Spyware Removal is Big Business

prostoalex writes "Just when you thought all the software niches were taken, IDC comes out with the report saying $12 million was spent on spyware removal tools in 2003, and $305 million will be spent in 2008. IDC also estimates two-thirds of PC users out there are infected. Large PC vendors are waking up to the spyware threat, having their call centers overwhelmed with spyware-related calls."

Re:And it's too bad...

[stecoop]

...in primarily Internet Explorer.

Yeah you can look at the rate of change in browser usage. The fastest growing market in terms of percentage growth is the Mozilla family - I dont know of any spyware getting through Mozilla yet.

Spyware removal is huge business for me!

[31415926535897]

I can tell you that spyware removal is about 90% of my consulting (side) business these days. I can usually rake in an extra $300-500 / month thanks to all the spyware problems. I feel bad when I have repeat customers, but I do spend a good amount of time educating the users and immunizing their PCs, but they always find new ways of getting spyware on their computers (it always seems to be the kids and their p2p "needs"...).

Now, as an industry, I don't understand why so much money was spent. There are outstanding tools and tutorials on removing every type of spyware, and every it seems like all the best ones are free.

If you want any pointers or tips on spyware removal, and you don't live in my area :-), I'll be glad to help you anything I can.

Re:Spyware removal is huge business for me!

[inquisitor]

Not really true. Some CWS variants are really really hard to remove (in extreme cases, using the oxymoronically-named HackerDefender rootkit to disguise itself, plus hide and shut down CWShredder, AdAware, Spybot S&D et al when you try to install them), but everything is possible.

Basically, if CWShredder, Spybot and AdAware don't work for you, and you can't see anything on your HijackThis! log, first step is to search on the now slightly outdated CWS Chronicles and then on many of the excellent anti-spyware forums out there, all of which have encountered more variants of CWS than you could ever imagine. If you can't find someone else with the same problem, then post your HJT logs and other stuff and someone should be able to help you.

These parasites (it's not all spyware anymore) are now really, really, really out of hand - the CWS people, especially, but there's even worse people out there - and something needs to be done to stop them. Unfortunately, that's not going to happen anytime soon - since the companies that make most of these are "legitimate businesses", as opposed to idiot teenagers with Visual Basic. Shame.

Re:How much to charge

[larsoncc]

I have a "regular job", but I can't help but being drawn into this.

I charge $50 per clean. About 30% of the time, I get a tip too, ranging from $5 to $20. I always call em back a week later to be sure they're happy.

Reinstallation may sometimes be necessary (not often). Sometimes, it's far less time consuming.

I never do a "freebie" anymore. There's just too many of them. I'd drive myself mad.

Two thirds???

[mediaslave]

I am a consultant for a small IT firm in Manhattan. We do a lot of small businesses, home businesses, and even home clients. Spyware turns out to be the culprit in probably 90% of our "my computer is slow/not working" calls we get these days. We make it mandatory for all of our techs to install and run Spybot and Ad-Aware on any machine we work on, and I have NEVER seen (or even heard of) a machine with no spyware on it. The third of machines that are uninfected must not have internet connections. Even with Spybot's protective measures activated, an Ad-Aware scan a day later will find something.

Re:How much to charge

[PalmerEldritch42]

I've been doing this for a few months now and my standard rate is $50 to get started. An easy removal (Spybot/AdAware) will be just that. If it gets more complex and requires any real work (registry hacking, TCP/IP stack repair, etc) then the price increases- so far, I have not gone over $75, but I can envision some infections that will be more expensive... I have a policy where if the stuff comes back within 2 weeks (generally meaning I did an incomplete job), I will fix it again for free. If they get reinfected again after that (which I assume means they have been doing something they shouldn't), I charge another $25.

In addition to the removal, as a value added service, I do a good bit of training- including how not to use IE/Outlook (I install Firefox/Thunderbird for them) and how to not open attachments, etc. If they continue reinfecting themselves, I just keep coming out and charging them again and again. It is quite a cash cow for some of these folks who must go to their little java game sites and who open every possible thing that they are sent...

It is even easier in many cases where I can do the entire thing through NetMeeting from my house, so I get paid full price and don't even have to leave home.

Pretty Big Business

[EntrancedX]

I used to work for a "big retailer" and I saw how much business the on-site "computer technicians" were making from Spyware cleanup. Well... $50 a pop. The funny thing is they were using Ad-Aware only to provide this "great service" for their customers. So as long as there are customers willing to pay all this money for such a service, then the business is going to be booming. *Ohh yeah... using Firefox may help a little.

Re:And it's too bad...

[ssj_195]

In the latest versions of Firefox, all .xpi installs are blocked, except from sites included in a very small whitelist. The user is informed that a site has tried to install software, and that you must explicitly add the site to your whitelist if you want it to install. It's not a perfect solution, but it does at least add to the number of steps required for someone to install a .xpi on their system.

In the end, though, the only way to combat user stupidity is through education (an uphill struggle) or by denying them the ability to install any software on their own system (which I balk at). It's a sad state of affairs :(

i'll second that!

[ecalkin]

I'm sitting around with such letters as CNE/CNI/MCSE/MCT/CCNA etc, and probably 75 to 90 percent of the dollars i've earned in the last 4 months are from disinfection.

It's nice to pay bills but it gets kinda depressing making money off of other peoples misery.

eric

Spyware / spam prevention

How to help prevent spam/viruses. Most of this information is common knowlege for the IT savy but can be a good cluestick for the relatives.
FireFox http://www.mozilla.org/products/firefox/ is a web browser that is much more secure then Internet Explorer. I have been using it for many
months now, it is very stable and has a small fraction of the security problems found in IE.
Ad-Aware http://www.lavasoftusa.com/software/adaware/ is a spyware finding and removal tool. This is one of the best anti-spy ware programs available and should be run at least twice a week.
Spy-Bot http://www.safer-networking.org/en/index.html is an excellent compliment to AdAware and should be run also twice a week. The combination of both Adaware and SpyBot make for great security.
Trend Micro http://housecall.antivirus.com/housecall/start_cor p.asp has a free online virus scanner that I run once a week. It has found viruses that Norton did not detect.
Microsoft's windows update http://windowsupdate.microsoft.com/ should be
checked often to patch your operating system. I would suggest you install the updates.
Zone Alarm http://www.zonealarm.com/store/content/company/zap _za_grid.jsp If you do not have a Firewall router at home or are using dialup. Make sure you have some sort of firewall running on your machine. This one is pretty good and free.

Here is a mini guide I wrote up on how to prevent from getting spam.
1. Do not give out your work email address to anyone not work related. Do not give it out to relatives.
2. Do not use your primary email address to sign up for things online, use a email from hotmail or gmail.
3. DO not use your work/primary email to post on message boards or USENET unless they are closed and protected forums.
4. Do not sign up for free giveaways, even if they are work related.
5. Do *NOT* forward jokes or other such emails. Discourage people from forwarding them to you. These emails hold a massive list of email addresses and will eventually end up in the hands of spammers.
6. Do *NOT* reply to any spam asking to be removed or to "unsubscribe." It just guarantees that you will get more spam as you have confirmed it is a
valid account.
7. Do not buy anything form a spam email. This only encourages the practice.
8. If you get spam in Outlook, go to "File", then "Work Offline" and then delete the email messages. Selecting the email message for deleting opens
it, this can cause a virus to be downloaded or download pictures that have unique tag. With the unique image tag, a spammer can tell when you
opened the email and that your account is valid. By using the "Work Offline" mode, no images will be opened.

You can find these links at my site http://www.friendsglobal.com/

Too much spyware and NO Login Connection on AOL

[lcsjk]

Three days ago I helped a friend who could not get connect her modem to connect to AOL. I tried everything including uninstalling AOL and deleting registry entries until my eyes got blurrry. Re-installed to find that AOL still pulled up her ID and Password from somewhere. I even called AOL support to get a new password - still no connection. I used Hyperterminal to call the AOL number and connected so I knew the system should connect.

Finally, I ran a copy of AD-AWARE and SPYBOT-S&D from a CD I had with me. After removing nearly 200 data miners and some files, the system connected on the first try. I have not yet notified AOL of the problem, but I expect others have had the same problem.

Re:The REALLY nasty malware...

[Jakhel]

For the DLL's

For mucking around in the registry

And one last good all around resource

have fun and good luck.

Re:And it's too bad...

[nelsonal]

I think the problem arose from Moore's law. Computers got too cheap too quickly. Think about another complex tool that transitioned from capital good to consumer product. I will use cars, but you could substitute power tools (think table saw or 1/2" drill), airplanes, or telephones. With autos, they existed for several decades before mass consumer adoption, mostly because until Ford developed the assembly line (and even in the early part of that) you needed to either be quite wealthy or have a real need use the device. By the time mass adoption was reached, the device had been simplified, and consumers had been educated that this could potentially be dangerous, so they learned at least something about the operation (and potentially basic maintenance) of the device. Computers moved to a price that allowed mass adoption much faster, and buyers assumed they were buying devices that had undergone the bug checking of other consumer products so they didn't take any more time to learn about the product they were buying or installing.
After 20 years of debuging there are PCs out there that have reached that level of simplicity, they are called X-Boxes.

Re:windows is partially at fault

You are juste asking Microsoft to write a version of SUDO for windows and to set intelligent permissions on their system files, Apple already does this... but a user that has no understanding of what is going on will just enter the password as soon he is prompted for it...

Now about the other browsers, Firefox 1.0 has a feature in it that offer users to install browser plugins automatically, I wonder what are the limits of what those plugins can do to your computer? (I really don't know, they may or may not be a threat)

Re:Of course it is! Spyware only did good for me!

So, like we need "-1: TMI (Too Much Information)"