Slashdot Mirror

← Back to Stories (view on slashdot.org)

Which Adware and Spyware are the Most Insidious?

Posted by Cliff on from the sneaking-on-to-a-machine-near-you dept.

the_dreadnought asks: "I was just asked today which adware and spyware are the most insidious by an acquaintance. He asked me if this stuff was really legal, or was it just not important enough for law enforcement to deal with? I know the porn stuff (not from experience,,,ok, from experience) that dials out to foreign countries is one of the more extreme examples, and Gator is well known, but if Slashdot readers could describe what adware and spyware they think is the sneakiest I would appreciate it. Also, any thoughts on whether some of this stuff is even legal, as it is almost certainly not ethical."

46 of 840 comments (clear)

  1. New.Net by TheSpoom · · Score: 5, Interesting
    I do tech support, and one of the worst things I've seen is a piece of software called New.Net. While not technically spyware (though that's arguable), it actually overwrites parts of the user's TCP/IP stack so that any time they access the internet (not just their browser), it gets pushed through the (usually fairly buggy) New.Net DLLs.

    And the fun part is, if you (or the user) uncheck the New.Net software in MSCONFIG, it doesn't just stop New.Net from working... They simply stop being able to use the internet. At all. So then we have to pray that their version of New.Net has a working uninstaller, or we have to go through a huge manual uninstall that involves removing multiple registry keys. BTW, if anyone here gets this or other spyware that is difficult to remove, try using a program called HijackThis and "Fix" anything that looks out of the ordinary (use common sense... don't delete everything).

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
    1. Re:New.Net by Jouster · · Score: 3, Interesting

      They used to offer a 5- to 10-cent "bounty" for each copy of New.Net you installed; that's why it was bundled with a lot of other programs.

      The bounty program was discontinued, however.

      Jouster

    2. Re:New.Net by shawnywany · · Score: 5, Informative

      I agree, that HijackThis program did wonders for my parents' messed up computer. Not only did the search page mysteriously get changed after every reboot, we had the misfortune of answering questions from my little sister about the porn popups the BHO caused when she accessed Neopets. However, one or two clicks with HijackThis and all was right again. Adaware and S&D don't catch everything, looks like I had to add ANOTHER program to my arsenal.

    3. Re:New.Net by caseih · · Score: 5, Informative

      The easiest way to delete New.Net is to do the following:
      1. remove it using "Add/remove" programs
      2. if still not working, remove the WinSock and WinSock2 registry keys from CurrentControlSet
      3. Go to network settings on win98 or on 2000/XP, just go into the properties of your network connection and if possible, remove tcp/ip. On XP this is impossible, so ignore this step
      4. Add new service. If you're not on XP, just reinstall tcp/ip. On XP, select "have disk" and point it at C:\windows\inf. Then select tcp/ip and install it
      5. clean up any newdotnet files lying around.
      6. Join a class-action lawsuit against the company that makes this piece of crapware.

      Be aware that these steps can cause problems with programs like cyber-sitter or firewalling programs that modify the networking stack. Do this at your own risk.

      This is very prolific. I've cleaned it on on laptop twice! I have a supsicion the user is downloading crap all the time, but I do wonder in what form it come in.

      Michael

    4. Re:New.Net by Anonymous Coward · · Score: 5, Informative

      Or you can just reset Windows XP's TCP/IP stack

      from command prompt:

      netsh [enter]
      int ip [enter]
      reset [enter]

      then reboot

    5. Re:New.Net by uncoveror · · Score: 3, Informative

      Have you tried Pest Patrol. It has never failed me when I want to remove spyware crap for my father, or other non-techies who ask me for help. Tweaking The winsock registry keys might work for you or me, but not for them, and they are always asking for help.

      --
      The Uncoveror: It's the real news.
    6. Re:New.Net by TaoJones · · Score: 5, Funny
      The easiest way to delete New.Net is to do the following:
      1. remove it using "Add/remove" programs
      2. if still not working, remove the WinSock and WinSock2 registry keys from CurrentControlSet


      This is the "easiest" way? Slow down there Turbo... Now, over the phone, YOU try to talk my mother through this "easy" way. Believe me, I'll Make Money Fast selling you a couple of Valium when (and if) you ever get the job done ;)

      --
      "Fear is the rootkit of democracy.." Blarkon
    7. Re:New.Net by CrazyDuke · · Score: 3, Informative

      My vote goes to a program that is not quite as popular, but is similarly damaging called OSSproxy. Basically if you have the misfortune of deleting it, your system 's DNS resolution is hosed until you reinstall Windows. You can uncheck it in startup, but like New.Net, you can't DNS anything. Oh, did I mention it does not come with any (obvious) uninstall?

      I usually run across this when a customer complains that since they switched off dialup to broadband, they can't access the net. Apparently, there is some screw up within the program that keeps people that switch net connections from DNSing.

      You can bitch at the company and they'll send you a buggy ass uninstall program (which really helps if you already lost your net connectivity :P ...not). But, the only way I've been able to remove it is using the following. Oh, but you have to not have deleted any part of it yet in order for it to work.

      "%WinDir%\System\NScheck.exe" /uninstall

      Then just clean up any garbage left behind.

      P.S. Looking up on it, it looks like some people have found out how to can the sucker if it was already deleted. Still a pain in the ass though.

      --
      Any sufficiently advanced influence is indistinguishable from control.
    8. Re:New.Net by TheQuantumShift · · Score: 4, Informative

      or run them all together as MSN tech support is trained to do... "netsh int ip reset resetlog.txt" That along with "regsvr32 softpub.dll" and "regsvr32 wintrust.dll" will fix 99% of MSN problems. That and Referring to OEM...

      --

      Shift happens. Fire it up.
  2. IMHO the worst one was........ by i_want_you_to_throw_ · · Score: 4, Informative

    Xupiter! Or what used to be Xupiter. In it's time it really wreaked havoc. Although going to their home page says they are out of business, ths link on their site shows that they may be up to something else soon

    You can share some of the love for the Yomtobians here. These guys are right up there with Spamford Wallace and the Cantor/Siegel in the Internet Hall of Shame.

  3. RealOne by JanusFury · · Score: 5, Interesting

    I'm sure there aren't many people who agree with me, but I personally consider RealOne to be spyware. It's intrusive and has lots of 'features' that are extremely difficult to turn off if you can turn them off at all, and it installs things without telling you. (For example, its 'message center' in the system tray that tells you to Buy RealNetworks Products(tm)(r)!0

    Other than that, I don't really run into spyware much, but I find gator and its kin to be the most intrusive and common on the web.

    --
    using namespace slashdot;
    troll::post();
    1. Re:RealOne by CaptBubba · · Score: 5, Informative
      "unfortuantly there is no other player which plays their media"

      There is Real Alternative. I'm not sure how legal it is, but it plays the files and I don't have to install the RealOne crap. Until I found it I simply didn't use any sites that relied upon realplayer files. I was so happy when Amazon.com added WMP samples.

    2. Re:RealOne by tarquin_fim_bim · · Score: 3, Informative

      unfortuantly there is no other player which plays their media

      mplayer!

    3. Re:RealOne by DrEldarion · · Score: 3, Informative

      Yeah, but that still doesn't take care of the fact that the software is crap. Back when I had Windows 2000 installed, the only time I got a blue screen was when I was using realplayer.

    4. Re:RealOne by Raunch · · Score: 3, Informative

      > there is no other player which plays their media

      Whatever you feel of their supposed code nazi attitudes; mplayer plays almost everything.

      Don't hate the player, hate the game.
      I don't have a sig.

      --
      George II -- Spreading Freedom and American values, one bomb at a time.
    5. Re:RealOne by cicho · · Score: 3, Informative
      Correction. StartupMonitor doesn't look for systray apps. Rather, it intercepts any attempt by an application to add itself to autostart folder or a registry entry, so that the application will run automatically at startup.


      But you can't use it indiscriminately. Most setup programs for example will add a run-once entry to delete temp files or files that were in use and couldn't be replaced - this is something you want to allow. But the same setup program may also be installing fishy stuff, so you need to be able to tell the difference.

      --
      "Only the small secrets need to be protected. The big ones are kept secret by public incredulity." - Marshall McLuhan
  4. A more interesting question might be: by tarquin_fim_bim · · Score: 3, Interesting

    Should the purveyors of operating systems be prosecuted for allowing software to run on their loyal customers computers, without their knowledge or permission. I have never read a Microsoft EULA in it's entirety, does it mention that this is part of the agreement?

  5. One word...GATOR by bluethundr · · Score: 5, Insightful



    Without any doubt in my mind, the most evil form of spyware I am personally aware of is the infamous insidious Gator. Booo, hisss!!!! I am sure there are others, but I'm sure of this: there is a special place in hell for these folks.

    --
    Quod scripsi, scripsi.
    1. Re:One word...GATOR by bhtooefr · · Score: 4, Informative

      Google Toolbar doesn't count, because it is a VOLUNTARY move to enable the spying features (default is to disable them, they give you a nice short EULA that tells you they'll get some info from you if you enable PageRank). Gator and the more insiduous MemoryBlaster (or something like that - it's a taskbar icon that shows you percent free RAM, and takes up about 50% of RAM on a 128MB box with XP itself) count. Taking into account that someone could be blindly clicking links, one could VERY easily get the whole GAIN suite in a few seconds. (BTW, there are MUCH nicer alternatives to those - I've heard RoboForm isn't spyware, and can even import your Gator data if you did once use it, Date Manager? double click on the clock! (oh wait, roblimo can't figure that out) PrecisionTime? ArgoSoft Time Synchronizer is what I use - good ol' fashioned freeware)

    2. Re:One word...GATOR by DeadMeat+(TM) · · Score: 4, Informative
      Roboform is your friend. It can import Gator passwords and then export them to HTML for printing (or parsing with your favorite scripting language).

      It's recommended as Pricelessware by alt.comp.freeware, which means no nasty spyware or adware.

    3. Re:One word...GATOR by jesser · · Score: 3, Informative

      You can extract passwords from Gator (or any browser's password manager) one at a time with the "view passwords" bookmarklet. Be sure to tell your client that vanilla IE (new versions) and Mozilla Firebird have built-in password remembering, so he won't have to type his passwords each time after he gets rid of Gator.

      There are also some password managers that can import from Gator. Roboform is an example. I don't know if I trust any of them, though.

      --
      The shareholder is always right.
  6. Windows Spyware Removal by Davak · · Score: 5, Informative

    Here are the removal programs...
    Spybot
    Adware

    However, this begs the more interesting questions....

    Is there *nix spyware?
    Why not?

    Davak

    1. Re:Windows Spyware Removal by mcpkaaos · · Score: 3, Funny

      Simple. There is no adware for Linux as companies know that we don't have any money. Isn't that why we use it?

      (Easy there mods, don't let the sarcasm fool ya.)

      --
      It goes from God, to Jerry, to me.
  7. Weird Comparison by serutan · · Score: 3, Insightful

    If somebody leaves a paper bag full of shit on your porch, rings the doorbell and runs away, does it really make any difference whether it's dog shit or cat shit?

  8. Windows Media Player... by penguinrenegade · · Score: 4, Interesting

    gets my vote. Not only does it report your media files, but also any other apps you're running!

    /me adjusts tinfoil hat...

  9. Lop.com by DJ+Rubbie · · Score: 5, Informative

    Lop is by far the worse one ever... recently I convinced my cousin to switch over to Mozilla Firebird, but this article (http://www.spywareinfo.com/articles/lop/) suggested that Mozilla isn't 100% safe, but is much easier to cure than hacking the registry (apparently it's just one line in the user_prefs). One sources said that it changes 47 registry keys... I also found that it randomly mutates into new filenames (actually it downloads newer versions), making it much harder for programs like Adaware to hunt it down.

    Also, Lop disguises itself as a mp3 search toolbar. It also comes with newer versions of MSN Plus.

    One more thing, some people are willing to profit from lop uninstaller, such as this one - http://www.onlinepcfix.com/spyware/Lop.htm - it contains some more information related to lop.

    --
    Please direct all bug reports to /dev/null
  10. hotbar by a.koepke · · Score: 5, Interesting

    One program that really annoys me is hotbar. The main reason so, it adjusts your MS Outlook settings all the time turning off using Word as your HTML editor. It also requires about 2 hours to remove the stupid program.

    You remove it using AdAware and it will remove it for that user profile. Then login as another user it will actually install itself again. I logged on as each user to remove it and finally managed to get rid of it, so I thought. It has now appeared back and I know it wasnt the (l)users installing it again since I gave them a lecture about adware and installing crap on machines that I am in charge of.

    If a program comes with a valid uninstall feature then I can tolerate it. When its a program thats a biatch to get rid of and keeps coming back I get really ticked off.

    --


    (\(\
    (^.^)
    (")")
    *This is the cute bunny virus, please copy this into your sig so it can spread
  11. a musical analogy by Savatte · · Score: 5, Funny

    which Creed album is the worst?

  12. Pre-Installed Dell Software by Jouster · · Score: 5, Interesting

    How about Dell's SupportLink, which (and I have the TCPdumps to prove this) broadcasts your system's S/N, your MS Windows S/N, and several other tantalyzing bits of data back to Dell every 30 minutes or so?

    Mind you, I love my Dell, but this pissed me off.

    Jouster

  13. SaveNow by pavera · · Score: 4, Informative

    The worst program I've ever seen is savenow..
    It starts like 5 processes on boot (using between 50-75mb of ram and 20-25% cpu), sends all of your browsing habits somewhere else, and pops up porn, and other various ads randomly while using the computer. It is by far the worst spy/ad ware I've ever seen.

  14. I agree with you by sweatyboatman · · Score: 4, Interesting

    I don't use RealPlayer at all. If for some reason a website offers only RealPlayer videos I just do without. not a big deal for me. much more annoying, as you say, to remove the tentacles of Real after you've installed their "free" player.

    -sweatyb

    --
    It breaks my pluginses, my precious!
  15. Business plan by Chuck+Chunder · · Score: 5, Funny

    1. Ask Slashdot what sort of spyware is the worst. 2. Make this sort of spyware. 3. Profit!

    --
    Boffoonery - downloadable Comedy Benefit for Bletchley Park
  16. Worst Adware Revealed! by missing000 · · Score: 4, Funny

    With absolute certainty, the worst adware is the threadjack /. post

    Especially evil is the sig line advertisement.

  17. I'll never know the name. by Elwood+P+Dowd · · Score: 5, Interesting

    I didn't think that spyware existed on MacOS X, but... my girlfriend came home from school last winter with something really odd. Internet Explorer would, no matter your user preferences, always go to a certain internet shopping site as a homepage. And would give you a barrage of popups constantly. I forget what shopping site, and back then I only had inbound firewalling, so I had no logs to check.

    No toolbars installed. No plugins. I created a new user account for her, and that worked, so apparently it hadn't messed with the internals of the Internet Explorer.app (which seems like a vector they'll soon exploit). Crappy, though.

    --

    There are no trails. There are no trees out here.
  18. Obviously by lurker412 · · Score: 5, Insightful

    The most insidious are the ones we don't even know about.

  19. Shocking disrepect for consumer choice by StefanJ · · Score: 5, Funny
    You should be ashamed, ashamed!

    All these companies want to do is let you know about exciting new products and services that could entertain you, improve your life, and lengthen you genitalia.

    Shutting out these innovators . . . well, it smacks of Communism, doesn't it? First TiVO, screening out the ads that broadcasters, our public servants, need to survive. Now this ungrateful attack on champions entreneurship and freedom of choice. Just a bunch of surly, consumer-choice hating Reds is what you all are.

    I'm going to tell John Ashcroft what you've been up to so these SpyBot removers can be banned!

    Stefan "scared to hell that someone out there might actually be thinking like this" Jones

  20. Biggest spyware by too_bad · · Score: 3, Funny

    I am not sure what this thing was, but its the biggest spyware I have seen. It came installed
    on my laptop, and even after I installed Linux, it continued to exists. Everytime I forget to press
    arrow key while bootup, it would boot into this spyware. Once I am there, I am given a illusion that
    this thing looks very similiar to my Linux system, but everything was slow. There was an ambulance
    (I think thats what they use for hijacking my laptop) which would keep yelling "Click here to update".

    Then it did have something that looked like konqueror and it did show some internet sites. But I couldnt
    open more than one tabs in it. Also, every 2.5 seconds it used to open up a colourful window offering
    me stuff I did not want.

    Then I got a message saying Cindy wants to talk to me. I didnt want to talk to Cindy, but it kept yelling
    at me for not saying Hi to Cindy. Cindy was barely wearing any clothes (shudders)

    I finally managed to get rid of this spyware, and everytime I think about it I shudder.

    --
    DO NOT PANIC
  21. Not just adware and spyware by Ryan+Mallon · · Score: 4, Interesting

    More and more applications are becoming intrusive, software such as Winamp, Windows Media Player and Kaaza all having annoying dialog boxes which popup each time you run them if they detect a newer version which you haven't yet downloaded. MSN actually refused to do anything until I upgraded it.

    A large number of applications now have an online registration feature, they dont force you to do the registration, but they will bug the hell out of you if you choose not to.

    Applications such as RealPlayer try and sign you up to email based newsletters(spam), why should I have to give my details (email address, home address and hobbies for example) to a company in exchange for using their software?

    There seems to be a gradual increase in the invasiveness of software, currently most of these 'features' are still optional, but I dont think it will be long before many software companies start making things like software updates, online registration and having a valid email address mandatory.

  22. Worst of them? LiveGirls.exe by Anonymous Coward · · Score: 3, Funny

    Recently a client came in with a PC and said it was acting funny and suspected there was some kind of virus on it. A scan detected that there was several files that appeared to be infected with something called "Downloader-DZ" and, along with the links to porn sites (my favorite one being "Operation... SEX!") and the homepage being replaced with a porn page, there were SEVERAL dialers installed, and an attempt to just delete LiveGirls.exe did nothing... it later reapeared.

    To put it short, I spent two hours running spyware removal software and manually editing out bad registry keys. A pain.

    Oh... and PLEASE tell people they don't need that FUCKING SHIT like hotbar and weather bug either!! I'm sick of seeing that crap on people's PCs!

  23. Mostly Ethics, Seldom Legality by billstewart · · Score: 5, Interesting
    Most of this software, while some of it is Ethically Challenged, doesn't have legal problems, at least in the US. The stuff claims to be free or cheap, and usually tells you that you'll get advertising, and even though it doesn't always tell you how much data it's collecting, it's usually not breaking any laws by doing it. Even the annoying features like popups or making your machine dog-slow aren't illegal, they're just misfeatures. Often you even have to press a "Pretended to read the fine print of the license" button for it to install.

    Some of it's not even broken ethically - if all they're doing with it is deciding which ads to show you, rather than tracking your every move online, especially if they didn't collect personal information about you, and if they didn't lie to you about what they were doing, and if they have a privacy policy that actually reflects what they're doing, that's ok. Not necessarily something you want to run, but ok. Some particular examples are the adware versions of Eudora and Opera.

    European data collection laws may have terms that popular spyware violates, but usually the spyware companies aren't based in Europe so there's no legal jurisdiction. The data collection laws themselves are often effectively spyware - in return for "protecting" you, they're also subjecting you to possible audits of your machines because you *might* have personal information about other people on your computer or your PDA or your cell phone. (Sure, they mostly pretend they wouldn't do that to regular citizens, only businesses, but it's pretty much a selective enforcement thing. And you are registering all your computers with the data protection bureau, aren't you?) But at least it doesn't slow your machine down when they're not auditing you.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  24. For more info ... by fygment · · Score: 4, Informative

    ... maybe this site would help:

    http://www.spywareinfo.com/downloads.php

    --
    "Consensus" in science is _always_ a political construct.
  25. How to stop it on XP and above by friday2k · · Score: 5, Informative

    In Windows XP there is a feature called Software Restriction Policies (SRP, see here). This feature allows you to deny software to run based on Certificates (and Path, and Hash, and Zone for MSI). Since all the Spyware installers use signed Active-X "drive-by" installers this is an effective way to kill them. This, however, is an arms race. You need to collect the certs you want to invalidate first (upon first encounter of a spyware safe their cert into a file and disallow it). You can find the feature in Control Panel->Administrative Tools->Local Security Policy. Have fun!

  26. Preventing Spyware? by kaptainsunshine · · Score: 3, Interesting

    I'm a end user admin on a small (300 machines ) network where both IE5 and Netscape4 are available ( and nothing else ) on WinNT4. I'm constantly fighting against end users that install spy/adware. I'm losing the battle and re-imaging machines on a daily basis... I'm looking for tips on reducing downtime due to this junk being installed. Any tips would be appreciated.

  27. MSN Messenger by The+Herbaliser · · Score: 3, Insightful

    Has all the same problems as RealOne, plus the way it gets on your computer is really insidious... it's on there before you even open the box.

  28. Microsoft should fix windows by jonwil · · Score: 3, Interesting

    Basicly, any time a program wants to do something like put something in startup or modify winsock settings or stick files in windows system folder or modify the hosts file or dns settings or things like that, windows should come up with a nicely worded warning about why clicking "yes" is a bad idea.
    Also, it should log all these actions so that for example, you can see which programs installed what settings (so you know what to remove)
    And it should have something that allows sysadmins to turn off these things completly (just like how its possible to turn off control panel and other system things)

    That way, when some idiot wants to install kazza, the system detects that kazza wants to install "privacyviolatingspyware.exe" to c:\windows\system\importantmsfile.exe" and add it to startup and denies the request.

    What should be done when the request is deined (either because its completly switched off or because the user clicked "no") is that it should return for file i/o calls "cant open file" and for registry calls whatever the appropriate error is.

    Or better yet, pretend to write to the registry or the file but dont actually do it.

  29. Re:hahah by dasmegabyte · · Score: 3, Funny

    Autopr0n, your sig is an especially insipid sort of inline advert, because your website is so terrible.

    I would never think of advertising my ventures in a slashdot post.

    --
    Hey freaks: now you're ju