Spyware News

I happened across this article and thought it interesting enough to share.

http://news.yahoo.com/s/zd/20050808/tc_zd/157623

Horrific.

One reason its so much safer running a Mac. Too few of us for the criminals to bother. And I run a wonderful application called "Little Snitch" which watches all communications with the internet and consults a list of permitted ports and servers with which each application is allowed to communicate. Any new one, it asks your temporary or permanent permission and updates the file. Any one you've disapproved in the past just gets blocked. All via a smooth and intuitive interface.

I'm sure the PC has something similar?

Not perfect though. If an app needs permission to use a port for its normal work, accessing many servers, then abuses that same port, you have a problem.

I suppose you would need to flag up any site it visited "too often". A Little Snitch desired enhancement.

What I do at the moment with a new suspect app is make Little Snitch report each server it accesses. and I watch until I decide its all clear, and give permanent permission.

If you do detect suspect behaviour, you can block access to just that one server for ever, and go on enjoying the legal aspect of the apps facilities.

I just ran spysweeper and got 6 instances of ad programs.

on C|Net: http://news.com.com/ID+theft+ring+hits+50+banks%2C+security+firm+says/2100-7349_3-5823591.html?tag=cd.top

If you've not patched XP to release 2, you might consider it after reading this.

Remember, kids:

1) Friends dont let friends use IE. 90%+ of all spyware problems can be avoided by simply avoiding IE.

2) If you must use IE for some reason, for the love of god, SHUT DOWN ACTIVE-X.

3) Don't be an idiot: Freeware programs on the internet often come with spyware. If you download a program from a site with a bajillion popups, it's probably filled with spyware. IF you download something with the name FREE in it's title, it's probably filled with spyware. If you have any reason to not trust the program your downloading, its probably filled with spyware. "Helper" programs, like search bars, weather update taskbar programs, news and stock market scrollers, e-mail checkers, etc are some of the worse offenders here.

4) Monitor all installs. First with a good spyware check application, but also your own eyes... Does the EULA say something like "And you agree to allow partner applications to be installed", or does it pop up a second EULA after you agree to the first, or something? That's spyware being installed most likely.

SPYWARE MY ASS!

That's doing the same thing as a trojan! And legally it had better start getting treated the same--very seriously.

I hope those scumbags get prosecuted to the full extent of the law. They should make an example out of them.

What a bunch of morons - how did they think they could get away with it?

"There is a sucker born every minute."

- PT Barnum

I'm sure I'm preaching to the choire here, but let's not confuse OSS/homebrew software with this sort of crap. A better prognosis would be to watch for the warning signs you mentioned. Namely:

1) Program contains adware
2) Site is not very reputable; contains popup and "FREEFREEFREE" logos everywhere
3) Program asks you to "install the helper" tool(s)

Or once installed:

1) Browser is unresponsive to user commands
2) Bandwidth peaks for no apparent reason
3) Popups routinely appear on desktop, even if no browser is open


If you desperately want something for free, look for the Gnu logo or get it off NoNags. Even with the latter, many of the programs contain some spyware (that's usually listed on install), so be careful.

---------

As for this find, it's nothing short of despicable, yet par for the course in today's information wars. I recently finished a class in Marketing (required for my degree, sadly), and the professor phrased spyware like it was the Holy Grail. Scary as hell.

My advice would be to arm yourselves with a copy of AdAware, Ethereal, a decent firewall solution (example), and an alternate browser than IE (example). Learning how the Windows registry works is also a plus.

It's a damned shame you have to do this as a Windows user these days, but given the sort of "support" the software gets, your best tool is simply knowing these things exist.

I also just gleaned this from the related blog, which is now on my reading list for some unrelated articles (thanks!) -


Sick indeed.

You're right. I mulled over different titles and chose one that was insufficient.

[Edit: bummer. The title on the forum doesn't update. That blows.]

Well, you weren't wrong, that thing is always called spyware. And "technically" maybe it's not a trojan--I'm not sure if it's possible to get it from simply visiting a website and not installing anything.... But what I'm getting at is that spyware should be a much higher priority, up there with viruses and such. If not even higher than viruses-- viruses usually screw things up, and since they're mostly Windoze based they tend not to hit really important systems... but trojans or spyware steal information-- much more dangerous IMO.

After reading this thread and the one about Asri Falcone's identity theft, I pulled down Microsoft's little Beta adware-snuffing thingy. Sure enough, I had one roosting.

I had my new machine up and running with IE for a full day before I got around to switching to Firefox...I guess maybe it snuck in during that time?

*sigh*

I'm not technically adept enough to know much about more complicated weapons than Norton, McAfee, etc. but it looks like I'll be learning about the suggestions made in the Asri thread PDQ.

-- jj

Upon further examination, my poor, poor lappy was infected with this keylogger. Glad I make it a policy to not divulge personal data when I'm on it. It was also enough to make me change all of my passwords to be doublesure.

Here's the fun part:


Basically, this is why I use Firefox behind two routers I own and manage. Poor, poor lappy and unsecure college networks.

Guys...it's not a matter of the people having their stuff stolen in this instance of being suckers or idiots. Almost all of them are probably just not techie-types, and, from the way this sounds all this stuff was going on behind the scenes. It's not like people clicked yes to a dialog box asking to send all of their key presses to a remote server "for survey purposes", or meeting a guy off the street who "promises to pay you back" if you lend him gas money.

Part of the problem with Windows boxes and malware (spyware, adware, trojans, etc, etc) is their prevalence. It's the most common OS for consumer use, period. The bad guys know this, and they target their malware to Windows machines because of this.

Another major issue is the fact that almost everyone who uses an NT-based OS (Windows NT/2000/XP/2003) is running as Administrator, will full privileges. Even if you know what you are doing, you should never, ever run as root unless you are actually admining the box. Period.

Another issue is the fact that Windows OSes are vulnerable right out of the box. There is really no reason whatsoever for IE to allow BHOs by default, for example.

What's even scarier than spyware is these crazy little things called rootkits. They have been around on *nix machines for some time and are highly developed. Rootkits force the OS API to lie about their existence, and allow users to do what they wish with your machine. No scanner operating within the compromised OS can fully detect them.

With Microsoft's transition of a permission based OS (ie, the NT core) for all of their OSes, these nasties are showing up are showing up for Windows boxes. I've fought a few, and they're not nice. What's worse is the fact that some malware has been using rootkit-type antidetection methods, and it will only get worse.

That being said, when I have to use my credit cards or give my critical information online, I use a bootable preinstallation environment. It's CD based, and nothing can be written to it so I know it's clean. Sure it's inconvenient, but then again so is identity theft.

Hah, you're doing the same thing as a guy I know. He has a "read only OS" of some kind used for financial stuff.

Downside is, that your OS is going to get outdated eventually, since it's not getting patched. It's a huge hassle really...

Dunno what to say about the windows admin account thing. If I used a regular user account I'd be wasting so much time re-logging it's not even funny. Windoze's speed isn't helping things either. I rely on other methods to secure things..that's like a last resort. I don't want to ever get to the point where I'm dealing with something malicious, whether it's able to do any damage or not.

The problems are really twofold. In general, my laptops are the only computers that ever see these little nasties, and that's due to them being taken to networks run by people that have no idea what they're doing. The best antivirus/software firewall in the world won't save you against all vulnerabilities in the Windows OS, especially when the network is insecure.

The first problem is the simple fact the Windows OS CAN lie to itself. The most flagrant offender in this area is the Windows "Temp" folder, where just about any can of worms can run (mostly) undetected. There's roughly a 50% chance any malware you have will be running out of Temp, especially Trojans.

The second problem is the fact Microsoft does not disclose the processes it runs, because they want to spy on you too in some respects. If you'd like to see the kind of stuff they run in the background, type in "msconfig" to the command line. That'll list some of it.

The latter is really the buzzkill here, because unless you know the secure files of Microsoft by heart, it becomes a pain to figure out which are parts of the root OS or some program, and which are not.

In this case, the software masks itself as "svchost" and several other commonly-named processes. The Windows OS, being too stupid/ignorant to mind an invalid process using its EXACT name, goes along happily.

I routinely see people surprised by the state of their security, and these range from the completely ignorant to the tech paranoid that run Norton and other end-user security tools. Including myself. This has really become par for the course, and if your response is a resounding "This has never happened to me" as a Windows user, either you're not on the Internet or need to look again.

So the moral of the story is, there's really no privacy on the internet, especially if you run Windows. The best we can really do is come to terms with this fact and plan accordingly.

Actually, I haven't (seen) anything serious yet on my own system here. Of course there's been "stuff" found by scans, mainly cookies and trivial crap like that. I'm just sayin, don't go after the victim calling them ignorant or stupid because they let spyware or a trojan in. Go after the bastard@#$%ers who are making the stuff. Just thinking about it makes me want to punch them in the face! lol...