Brochure
Best Practices

I.S. Sentry, Inc.
Information Systems Perimeter Security
Sales@ISSentry.Com

Spyware Issues in the News (Submit an Article)

FTC Loses Laptop, Maybe IDs of Spyware Spreaders (Tech Search Bets)  06/28/06
Some days the ironies pile so high you need an extension ladder to see the top-most.

The Federal Trade Commission (FTC), the government agency whose duty it is to protect consumers from hucksters and scammers -- and which regularly sues spammers, takes on privacy-violating adware spreaders, and takes identity-stealing spyware makers to court -- today admitted it had lost a pair of laptops, and thus the identities buried in the data on the machines' hard drives.

The two notebooks were stolen from a locked vehicle, said the FTC in its this-is-really-embarrassing statement. One of the portables contained identity data on 110 people; the data included names, addresses, Social Security numbers, dates of birth, and in some cases, financial account numbers.

Wait, there are more ironies to come.

The data, said the FTC, was acquired "in law enforcement investigations" and among the victims were "some of whom are defendants in current and past FTC cases." [Click here for Full Article]

Microsoft Makes Anti-Piracy Tool Less Intrusive (Small Business Pipeline)  06/27/06
Microsoft Corp., stung by criticism over the daily phone-home feature within its Windows Genuine Advantage tool, released on Tuesday an upgrade of the anti-piracy software that communicates less with the company's server.

In addition, Microsoft replaced the end user license agreement with one that the company said more clearly explains the purpose of the software and how it operates.

The Redmond, Wash., company came under fire this month following media reports that WGA communicated with Microsoft each time a PC connected to the Internet. In addition, critics complained that the company mislabeled the software as a "critical update" when it was distributed through the Windows Update feature in XP, and then gave no way to remove it. [Click here for Full Article]

Review: McAfee Total Protection Beta Takes On Windows Live OneCare (Small Business Pipeline)  06/26/06
With Microsoft grabbing recent headlines on the release of its Windows Live OneCare product, established players in the Windows security and utilities market are taking action to show that they can hold their ground. On the same day that Microsoft announced the availability of OneCare, McAfee responded by starting the beta test program for its next generation of products, code-named "Falcon."

McAfee's Total Protection provides an extensive set of features that go beyond security to offer data protection and system maintenance.

According to McAfee, it will eventually release four security suites, the first two of which are now available as downloadable betas. McAfee Total Protection is built on previous McAfee products such as VirusScan and Personal Firewall but adds new features to deal with emerging threats such as phishing. McAfee VirusScan Plus offers a subset of Total Protection's features dealing with virus, spyware, or hacker activity. I downloaded and installed the Total Protection beta to see how it holds up. [Click here for Full Article]

Utility Stamps Out Microsoft's "Phone Home" Anti-Piracy App (Tech Search Bets)  06/23/06
A French firewall testing site has posted a utility that disables the controversial Microsoft anti-piracy application that's been criticized for "phoning" home daily.

Firewall Leak Tester, which specializes in firewall stress tests, has released RemoveWGA, a program that deletes the Windows Genuine Advantage Notification Tool. The tool is one of two components that Microsoft has been aggressively promoting as a way to detect counterfeit copies of Windows ( WGA Validation Tool), then nag the user if a bogus Windows is found (Notification Tool).

Two weeks ago, Microsoft came under fire for not making it clear that WGA communicates with the company on a daily basis. Microsoft later issued a statement that denied its anti-piracy software was spyware, tried to explain why it was pushing the Notification Tool via Automatic Update, and said it would modify the software so it "phoned home" to Microsoft less frequently. [Click here for Full Article]

Claria Halts Pop-Ups, Tells Users To Uninstall Its Adware (Desktop Pipeline)  06/23/06
One-time adware giant Claria made good on its March promise this week, and announced it would stop pushing pop-ups to Internet surfer's screens. It also posted instructions for uninstalling its GAIN-labeled software, and urged users to follow through before October 1.

"Claria will stop displaying GAIN pop-up and other ads on July 1, 2006 and will stop supporting all GAIN software on October 1, 2006," the company said in a statement on its Web site.

In March, the Redwood City, Calif.-based company announced it was abandoning the adware market by the end of June.

As recently as mid-2005, Claria was pulling in almost $100 million annually from its GAIN line (formerly Gator), and drawing the ire of anti-spyware advocates, who said Claria's bottom line "makes spammers look like two-bit back alley operations." [Click here for Full Article]

Adware Makers 180solutions, Hotbar Merge (Tech Web)  06/07/06
180solutions, already a major adware distributor, on Wednesday announced that it had merged with the Israeli company Hotbar, also an adware maker, in an effort to scale up its reach to advertisers and consumers. No financial details of the deal were disclosed.

Both companies have fought security analysts and privacy critics, who have accused them of invading users' PCs without permission, spawning pop-up ads, surreptitiously changing computer settings, and making it difficult to uninstall their software. In 2005, Symantec sued Hotbar for threatening it with lawsuits if the security giant didn't remove the Hotbar software from its list of adware and spyware. (In March, Symantec reached an out-of-court settlement with Hotbar.)

180solutions, meanwhile, has been targeted by the likes of the Center for Democracy and Technology, which in January petitioned the Federal Trade Commission (FTC) to shut down the company.  [Click here for Full Article]

Yahoo IM Worm Hijacks Browsers, Plays Migraine Music (Tech Web)  05/22/06
A worm running through Yahoo's instant messaging network is installing a browser of its own -- a first for IM malware -- that leads users to adware and spyware sites, several security firms said Monday.

The worm, dubbed "Yhoo32.explr" by IM security vendor FaceTime Communications on Friday and "Browaf" by Symantec on Monday, is installed when Yahoo users click on a malicious link embedded within an instant message.

Yhoo32.explr downloads and installed the so-called "Safety Browser," which adds an IE-like icon to the desktop, and when used, takes the unsuspecting to sites where their PCs are infected with adware and spyware. The worm also changes the home page of IE to point to Safety Browser's site.

To complicate things, Safety Browser doesn't post an Uninstall option in Windows' Add or Remove Programs Control Panel applet. [Click here for Full Article]

Windows Defender Beta 2: Still Working Out The Kinks (Systems Management Pipeline)
03/06/06
The new Beta 2 version of Microsoft's free anti-spyware software adds significant new features, but it is not yet glitch-free.

Last month, Microsoft released a major upgrade of its free anti-spyware software program. Previously known as Microsoft AntiSpyware, Microsoft has renamed the utility Windows Defender. The Beta 2 version of it is available on this Microsoft page.

Whatever you call it, this is a significant upgrade. Windows Defender offers a new detection-and-removal spyware engine, an increased number of Windows monitoring points it watches for possible spyware symptoms, a heavily streamlined user interface, fewer pop-ups from its real-time protection asking for user input, and protection for all Windows user accounts. It runs on Windows 2000, Windows Server 2003, and Windows XP (Service Pack 2 required). Microsoft has committed to making this software freely available for download, as long as you're downloading to an authorized copy of Windows. [Click here for Full Document]

Anti-Spyware Strategies, Part 1: Clean Out Your System (Smallbiz Pipeline)
01/06/06
Do you suspect that your system is infected with adware, spyware, or other malware? Here's how to get rid of it.

Spyware is one of the most challenging — and frustrating — problems faced by today's computer users and administrators. Even the savviest Internet surfers have discovered their systems are riddled with unwanted software that display popup ads, modify their search engines or home pages, slow down performance or even make the system unstable.

• Introduction
• Step One: Back Up Your Data
• Step Two: Look Around
• Step Three: Choose An Anti-Spyware App
• Step Four: If All Else Fails
• Image Gallery: Clearing Restore Points

One major problem is in defining just what spyware is. Because there is no official definition of spyware, it's not unusual to see a company claiming its download is "spyware-free," even though its setup program installs additional unwanted software. Depending on the specific actions that the software takes, it could be classified as a hijacker, worm, Trojan, adware, or a viral marketing program. [Click here for Full Document]

Fake IRS E-Mail Scam Goes Phishing (Security Pipeline)  11/30/05
A new phishing attack posing as a tax refund from the Internal Revenue Service is using a configuration problem on the GovBenefits.gov Web site to fool users into thinking they're safe in offering up personal information such as Social Security and credit card numbers.

The fraud begins with an e-mail supposedly from the IRS, which claims the recipient is owed a tax refund. In the message from "taxrefunds@irs.gov," a link is embedded to a site where recipients can supposedly collect the refund.

So far, said Graham Cluley, senior technology consultant with U.K.-based security company Sophos, that's not out of the ordinary. But this phishing campaign goes a step farther.

"The link bounces you off a U.S. government site onto one owned by the criminals, who are waiting to steal your credit card and Social Security number," said Cluley. [Click here for Full Article]

FTC Study Concludes Masking, Filtering Stop Spammers (Security Pipeline)  11/29/05
Trickery and technology both play key roles in managing spam, according to a study released yesterday by the Federal Trade Commission.

The agency looked at three aspects of spamming and efforts to control it: the automated harvesting of E-mail addresses on public areas of the Internet; using E-mail address masking to reduce address harvesting; and the effectiveness of spam filtering by Internet Service Providers.

To conduct its five-week study, the FTC established 50 test E-mail accounts at each of three separate ISPs; two used spam filters and one didn't. It also posted 50 E-mail addresses on various Web sites, chat rooms, message boards, USENET groups, and blogs. [Click here for Full Article]

New Malware Redirects Google, MSN, and Yahoo Traffic (Systems Management Pipeline)  09/30/05
Security vendor Panda Software says it has detected new malicious adware, called PremiumSearch, that redirects attempts to reach Google, MSN, and Yahoo as a means to collect traffic-dependent advertising income.

"It takes you to one of these cheesy search pages," says Patrick Hinojosa, CTO of Panda Software. "Someone's [trying] to siphon traffic." The motivation, of course, is money.

PremiumSearch installs a malicious BHO (Browser Helper Object) on the victim's computer. It also installs a fake "Google" toolbar and sets the victim's browser home page to the PremiumSearch search engine, regardless of the setting displayed in the browser. Finally, it conducts what amounts to local DNS poisoning—it rewrites the HOSTS file on the victim's computer. This maps domain names that include Google.com, MSN.com, and Yahoo.com to an IP address hosting spoofed versions of those search engines. [Click here for Full Article]

Phoney Anti-Spyware Software Lures Unsuspecting Users (TechWeb)  09/13/05
A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk, a security expert said Tuesday.

Like the most dangerous and devious phishing attacks, this one is based on a Web site. Users enticed here face a fake portrayal of Microsoft's Windows Security Center.

The bogus site displays such factual information as the user's IP address, the browser being used, operating system, and country of origin. Along with that, however, the page claims that an attacker "has gained access to your computer and is collecting the information about the sites you've visited and the files contained in the folder 'My Documents.'" A pop-up also alleges that the PC has been infected with a rogue .dll -- a piece of spyware dubbed "W32.Sinnaka.a" -- that's collecting private data. [Click here for Full Article]

How to Remove Malicious Software from your Computer (Microsoft)  Added 09/15/05
Despite your best efforts, you may occasionally download a program you don't want. Here are some ways to remove it. (Note that you may not be able to remove some programs.)

Run anti-spyware tools

Make sure your anti-spyware software is current, and then scan your system, following the instructions on your screen.

Run the Malicious Software Removal Tool

If you've downloaded something that's wreaking havoc on your system—slowing it to a crawl, causing it to crash frequently, etc.—try using the Malicious Software Removal Tool. This tool checks computers using Windows XP, Windows 2000, and Windows Server 2003 for specific malicious software and helps you remove it. [Click here for Full Article]

8 Out of 10 Enterprise PCs Spyware Infected (Techweb)  08/23/05
Even as spyware has become a dirty word and users have been bombarded with stories about its pervasive, pernicious nature, criminals have dramatically expanded their distribution channels and infected an overwhelming majority of enterprise PCs, anti-spyware vendor Webroot said Tuesday as it rolled out its latest stats.

The number of malicious sites hosting spyware has quadrupled since the start of the year, said Richard Stiennon, Webroot's director of threat research, and now number over 300,000 URLs.

On average, enterprise PCs have 27 pieces of spyware on their hard drives, a 19 percent increase in the last quarter alone, while a whopping 80 percent of corporate computers host at least one instance of unwanted software, whether that's adware, spyware, or a Trojan horse. [Click here for Full Article]

Anti-Spyware Software: Securing the Enterprise (Techrepublic)  Added 08/05/05
Overview: With the spyware threat raging on, most administrators are seeking cost-effective ways to detect and eliminate the harmful programs from their organizations' networked PCs. Download this white paper to read about a variety of special challenges associated with enterprise-level spyware removal. You'll learn:

* Why most anti-spyware solutions do not scale for the enterprise * Why firewall and anti-virus solutions do not protect corporate systems from spyware * How to evaluate enterprise anti-spyware solutions [Click here for Full Article]

Hackers Spreading Spyware From Free Personal Web Sites (TechWeb)  07/25/05
Attackers are using free personal Web hosting sites provided by nationally- and internationally-known ISPs to store their malicious code, and to infect users with worms, viruses, and spyware, a security firm said Monday.

Websense, a San Diego, Calif.-based Web security and content filtering vendor, has detected a big jump in the use of personal hosting sites, said Dan Hubbard, the company's senior director of security and technology research.

"The growth of this trend is alarming," said Hubbard. "July has seen a major boom. In the first two weeks alone we found more instances than in May and June combined."

In the first half of the month, Websense found more than 500 free hosting sites created to spread keyloggers alone, Hubbard added. Since the beginning of the year, it's uncovered more than 2,500 such sites. [Click here for Full Article]

Microsoft Updates Windows AntiSpyware (smallbiz pipeline)  07/19/05
Microsoft refreshed its Windows AntiSpyware application late Monday, fixing a problem that prevented some users from updating to new spyware signature files.

Windows AntiSpyware is still officially in beta, but this build -- dubbed 1.0.615 -- is the fourth version of the program since it debuted in January. According to Steve Dodson, one of the developers on the AntiSpyware team, "we wanted to correct an issue found with the signature update mechanism" but the group also "addressed an improvement on how Windows AntiSpyware beta provides information to the user about processes running on a PC." [Click here for Full Article]

Coalition Issue Definitions For 'Spyware' (security pipeline)  07/12/05
NEW YORK (AP) -- Anti-spyware vendors and consumer groups took a stab at issuing uniform definitions for "spyware" and "adware" on Tuesday in hopes of giving computer users more control over their machines.

The definitions seek clarity that could help improve anti-spyware products, educate consumers and fend off lawsuits from developers of software that sneaks onto computers.

It's not clear what, if anything, the taxonomy itself might accomplish in ending the deception involved in placing intrusive and damaging programs on people's computers.

The 13-page document is silent, for instance, on what developers must do to obtain consent from consumers. Nor does the document, still formally a draft, clearly state how specific programs might fall under a certain category. "It's not the end game but it's a great starting point," said Dave Cole, director of product management at Symantec Corp., a member of the coalition that spent three months crafting the terms. "You've got to have a foundation, a common vocabulary to start with ... and have all of us speak the same language." [Click here for Full Article]

Microsoft Defends Claria Adware Changes (desktop pipeline)  07/08/05
Open letter to customers explains why it changed how its anti-spyware software handles adware from Claria, a pervasive brand of adware.

Microsoft late Friday responded to criticism that it's gone soft on spyware by issuing an open letter to customers explaining why it changed how its anti-spyware software handles adware from Claria, a pervasive brand of adware.

A Microsoft spokesperson also said that talk of a link between the Claria changes and rumors of ongoing acquisition talks between Microsoft and the Redwood City, Calif.-based Internet marketing company were "a misconception that needed to be cleared up."

"This week we received some questions around Microsoft's classification of Claria software in our Microsoft Windows AntiSpyware (Beta). We wanted to take this opportunity to explain our current policies and practices," begins Microsoft's response to the criticism.

"Absolutely no exceptions were made for Claria," the letter said. [Click here for Full Article]

What is Spyware? The Industry Can't Agree (security pipeline)  06/27/05
NEW YORK - Many anti-spyware programs scour computer hard drives for those data-tracking files called cookies that we often get from Web visits. Microsoft's tool does not. And there are disputes aplenty about whether certain widely used advertising programs circulating on the Internet are clean of spyware.

No surprise, then, that there's little agreement on what should be considered spyware, and what adware is exactly. Or on whether adware, which delivers ads, is a form of spyware or a breed apart.

Consumers are confounded. Is their computer-cleaning overzealous or not thorough enough? Are they removing useful programs with the dreck? [Click here for Full Article]

Microsoft Again Updates AntiSpyware Bets (TechWeb)  06/24/05
Microsoft Corp. quietly refreshed its Windows AntiSpyware tool on Thursday as it also extended the lifespan of the beta to the end of 2005.

Windows AntiSpyware Beta 1 Build 1.0.613 is the second update since the software debuted in early January. Microsoft's made some bug fixes -- earlier versions sometimes caused Internet connectivity problems after they'd removed some spyware -- and extended the program's expiration date to Dec. 31.

Microsoft debuted the tool in January, just weeks after it had acquired anti-spyware developer Giant Company Software of New York. Windows AntiSpyware is essentially a repackaged version of Giant's software. [Click here for Full Article]

Experts Undecided About Port 445 Sniffing Impact (TechWeb)  06/23/05
Experts disagreed Thursday whether a recent surge in port sniffing of Windows systems meant a worm attack was on the way.

Last Friday, Symantec reported a climb in scanning activity on TCP port 445, one of the two ports associated with the Server Message Block (SMB) protocol in Windows. Earlier last week, Microsoft announced that the protocol suffered from what it called a "critical" vulnerability, and released not only details of the bug, but also a patch.

The scanning was short-lived, said Alfred Huger, vice president of engineering for Symantec's security response team, but reiterated Symantec's position that the post sniffing may be a precursor to an attack. But he thought the odds long.

"This vulnerability isn't a very powerful candidate for a worm," said Huger. "I don't think we'll see a mass exploitation." [Click here for Full Article]

Users Face Threats From More Sophisticated Spyware (systems management pipeline)  06/22/05
While PC users are rightfully worried about spyware that tracks web site visits, and crash their PCs, there are more insidious threats out there. A more powerful breed of spyware can log keystrokes — including passwords and credit card numbers — and send that information off to criminals. Some spyware can even capture instant messaging chat sessions, screen images, and redirect e-mail.

While most spyware seeks to spread itself as widely as possible, the people running this more sophisticated spyware go after specific targets, including banks, universities and Internet cafes.

The danger was recently highlighted when Sumitomo Mitsui Banking Corporation discovered a keylogger installed on its network in London.

"That should have gotten half the CIOs in America concerned," says Alex Eckelberry, president of Sunbelt Software, whose CounterSpy anti-spyware includes an extensive database of keylogger detectors. [Click here for Full Story]

Review: Spybot - Searcy & Destroy 1.4 (systems management pipeline)  06/16/05
The latest version of this free and popular spyware slayer is faster and easier to user.

Spybot - Search & Destroy has been unearthing keyloggers, trackers, hijackers, cookies and other adware and spyware for years, so an update is big news. The new version is faster than its predecessor, with a more professional, aesthetically appealing, and less confusing interface than predecessors.

Spybot shows info about threats on the right side of the screen. (Click on image to expand.)

The program's normal routine is to start with a scan. But don't worry -- it won't take the rest of the day to finish. According to the company, rather than search a system's entire registry and hard drive, Spybot exploits spy programs' needs to anchor themselves to some few key points over the system. When Spybot finds a software module at the anchor point, Spybot can follow that lead to find the whole gang. [Click here for Full Story]

Fight Spyware Like You Mean It (systems management pipeline)  06/15/05
Following these best practices will make your systems as safe as possible.

It's been said that we can learn as much, or more, from our failures as from our successes. I hope that's true. For this TechBuilder Recipe, I originally intended to obtain copies of the leading anti-spyware software packages and then put them through their paces to see how they performed in dealing with a cross-section of common spyware, adware, and other related forms of malware. Most of the vendors I contacted were happy to provide evaluation copies of their software. Many were also willing to share their test libraries with me. But for several reasons, I found myself unable to complete the job.

In the process, I discovered why the PC malware problem has proven so intractable. I also learned a lot by going through the process of collecting the pieces and parts necessary to compare anti-spyware packages. Finally, I interviewed Eric Howes, a noted spyware researcher at the University of Illinois, who has found that today's most popular anti-spyware software packages are far less effective than many believe (see sidebar, below). [Click here for Full Story]

Microsoft Adds Defense Against Mytob, Kelvir To Tool (desktop pipeline)  06/15/05
As is its custom, Microsoft updated its Windows Malicious Software Tool Tuesday as part of the monthly security bulletin roll-out, adding detection and deletion routines for four additional worm families.

The free-of-charge tool now seeks and destroys the Spybot, Kelvir, Mytob, and Lovgate malware clans. Windows XP and Windows Server 2003 SP1 users who have Automatic Update enabled automatically receive the tool each month, while those using Windows or Microsoft Update also get the utility as part of any update package. Windows 2000 and other Windows Server 2003 users, however, must manually download the tool from the Microsoft Web site or use the online edition.

The addition of Kelvir and Mytob are particularly important, as both those families account for scores of variants, including several that have hit the Internet in just the past few days. [Click here for Full Story]

RSS to Carry Spyware Before End of Year (systems management pipeline)  06/10/05
By the end of the year, spyware programs will have tripled in number, put Firefox in their sights, and have turned to RSS to distribute its key loggers and ad spawners, a security expert said Friday.

Richard Stiennon, director of threat research at anti-spyware software vendor Webroot, first presented his six predictions at this week's Gartner IT Security Summit. Number one on his list?

"The first spyware that targets Firefox will appear in the first half of 2005," prognosticated Stiennon. "That means either a spyware writer will take advantage of a vulnerability in Firefox, as others already have in Internet Explorer, or create a site that forces Firefox to invisibly download and install adware or spyware."

Stiennon's apparently not worried about the impending deadline for his prediction. "Test code against Firefox exists," he said, "and I've seen [spyware] exploits against Firefox that don't work. At the Gartner conference, I had a conversation with the CIO of another security firm, and he said that his company had just found an example." [Click here for Full Story]

Spyware Software Dubbed 'Ransom-Ware' (security pipeline)  05/31/05
An apparently bogus anti-spyware tool is the newest addition to the expanding "ransom-ware" category of malware, Panda Software said Tuesday.

Ransom-ware, the term some have slapped on malicious code that infects a PC, then demands money in return for cleaning up the machine or unlocking suddenly-encrypted documents, is just another example of how hackers are increasingly driven by greed, Luis Corrons, the director of Panda's research lab, said in a press release. Now, said, Corrons, a purported anti-spyware product, SpywareNo, joins the list of ransom-ware.

Surreptitiously downloaded when users visit certain porn or pirate Web sites, SpywareNo exploits vulnerabilities in Microsoft's Internet Explorer to get onto a PC. Once it installs itself, it creates an icon on the desktop and displays a bogus warning that the system's infected with spyware, Corrons said. (It also modifies the Windows Registry to guarantee it runs every time the PC is started, even after the user thinks he's managed to manually delete the program.) [Click here for Full Story]

Anti-Phising Toolbar Now Available for Firefox (security pipeline)  05/25/05
U.K.-based Web security firm Netcraft on Wednesday released a Firefox version of the anti-phishing toolbar that's been available for Microsoft's Internet Explorer since December 2004.

The toolbar, which installs as a Firefox extension, or plug-in, automatically blocks suspected phishing sites identified by other users and verified by Netcraft. The company's database of Web site information is also used to display several attributes of any visited site, including its country location, longevity, and popularity.

That information can be used to gauge possible risky sites, since most phishing sites are short-lived, and often hosted in countries like China and Russia.

Netcraft claims that the toolbar has blocked more than 7,000 phishing sites since it debuted. [Click here for Full Story]

House Passes Anti-Spyware Bills (security pipeline)  05/24/05
The U.S. House of Representatives on Monday overwhelmingly passed a pair of anti-spyware bills, and sent them on to face their toughest challenge: the Senate.

The House passed Rep. Mary Bono's (R-Calif.) Securely Protect Yourself Against Cyber Trespass Act, dubbed the SPY Act, by a vote of 393-4, while the second bill, the Internet Spyware Prevention Act (I-SPY), passed 395-1.

Rep. Ron Paul (R-Texas), a libertarian-leaning Republican, was the only member to vote against both bills, not surprising since his Web site touts that he "never votes for legislation unless the proposed measure is expressly authorized by the Constitution." The Founding Fathers weren't prescient enough to forecast spyware.

Bono's bill, which harks back to 2004 and was re-introduced this session, would require any software to give clear notice before it installs, and would forbid such spyware/adware practices as keystroke logging, persistent pop-up ads, and computer hijacking. Fines for violations could be as high as $3 million. [Click here for Full Story]

Adware Targets Kids (security pipeline)  05/13/05
Mainstream children's Web sites host a glut of adware, a security firm said this week, proof that spyware makers are targeting kids in an attempt to slip by parents and get their software onto home computers.

Over a three-month period, said Kraig Lane, a group product manager in Symantec's consumer division, his lab took new PCs out of the box, connected them to the Internet without monkeying with any of the default settings in Windows XP SP2, then surfed well-known sites in several categories, ranging from kids and sports to news and shopping.

"Our testers went to name-brand Web sites, and spent 30 minutes to an hour reading or interacting with sites," said Lane. Testers tried to emulate real-world browser by reading articles, interacting with the site's features, but not explicitly looking to accumulate files by downloading. "Then they ran spyware detection software and counted up what kind of security risks and how many files had been installed on the machines," Lane said.

Children were the biggest target for spyware makers, by far. The trip to several kids' sites installed a whopping 359 pieces of adware on Symantec's PCs, five times more than the nearest category rival, travel. Popup ads proliferated on the machines after that, making them virtually unusable. [Click here for Full Story]

Opinion: How To Avoid Getting Spyware (smallbiz pipeline)  05/12/05
You'll seldom see both Mahatma Gandhi and Marshall Flinkman quoted in a single article. So remember this moment. It's historic.

Asked what he thought of Western civilization, Gandhi responded, "I think it would be a good idea."

That's apparently what readers think of anti-spyware technology. Anti-spyware falls far, far short of the level of efficiency we've gotten used to with anti-virus software. The major anti-virus products work quite well. Install them, keep them updated, and the idiots of the Internet can throw as many viruses at you as they want, while you sit in comfort behind your impervious shield, laughing, listening to soft jazz music, and sipping chilled Gibsons (gin, vermouth, cocktail onion).

One day, anti-spyware will reach that point. But today it's not even close.

A few weeks ago, I asked you whether you thought anti-spyware technology is accurate, and you gave me an earful. You said you need to run two, three or four anti-spyware products on your desktop simultaneously. And even that isn't enough — to keep spyware under control, you have to go into Task Manager and the Windows Registry by hand, looking for rogue processes, software and settings, and eradicating them. Ouch. [Click here for Full Story]

Prevent Spyware: Advice From the Pros (desktop pipeline)  05/12/05
Anti-spyware technology isn't keeping up with the spyware threat, according to Security Pipeline readers.

When I put out a call for spyware information a couple of weeks ago, IT managers and consultants came back with highly useful advice on the best anti-spyware products, how they tell if your system is infected, and what to do about it if it is.

Readers said that anti-spyware products aren't accurate; they need to use two, three or even four products in combination to detect all the spyware on a system, and even then they're not sure if they got everything. Many systems managers are forced to go into the Windows Registry and Task Manager by hand and edit out rogue processes and settings.

Five products recurred in the recommended-use list: Microsoft AntiSpyware, Spybot Search & Destroy, Lavasoft Ad-Aware, Webroot Spy Sweeper and HijackThis. But readers praised other products as well. [Click here for Full Story]

Anti-Spyware Tips and Tricks (security pipeline) 05/12/05
Anti-spyware technology isn't keeping up with the spyware threat, according to Security Pipeline readers.

When I put out a call for spyware information a couple of weeks ago, IT managers and consultants came back with highly useful advice on the best anti-spyware products, how they tell if your system is infected, and what to do about it if it is.

Readers said that anti-spyware products aren't accurate; they need to use two, three or even four products in combination to detect all the spyware on a system, and even then they're not sure if they got everything. Many systems managers are forced to go into the Windows Registry and Task Manager by hand and edit out rogue processes and settings.

Five products recurred in the recommended-use list: Microsoft AntiSpyware, Spybot Search & Destroy, Lavasoft Ad-Aware, Webroot Spy Sweeper and HijackThis. But readers praised other products as well. [Click here for Full Story]

Another Sober Worm Spreading Quickly (desktop pipeline) 05/03/05
Another version of the dual-language Sober worm hit the Internet mid-day Monday, and by Tuesday was accounting for a stunning 70 percent of all malicious code traffic according to one anti-virus vendor.

Sober.p -- also called Sober.n and Sober.o in the confusing mishmash that's the naming structure of worms and viruses -- is epidemic in Western Europe, said two firms there, Sophos and Kaspersky Labs. Although the worm hasn't made as much headway in the U.S., it's currently the most dangerous new threat on the books, according to Symantec and McAfee, both of which raised their alert warnings to "medium" on Monday afternoon as Sober spread.

"It's currently running at about 70 percent of all mail traffic, worldwide, but it seems to have plateaued," said Ted Anglace, a senior security analyst in Sophos' Boston office. "It's leveling off."

Like earlier Sober variations, this one is bilingual -- it uses both English and German headings and text -- and spreads by mass mailing copies to addresses it steals from detection technologies. [Click here for Full Story]

Worst Spyware Down, Infected Sites Up (systems management pipeline) 05/02/05
Although the worst kind of spyware declined during the first quarter, anti-spyware vendor Webroot monitored a dramatic increase in the number of Web sites that host spyware, ready to infect the unwary visitor, the Boulder, Colo.-based company said Monday.

Webroot, which released the results of its for-free spyware auditing tool during 2004 on an ad hoc basis, formalized its data collection in the first official quarterly report to provide a benchmark going forward, said Richard Stiennon, the director of Webroot's threat research team.

"We want to make sure everyone knows that 'Hey, this is a big problem, even if the stats are showing a decline in system monitors,'" said Stiennon.

According to Webroot, the incidence of system monitors -- the most dangerous spyware category that includes key loggers screen grabbers -- dropped by more than half during the first quarter of 2005 compared to the last three months of 2004. [Click here for Full Story]

New York Attorney General Files Spyware Lawsuit Against Internet Marketer (security pipeline) 04/28/05
ALBANY, N.Y. (AP) -- New York Attorney General Eliot Spitzer sued a major Internet marketer Thursday, blaming it for secretly installing software that delivers nuisance pop-up advertisements and can slow and crash personal computers.

Shares of the company, Intermix Media Inc. of Los Angeles, fell $1.01, or 21 percent, to $3.79 in midday trading on the American Stock Exchange.

Spitzer accuses Intermix of redirecting computer users to Web sites where ads get displayed, adding unnecessary toolbars to Web browsers and delivering unwanted ads that pop up on computer screens.

A six-month investigation found that the company installed a wide range of advertising software on countless personal computers nationwide, with more than 3.7 million downloads directed at New Yorkers alone, Spitzer said.

"Spyware and adware are more than an annoyance," Spitzer said. "These fraudulent programs foul machines, undermine productivity and in many cases frustrate consumers' efforts to remove them from their computers. These issues can serve to be a hindrance to the growth of e-commerce." [Click here for Full Story]

Goto the Archive