Trojan Checkmark certifications, for detecting a variety of backdoors, downloaders, exploits, proxies, RATs, password stealers, crackers, hijackers, Trojans, keyloggers, viruses and other assorted malware.

eTrust Antivirus, eTrust EZ Antivirus and CA Integrated Threat Management were awarded Anti-Virus Level 1 Certification for detecting all viruses "in the wild." eTrust Antivirus and CA Integrated Threat Management also received Anti-Virus Level 2 Certification for disinfecting all viruses "in the wild" and were "Trojan Certified" for detecting all Trojans in the relevant test suites.

"Checkmark standards are continuously being developed to ensure they are an accurate reflection of real-world situations and changing technology advances," said Chris Thomas, Operations Director for West Coast Labs. "Checkmark Certification is an acknowledgement that CA solutions have satisfied all the criteria outlined in the test suites for protection against malware."

For more information, please visit http://ca.com/security/wclabs_checkmark.

ANTI-SPYWARE ADDED TO MICROSOFTS ONE-CARE BETA

Learn to Remove Spyware With Free and Available Programs! Click me

Microsoft on Thursday updated the preview version of its OneCare security software with anti-spyware technology, a slight name change and bug fixes.
OneCare marks Microsoft's long-anticipated entry into the consumer antivirus market. The product combines antivirus, anti-spyware and firewall software with backup features and several tune-up tools for Windows PCs. It will be sold online and in stores, starting in June, Microsoft has said.

As OneCare hits the homestretch, Microsoft is putting the final touches on the product. The "beta refresh" released Thursday adds anti-spyware functionality to the software, the one main feature that wasn't yet part of the beta product. The anti-spyware features come from Windows Defender, Microsoft's anti-spyware application that's also in beta.

The integration of anti-spyware in OneCare isn't completely done--the usability and ease of management could be better, Yoav Schwartz, OneCare's lead program manager, wrote on a Microsoft corporate blog Thursday. "As Windows Defender comes out of beta, you'll see the level of integration improve," he wrote.

Aside from the addition of spyware detection, Microsoft also made a host of smaller changes to improve the stability and speed of the security product, Schwartz wrote. Furthermore, the name of the product was changed from Windows OneCare Live to Windows Live OneCare, to better fit with Microsoft's other Live branded services.

Users might also notice that the refreshed beta no longer has a beta tag in the user interface. This doesn't mean, however, that the product is now out of the testing stages, Schwartz wrote. "Dropping the beta tag simply means we're getting closer to final availability," he wrote.

Microsoft announced its plans for OneCare in May 2005. Invited testers have been trying it out since last July, and a public beta was released late last year. About 170,000 people are testing OneCare. The final version is due in June and will cost $49.95 a year for use on up to three PCs. As a thank-you, testers can get a discounted rate of $19.95 per year for the product if they sign up in April, Microsoft has said.

Two charged with creating Trojan spyware

Learn to Remove Spyware With Free and Available Programs! Click me

Two London computer consultants who were extradited to Israel last month have been charged by Tel Aviv authorities for creating and distributing Trojan spy software.

A 65-page indictment, filed by the Tel Aviv District Attorney’s Office on Sunday, accuses Ruth and Michael Haephrati of creating the Trojan software, and selling it to Israeli private detective agencies who used it to spy on competitors of their clients, including a TV company, a PR agency and a car importer.

Ruth Haephrati has been charged with aggravated fraud, inserting material and viruses into a computer, unlawful wire tapping, invasion of privacy and unlicensed database management. Michael Haephrati is charged with assisting his wife in these crimes.

The couple, who ran London-registered computer consultancy Target-Eya, were arrested in May last year following an international investigation by police, including the Tel Aviv fraud squad, Interpol and the UK’s National Hi-Tech Crime Unit.

The arrests are part of Operation Horse Race, an international investigation looking at how Trojan software and other hacking tools are used for espionage.



Hole in Anti-Spyware Plan

Learn to Remove Spyware With Free and Available Programs! Click me

By Jimmy Daniels
Contributing Writer, RealTechNews

A hole in proposed legislation aimed at stopping spyware, could actually give them an advantage instead, showing how hard it is to contain and stop the growing problems created by spyware, their distributors, and the makers of spyware and adware, such as 180solutions.

The issue of spyware and adware is a big concern with consumers and the businesses trying to reach them. A study by America Online and the National Cyber Security Alliance found that 60 percent of home computers have some kind of spyware on them. The Pew Internet & American Life survey last year found that nine out of 10 Internet users have changed their online behavior out of fear of spyware.

“People are becoming less trusting of the Internet because of spyware,” says Ari Schwartz, deputy director of the Center for Democracy and Technology in Washington, D.C. “We are finding that it is affecting business.”

Bills in both houses of Congress would allow mass marketers to sue anti-spyware companies for stopping their spyware — the very point of the legislation.

The House bill gives anti-spyware makers a safe harbor from lawsuits by mass marketers in federal court, but it wouldn’t prevent lawsuits in state courts. The Senate bill has no safe harbor, or Good Samaritan clause, at all.Source: MSN.

We Say: Of course it is affecting business, if you get a machine with more than one piece of adware or spyware on it, then you will be getting multiple popups and redirects as these companies try to take credit for getting you to the point of sale, something that has been proven time and time again they do not do. These programs pilfer money by claiming credit for sales that merchants would have received anyway, for the most part. The only time they could probably claim credit is in a case where the user lands on a website like Orbitz and is delivered a popup for a competing company, say Travelocity, which would be the same as people from Kmart standing in the doorway to Wal-Mart asking you what you are looking for and handing you a flier about the item. This whole “business” is causing consumers “in the know” to fear the internet and what could happen to them if they whip out their credit card, and is even more dangerous for those who don’t have a clue. Whatever is decided needs to be iron clad and EVERY piece of software needs a clear and easy to read EULA, the consumer is the one who needs to be in control of their pc, not spyware companies.

New rogue anti-spyware and SpySheriff clone

Learn to Remove Spyware With Free and Available Programs! Click me

Posted by Suzi Turner @ 9:26 pm

These rogue anti-spyware programs seem to multiply like rabbits. Just 2 days ago I wrote about Spy-Shield, an anti-spware app that installs adware from BestOffersNetwork Then yesterday SunbeltBLOG featured another new rogue anti-spyware app named BraveSentry. The Sunbelt researchers found a domain running exploits and force installing not just one rogue anti-spyware app but two. Maybe pushers thought two rogues would be more convincing to frighten the user into buying one of them? The domain running the exploits is a known CoolWebSearch domain, Game4all(dot)biz (link to whois) which is hosted in Russia. SunbeltBlOG has screenshots of the hijacked desktops with BraveSentry and AlfaCleaner. The BraveSentry website is hosted at InterCage, formerly Atrivo, which I blogged about previously, and its neighbor on the same IP (69.50.166.195) is anosurfer.com, another site for SpySheriff. (Links are to whois info, not to the sites.)

And… speaking of SpySheriff, which got number 2 place on the top 10 rogue anti-spyware of 2005, another SpySheriff clone emerged today - PestWiper, which also "happens" to be hosted at InterCage.

Wouldn't you know it, there's already a complaint on an anti-spyware forum about being hijacked by BraveSentry. I wouldn't be surprised to see similar complaints about PestWiper soon. I believe the Antispyware Conspiracy that Mark Russinovich (of Sony DRM rootkit fame) wrote about here is very real.

On a side note, I received an email today from a vendor whose anti-spyware program is listed on the Rogue/Suspect Anti-Spyware page. He was, of course, complaining about his product being listed, but one of the statements in is email really got my attention:

In our opinion, the Adware is one of the best ways to advertise antispyware product because users who got Adware would need a way to clean and protect their computers.

If I understand that correctly, he is saying that it's not only ok, but good, to use adware to advertise antispyware products. Fascinating, isn't it? And that's not one of the problems noted with his app, either. Not yet, at least…

If anyone lands here from a search engine and has been hijacked by any of the above mentioned rogues, you can get help with removal at one of the anti-spyware sites listed on this page.

Some So-Called Spyware Removers Could Harm PC

Learn to Remove Spyware With Free and Available Programs! Click me

Experts Say Not To Trust Pop-Ups For Anti-Spyware Programs

POSTED: 4:26 pm EST March 9, 2006

Spyware is one of the biggest threats to computers these days, but to make things worse, some spyware removers simply make more problems, reported NewsChannel5's John Matarese.Computer tech Otto Roth runs a shop called Spectra PC, and says spyware is now the biggest problem affecting his customers' PCs. It can reset your homepage, delete your settings, and cause other problems. But Roth says that the latest threat is fake spyware cleaners.He says some of his customers have seen pop-ups on their computer screen and clicked on them, thinking they were removing spyware."Do not do it. You're actually going to a site where they will get information from your files if you go to their sites," said Roth.Several state attorney general offices are warning about so-called spyware removers that, they say, actually contain spyware.Instead, Roth and many PC magazines recommended using two great anti-spyware programs made by Spybot and Lavasoft USA. Both programs are free.If you want to keep spyware out of your computer, avoid any cure that shows up in a pop-up ad, because you usually can't trust it.

Spyware is worse than most PC users think

Learn to Remove Spyware With Free and Available Programs! Click me

IT IS worrying that many computer users still seem to be ignorant of spyware, said a security solutions vendor.

Andrew J. Lee, chief technology officer of security solutions company Eset Software, said many users are just too trusting when they are at their PCs.

“They are downloading spyware without knowing it because they are duped by the claims of online ads,” he said.

He said the problem has been going on for the past three years but the danger of spyware is still being ignored by PC users because they think it is not much of a threat.

Besides installing antivirus software, computer users should also be knowledgable about other kinds of security threats, said Lee. “Don’t just download free mouse cursors or smilies because nothing is completely free,” he added. Eset manufactures the Nod32 antivirus software.

Lee said the perpetrators of spyware are driven by financial gain. “Also, it’s more rampant now because there is a serious amount of money to be made,” he said.

Spyware is encouraged by pay- per-click advertising industry and the smaller advertisers are the main culprits, he said.

“They are paid to deliver ads and they make more money when they deliver more ads,” he said, adding that infected systems are used to boost ad deliveries.

Lee claimed that one innocent- looking online advertisement could contain up to four pieces of malware and/or spyware.

He said no antivirus software could completely protect computer users against all threats. “But a proactive system can help detect the presence of malware and spyware, and react to these threats before the problem worsens,” he added.

Windows upgrading spyware

Learn to Remove Spyware With Free and Available Programs! Click me

DOUG STANLEY
PLUGGED IN
Thursday, March 9, 2006

Microsoft recently upgraded its prerelease anti-spyware application and renamed it Windows Defender.

Formerly dubbed Microsoft AntiSpyware Beta, the tool sports a redesigned user interface and updated technology that Microsoft says offers improved spyware detection and removal.

If you haven't been keeping up on the latest threats to computers, spyware is software that can display pop-up ads, collect information about you or change settings on your computer without first obtaining your permission.

More than simply annoying and a privacy threat, spyware can slow computer performance to a crawl.

A creditable job

Windows Defender's predecessor, based on a product created by Giant Software before Microsoft bought that company, wasn't perfect but seemed to do a credible job of protecting against spyware over months of use.

Time will tell whether the new Windows Defender offers improved detection and removal capabilities, but users of the previous version will immediately notice the redesigned interface.

Microsoft redesigned the product with an eye toward making it simpler to use and less intrusive, but the company may have gone too far there.

The Windows Defender icon, for example, appears in the Windows system tray only when spyware is detected or when a scan or update is in progress.

No constant icon

With no constantly visible tray icon, a user is forced to trust that the software is running and protecting the system.

Available free to users of nonpirated versions of Windows 2000, Windows XP and Windows Server 2003, the utility is unfinished, or beta, software and isn't supported by Microsoft. It is expected to be part of the Windows Vista operating system to be released later this year.

Real estate roundup: Zillow.com is an impressive new tool for homeowners, home buyers or anyone interested in residential real estate.

The site contains valuations and other data on more than 60 million homes across the country. Retrieving data on nearly any home is as simple as typing in an address.

Best of all, Zillow is free to use and doesn't require that you enter any personal information. Founded by Rich Barton and Lloyd Frink, former principals at travel site Expedia.com, Zillow aims to make its money off advertisers.

No downside to tool

As long as you don't take Zillow's valuations as gospel, there's no downside to this tool. Keep in mind that even Zillow acknowledges that its valuations are more accurate in some areas than in others, depending on the data that can be obtained from county governments in different locales. And you won't find every home in America here, at least not yet.

Among the information available for many homes:

  • Historical-value changes for a selected home charted over the past year, five years or 10 years.
  • Historical-value changes for a selected home as compared to its surrounding ZIP code, city, state or the nation.
  • Comparable home sales in an area; satellite, aerial and parcel views of many homes; and individual home data such as number of bedrooms/bathrooms, square footage, lot size, stories and year built.

    Doug Stanley is a staff writer at The Tampa Tribune in Florida.
  • Rogue AntiSpyware Distributes Spyware

    Learn to Remove Spyware With Free and Available Programs! Click me

    Rogue antispyware programs sometimes are the best products out there. They're not beholding to any other companies, they probably won't get sued, etc. Occasionally one comes along through causes as many problems as it solves. This time, it seems to be Spy-Shield.

    Spyware Warrior Suzi Turned reported she saw and ad with the term Spy Sweeper(a name for a Webroot antispyware program) in Google AdWords. She clicked on the ad and it took her to the Spy-Shield site (not WebRoot's). She noted some suspicious characteristics of the site. She points out that below the "free download" button is a message:

    We provide Spy-Shield free of charge, including updates, upgrades and customer support. We are able to do this with the help of integrated ads that are displayed periodically through Spy-Shield. These ads are tasteful and non-intrusive.

    The trick apparently comes in when the user starts to install Spy-Shield. When you click on the install button, one must agree to install "BestOffersNetwork," which used to be DirectRevenue. A EULA shows up after you start to run the installer for Spy-Shield. If you tell it know, Spy-Shield won't install.

    Turner ran the Spy-Shield, after installing the adware. She checked for updates and hadn't noted any sine 12/26/2005. She then ran first the quick scan and the full scan. The quick took about 30 seconds, the regular, full version took about 30 seconds. Nothing was found though she did state the machine was clean other than the "BestOffersNetwork" stuff.

    She dumped the adware and the program still ran and it did. She then did a little research, checking out the background of the software but didn't find much. It's not the same thing as SpyShield. The domain information wasn't terribly revealing because it's registered through a proxy registrar. The IP address this site is tied to also hosts six other domains, including three porn sites.

    This should tell users to be careful when using rogue software. While it can get benefit, there are also legitimate concerns. Make sure, before you use this stuff, check out some reviews about the product.

    Hole in anti-spyware plan scares tech firms

    Learn to Remove Spyware With Free and Available Programs! Click me

    By Timothy Roberts
    SILICON VALLEY/SAN JOSE BUSINESS JOURNAL
    Updated: 7:00 p.m. ET March 5, 2006

    Federal legislation aimed at stopping computer spyware contains a loophole that could give an advantage to the people who spread spyware.

    And that dilemma has the tech industry, members of Congress and consumer groups divided on how to address what all agree is a growing problem.

    The issue of spyware and adware is a big concern with consumers and the businesses trying to reach them. A study by America Online and the National Cyber Security Alliance found that 60 percent of home computers have some kind of spyware on them. The Pew Internet & American Life survey last year found that nine out of 10 Internet users have changed their online behavior out of fear of spyware.

    "People are becoming less trusting of the Internet because of spyware," says Ari Schwartz, deputy director of the Center for Democracy and Technology in Washington, D.C. "We are finding that it is affecting business."

    Bills in both houses of Congress would allow mass marketers to sue anti-spyware companies for stopping their spyware -- the very point of the legislation.

    The House bill gives anti-spyware makers a safe harbor from lawsuits by mass marketers in federal court, but it wouldn't prevent lawsuits in state courts. The Senate bill has no safe harbor, or Good Samaritan clause, at all.

    Spyware is software that installs itself on a computer unbeknownst to the user and transmits information about the user's Internet habits. Spyware can arrive in an e-mail or it can be installed on your computer from a Web site you visit.

    Using spyware to steal information is illegal, but it's not always a matter of simple theft. Some companies use a form of spyware called adware to monitor the use of a customer's computer for marketing purposes.

    User agreements often contain clauses giving permission for a company to leave spyware on your hard drive. But those agreements are often long and contain small type and few people read them before checking the 'accept' box.

    As a result, when an anti-spyware program blocks a piece of spyware, it may be blocking a company that has some claim to be on that computer.

    The result can be complaints, cease and desist letters and lawsuits, all of which could mean big problems for spyware blockers.

    "The thing we are concerned about is self-censorship," says Joe Telafici, director of operations for McAfee Avert Labs in Beaverton, Ore. "We want to make our decisions based on the needs of our customers, not based on the fallout from listing someone" as a spyware distributor. McAfee Inc. is based in Santa Clara.

    In a meeting Feb. 24 with U.S. Rep. Mike Honda, D-San Jose, at its North American headquarters in Cupertino, Trend Micro Inc. executives asked for help in amending the federal legislation to create a safe harbor.

    "We would like to put control of this back into the hands of the consumer," Ed Brown, director of U.S. legal affairs for Trend Micro, told Mr. Honda.

    Ultimately that would mean making all agreements to accept spyware and adware a clearly labeled opt-in provision, something traditionally opposed by mass marketers and many financial institutions and even some technology companies that provide Internet marketing.

    In fact the issue has the tech community divided. TechNet, the technology trade group based in Palo Alto, has yet to take a position on the legislation.

    Mr. Honda said he would consider working to alter the bill. But he also asked how Congress could define something so changeable as spyware and adware so that it would not be out of date as soon as the bill goes into law.

    "We would have to find language that would be long-lasting but flexible for the future," Mr. Honda said. "That will be the trick."

    U.S. Sen. Barbara Boxer, D-Calif., would work with " legitimate anti-spyware companies to amend the bill as long as it contributes to protecting consumers," says David Sandretti, the senator's communications director. Ms. Boxer is a so-sponsor of spyware legislation approved by the Commerce, Science and Transportation Committee.

    Sen. Conrad Burns, R-Mont., the author of the Senate bill, would entertain a safe harbor amendment, a spokesman said.

    The Direct Marketing Association could not be reached for comment. A statement posted on its Web site says it favors "a solution that protects consumers' control over their computers while not impeding legitimate technologies."

    Symantec Corp. of Cupertino just settled a lawsuit with Internet marketer Hotbar.com Inc. In July 2004, Hotbar questioned Symantec's decision to put it on Symantec's spyware list. That listing prevented Hotbar from downloading its software on computers protected by Symantec products.

    After Hotbar threatened to sue Symantec over its refusal to take the company off the spyware list, Symantec decided to sue first, according to the lawsuit it filed in U.S. District Court in San Jose.

    In its lawsuit, the Cupertino company cited a range of spyware definitions from sources ranging from Wikipedia to Homeland Security. It asked the court to choose a definition.

    But on Feb. 24, before the court could rule, the two companies settled the case. In the agreement, Symantec agreed to label Hotbar.com as a low risk and gives computer users the choice of whether to accept its software or not.

    Symantec says that Hotbar backed down once it faced the lawsuit.

    "We are not going to change our model," says Tiffany Jones, Symantec's senior regional manager for government relations. "Consumers have a right to know what's on their computers."

    Hotbar did not respond to requests for comment.