Non-Technical Users Talk Malware

swirsky writes "The Chicago Sun Times is running an article detailing the experiences of non-technical users after they were infected by spyware, malware, and viruses. We cluck our collective tongue and think that we'd never be so stupid, but this is a major problem that plagues personal computing." From the article: "The study found that spyware has disrupted the computer lives of 43 percent of surfers. That means an estimated 59 million people have spyware or adware on their computers, the study found. Adware is defined as tracking programs that come bundled with other software and that users knowingly download, although they don't necessarily want the adware."

It's not just the non-technical users

[DanielMarkham]

I downloaded my first program with BitTorrent a few weeks ago -- a TV show that my VCR failed to record. While doing that, I accidentally clicked on a certain part of the web page. Bingo slammo, my system was infected with spyware, this nasty Aurora and nail.exe
Being a technical guy, familar with the registry, COM, and how windows works, I went about trying to kill this pesky snake. A few hours later, after saying some words I won't repeat here, I decided to wipe the machine and start over (it was a lighly loaded box, so no major loss)
I could have gotten SoftIce and gone into kernal mode to trap this bastard, but it was way beyond my effort vs. reward tolerence level. Spyware has gotten so complicated and sneaky nowadays: to me it is worse of a threat than virsuses ever were.
Now I run double anti-spyware programs in addition to my A/V and firewall. I think that we technical people are also misunderestimating the danger posed by this junk to our own machines.


Run With the Bulls, Swim With the Sharks

Re:It's not just the non-technical users

[AnObfuscator]

Okay, sorry if I am sounding like a jerk. I really just want to know how this can happen!

You somehow assume that you actually have to "click" a link and "save to disk" to download a file through IE. This is not so. Sites can use IE to install software on your computer, without your knowledge, even with all the preventative measures you mentioned. This is possible with what are known as "exploits" in the system. The insecurity of IE is not so much the default settings, as it is that changing the settings means practically nothing. That is why IE is flawed and broken beyond belief with critical security vunerabilities.

If you want to see how easily a PC is infected without you clicking, saving, or knowing ANYTHING, this series of articles will help: http://isc.sans.org/diary.php?date=2004-07-23

Re:I thought I was immune too

[MoonFog]

How many were cookies? The only adware I've really got were tracker cookies from doubleclick etc. Those are recognised as infections in AdAware, and they are easy to get if you forget to turn off cookies.

Claria and HomeSec

[Tackhead]

> An thanks to Microsoft it looks like *every* Windows computer will be infected with spyware in the next veriosn of Windows.

Gator, er, Claria, is not spyware.

Gator CPO at the Department of Homeland Security.

D. Reed Freeman, the "Chief Privacy Officer" of Claria Networks (formerly Gator), the creators of the pervasive spyware package GAIN, has been appointed to the Department of Homeland Security's "Data Privacy and Integrity Advisory Committee"

Legitimized by Microsoft and with representation on HomeSec DPIAC, Gator is now officially securityware, Citizen!

And if you've got some sort of problem with that, take it up with the boss, namely HomeSec's Chief Privacy Officer. She's none other than Nuala O'Connor-Kelly, formerly of Doubleclick.

What's with the head-on-desk-thumping motion? I'm not demented enough to make this shit up!