Slashdot Mirror
Spyware Masquerading as Spyware Removal Software
Cocooner writes "News.com is reporting that some of the anti-spyware/adware software out there is doing more harm than good by acting as double agents. One example is a software package named SpyBan (google cache since the original site has been removed), which happened to be hosted by download.com, accused of installing Look2Me, which monitors and reports web surfing habits. SpyBan was downloaded over 44000 times before it was pulled. How 'low' can they go?"
If you run a Windows system then I heartily recommend Spybot Seek & Destroy to keep it clean and immunized. Support the author too, donate a few bucks for good work.
not related in any way, just a satisfied user
Trolling is a art,
Worst thing is that they have started advertising on TV as a virus removal/firewall package.
One user on my network install it, basically shut down all network connections. And loaded the computer full of crap.
Also known as eAnthology.
Spybot
Ad-Aware
There are others, but these pretty much have it covered i think.
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
Avantslash - View Slashdot cleanly on your mobile phone.
Cheap Windows shots aside, there are many ways to get crap on your non-Windows machines. Cookies, web-bugs cross-site banners etc etc are ways to track a user. My OpenBSD boxes are secure from known hacks but I still surf with a Privoxy filter and a Squid cache at the head of my home LAN..
Security and privacy are like an onion, no need to repeat the whole analogy here.
Trolling is a art,
I think there is some really nice irony here. I'll get a good laugh out of it. What it really comes down to, to me, is that users blindly install things (ha, even anti-spyware/adware) and don't listen to what people say about it.
"Gator cursors?! Rad. I love little annoying cursors." Install spyware.
If people would be more informed about their computing habits, spyware would be avoided, as would viruses.
Adware, on the other hand, may have some legitamate uses. For example, Opera had a free version of it's browser that shows ads. AIM shows ads. Even Slashdot shows ads.
But if you don't like it, don't run it. Research is the key. It's time we stop letting people use computers until they understand HOW to use them.
This is similar to credit card scam that Bruce Schneier pointed out in his latest cryptogram. Fooling people into eating poison wrapped up as a remedy. Bastards.
New Credit Card Scam
This one is clever.
You receive a telephone call from someone purporting to be from your credit card company. They claim to be from something like the security and fraud department, and question you about a fake purchase for some amount close to $500.
When you say that the purchase wasn't yours, they tell you that they're tracking the fraudsters and that you will receive a credit. They tell you that the fraudsters are making fake purchases on cards for amounts just under $500, and that they're on the case.
They know your account number. They know your name and address. They continue to spin the story, and eventually get you to reveal the three extra numbers on the back of your card.
That's all they need. They then start charging your card for amounts just under $500. When you get your bill, you're unlikely to call the credit card company because you already know that they're on the case and that you'll receive a credit.
It's a really clever social engineering attack. They have to hit a lot of cards fast and then disappear, because otherwise they can be tracked, but I bet they've made a lot of money so far.
Free XBox, PS2
Yeah SpyBot seems to be a small one person deal. I have been using it for a while now and have had no problems. I use it in conjunction with Ad-Aware and what one does not catch the other usually does.
Spybot is a great package. The option to immunize your machine against the crap just removed is superb. I recommend it to all. AdAware was slow at updating for a while.
If you are getting hits in Spybot from advertisements, it is due to cookies. Spybot reports on any known spyware, malware, and privacy or tracking related items. It seems a little inefficient to use Spybot as a cookie blocker but it is an option and can be turned on or off if desired.
Bad boys rape our young girls but Violet gives willingly.
"How 'low' can they go?"
As low as they need to in order to make a buck.
Does this really suprise anyone? We've continuously seen spammers/telemarketers/advertisers/etc. sink lower and lower over the years as their tactics are countered. First there was telemarketing then the Telezapper gave us all a little hope that the incessant calls would stop. Then the telemarkters came up with a new tool that beat the telezapper. We responded with the Do Not Call Registry and now the telemarketers are suing on the basis of free speech. They will stop at nothing, not even the breaking the law, to make money.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.
and I'll say it again, Ad-Aware (www.lavasoftusa.com) is the only spyware removal program that's worth a damn.
Some of the others that I have seen/tried, are too zealous and end up removing bits that are *required* by proper programs, and end up wrecking things.
Ad-Aware, good as gold.
In addition, IIRC they offer a corporate-based version, much like Norton-Antivirus corporate, and that's a slick idea.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Sitting at a coworker's PC trying to figure out what was wrong with it for her, had an installer popup out of nowhere when no web browser was open offering to install a Spyware removal tool for me. One Ad-Aware update and scan later and her system was behaving fine. Don't remember the name of the program... May of been SpyBan...
Funnily enough as this article popped up I was on the phone w/ another coworker who had installed SpyHunter on a suggestion from an office mate... Problem was it started giving weird errors and she claims it kept reinstalling itself when she's remove it from Add/Remove Programs. She deleted the folder it belonged in and that seems to have eliminated it finally, but I had to clear a registry entry on her PC for her that was trying to start it...
Funny thing was whatever genius wrote the software didn't enclose the path to the program in quotes, so it was trying to run C:\Program... That's really the kinda programmer I want mucking about deleting 'Spyware' off my PC.
Thank God for Lavasoft...
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
Not to mention the oh-so-easily abused rating system, and obvious sponsoring BY spyware programmers...
And with such a reliable sounding name, the average Joe just thinks "hey it's from Download.com how could it possibly be bad? right?"
And the next thing you know, your computer illiterate relative is on the phone with you again griping about how their browser is going places they don't want, they're being spammed to death with ads on their screen, and their computer has slowed to a crawl.
I motion we make spyware programming punishable by slow castration and death under international law...
Machine9dotNet
Yep! I've been praising SpyBot and recommending it to practically everyone running a PC on the Inet for months now. (As I said in a previous /. thread, I work doing on-site PC service, and this program, alone, cures more PC issues I run into than anything else we use.)
I'll tell you another little tip, though. If SpyBot already claims it's cleaned everything up, but your PC is *still* spontaneously generating pop-up ads on the screen, or running abnormally slow (perhaps you still see odd processes listed as running in the process list?), here's the way to fix it.
Run regedit, and search the entire registry for "run once". There are several "run once" registry keys, with plain old "run" keys directly above each of them. (You're mainly interested in what's in the "run" keys, but searching for "run" will find hundreds of things we're not interested in.) If they're starting up some kind of trojan horse or spyware/adware program on your Windows PC (and assuming it's not simply in the "Startup" program group!), they've got to be doing it in one of these "run" keys. Look for sneaky files in there with names like "windowsupdater.exe" (MS doesn't ever run a file by this name to do the real Windows updates), or just gibberish names like 0br003445l.exe and delete them from the "value" line of the "run" key. I've even seen files in there I wasn't sure about, until I looked in the folder under "Program Files" where it was running from; Then I saw a *documentation* file in the program's folder explaining that the utility was "designed to automatically present advertisements to the computer user at random intervals"!
I've had really good luck with spybot s&d for removing Windows spyware/malware/adware, etc., but though it is freeware,
I'd really like to use and support an Open Source removal tool - I want to see the source, etc. - in my co.'s environment. Is there such an animal?
"The basic tool for the manipulation of reality is the manipulation of words." - PK Dick
The browser is only the beginning. It's all those other things that people like installing that pollute the system with crap: desktop modifications (blinky christmas lights), cursors, giant icon collections, etc.
The less you install the more clean and stable the system - general rule-of-thumb for any windows box as anyone that's been intimate with their registry would know. One program I have to work with every day installs over 70 registry keys (which isn't too bad) but the uninstaller is lucky to find 4 of those.
*sigh*
- Dan
The more paranoid out there will probably have more more [sic] packages in the loop, but this is definitely one instance where is doesn't do any harm to use multiple packages in parallel.
Oh, it's simpler than that.
Install the Spy-ware Remover. Remove the spy-ware. Remove the remover.
For the more paranoid^H^H^H^H^H less trusting, take a snap-shot of the system, consisting of a list of all files with md5sums for each.
As above, Install the remover, remove the spy-ware, remove the remover. In most cases the spyware will be stand-alone, except for crap like MS-Windows registry entries. Ensure that other than such system-wide repositories like that, after the removal of both spy-ware and spy-ware remover, than no files have been added to your system, and the md5sums of existing files haven't changed.
Finally, spy-ware is only a problem if it can transmit the information it gathers out of your system to its masters. Here MS-Windows users actually have an advantage over linux, because most MS-Windows firewalls can block both incoming and outgoing connections, and can block or allow specific applications using specific protocols on specific ports.
First, as a standard practice, block everything (I even block localhost to localhost connections), then allow only what you actually require (most MS-Windows firewalls allow you to do this interactively and some support single-time-only allowances, so it's not nearly the burden it seems to someone used to IP tables).
Then watch to see if the firewall reports that an application is making outbound connections. If one does, ask yourself why it needs to connect out, and whether you did something to initiate its connecting out.
The one Achilles's heel here is the multitude of applications that use HTTP connections for one thing or another, and the browser in general. To minimize (but not totally control) this, I route all browsers through two HTML transforming proxies, so many cookies and javascripts never even reach the browsers. Other applications get direct connections, but obly if they need them. My mail client, for example, does not need to connect to port 80 for any reason, so I never worry about web bugs in HTML mail. Browsers (well, the proxy at the end of the chain) can connect only to ports 80 and 8080, minimizing risks a little; connections to non-standard ports must be authorized interactively.
I highly recommend Kerio firewall, by the way; it's free as in beer and quite full-featured. Proxomitron is excellent for transforming HTML. Get an md5sum implementation, or better yet, get Cygwin and have a linux-like environment too.
Opinions on the Twiddler2 hand-held keyboard?
The FAQ from alt.privacy.spyware lists the more popular and trusted anti-spyware/anti-adware tools. Lots of good information and advice in that group.
Yes, I know the programs listed in the faq are a bit windows-centric. But guess which platform most posts on that newsgroup are about.
It doesn't pop it up to alert you to the blocks *unless you choose the option for it to*.
Check out www.windowsstartup.com for a better front-end than msconfig. It checks with their (user-submitted) database and gives descriptions of the startup processes, when available.
You might want to add this to your arsenal as a quick and easy way to see what can be run on startup.
Autoruns from Sysinternals (freeware)
If you go to SpywareInfo's forums, you can get HijackThis, which lists pretty much everything that ever loads on your system, and the experts there can clean it.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
and i'll say it agian..
Two spy/mal/adware cleaners: Ad-Aware, Spybot S&D,
And a Good hosts file that will deal with any future incursions: Http://www.2fords.net/rchapin/hosts.zip
Download the zipped file, then do a search for your old hosts file, backup, and replace it.
First rule of holes; When in one, stop digging.
Not true at all. In fact, I couldn't care less about spyware transmitting information. When I start to care is when I get a call because someone's machine is malfunctioning.
I've seen numerous spyware hijack IE, replace the startup page, install IE extensions to randomly popup advertisements, change how DNS resolution works, etc. I've seen machines where it takes minutes to start up a browser.
I highly recommend Kerio firewall, by the way; it's free as in beer and quite full-featured.
Kerio is trivial to bypass if you bypass the winsock API and program directly to NDIS. I've done this as a demonstration only, but seeing how spyware is so pernicious, I bet you'll soon see spyware doing the same things.
Application-level firewalls are useless if the user has full access to the machine. If the user has the ability to bypass the firewall, a program can do so just as easily and there is no way in Windows to differentiate between messages coming from keyboard/mouse and messages coming from other applications. Similarly, these are useless if the user has the ability to choose whether a program is put in the firewall's "allowed applications" list, as a malicious program can simply fake the user input and put itself there; on the other hand, taking away this ability from the user is not something I'd like to do, as my users should be free to use Mozilla, Opera or any other browser they choose without going through me.
I think we're talking about different things: I'm not concerned about keeping spyware off of my personal workstations, as these machines never get spyware in the first place due to me being careful about what I run. What I care about is keeping employee machines spyware-free while at the same time allowing users to install their own applications without going through me.
Actually, the situation is exactly the same as with viruses: I don't worry about viruses on my personal machines, but I know my users aren't sophisticated enough to differentiate between an attachment called "file.doc" and "file.doc [fifty spaces] .exe", so I install antivirus software on their machines. Similarly, I know they're going to download and execute spyware, so I'd like some tool that runs in the background recognizing spyware and preventing it from running. The paid version of adaware does this, and I consider it a virus scanner that stops viruses written by questionably-legitimate companies instead of individuals.
So there is a place for anti-spyware tools: if you're a sophisticated user on your own machine, you can do without antispyware software, but if you're in a situation where antivirus software is warranted, antispyware software is also a good idea. I just wish McAfee would stop pandering to these spyware "companies" so we wouldn't have to get two site licenses for similar software.
He told me about it a while ago, and swore me to secrecy about what they were doing. He hated working for the company, but he was going through a tough time and he needed the job. He eventually found a better programming job elsewhere and moved on.
I think the first question people ask is, "how could someone do something like this?" Well, the short answer is that the people running the company just flat-out didn't care. They wanted to make money and they found the most insiduous way to do it, with no weight on their consciouses. Personally, I think it's pretty sick.