Spyware Weekly Newsletter :· June 30, 2004

The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/june30,2004.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

Permalink | Top

The Internet Storm Center has announced a very scary discovery. They have found a browser hijacker, installed as a Browser Helper Object (BHO), that will monitor what are supposed to be secure, encrypted browsing sessions and steal passwords. These passwords then are forwarded to a web based script at www.refestltd.com. It appears that this site now has been deleted.

The hijacker is loaded from a web page as if it were a .gif image file. The file is not really an image. It is a compressed trojan dropper that installs a .dll file as a BHO. How the trojan is executed is unknown. The most likely explanation is that the page calling the file exploits some flaw in Microsoft Internet Explorer.

If any more information is discovered about this new hijacker I'll be sure to mention it here.

Permalink | Top

Program: Spyware Eliminator, Dr Speed, Everlasting Pop-up Stopper
Author: Aluria Software LLC
Platform: Windows 98, ME, NT 4.0, 2K, XP

This week we have a triple feature. We have Aluria Spyware Eliminator, Aluria Dr Speed and Aluria Everlasting Pop-up Stopper bundled together. That is $100 worth of software. For one week, until July 6, you can have all three of these programs for $39.99. Use this link and click the flash banner on the right side that says "Sale". Enter the coupon code SpywareInfo to receive the discount.

Dr Speed is a program designed to tweak your internet connection. Out of the box, Windows does not deliver the best possible internet speed. Dr Speed will test your connection and tweak certain registry settings to make browsing and downloading go faster. Everlasting pop-up stopper does just that, stops pop-ups from springing up all over the computer while you surf the internet.

Aluria Spyware Eliminator is a fantastic spy killing program. It finds adware. It finds browser hijackers. It finds advertising spyware designed to gather your browsing and searching habits. It also finds commercial surveillance spyware designed to monitor your keystrokes and steal your credit card numbers.

ASE also helps to protect your computer from various browser hijackers. It includes a list of ActiveX CLSID (ID numbers) associated with known spyware and hijackers, as well as an IP address blocker. ASE also adds a long list of web sites known to install spyware into Internet Explorer's restricted zone. It also protects against HTA scripting, a technology being abused by many hijackers. It even will watch to make sure your home page has not been altered.

When set to "full scan", ASE will scan active processes in memory, the registry and every disk drive in your computer. If you prefer, you can have it skip the memory, the registry and can pick and choose any combination of hard drives and folders. If you have a program you can't do without that requires a bundled adware, you can add that adware to the exclusion list. If something breaks after removing a piece of adware, you can restore what you removed.

This is a Spywareinfo exclusive offer. This price is not available anywhere else ... it is only for the Spywareinfo readers.

Permalink | Top

Merijn Bellekom, author of HijackThis and CWShredder, is beginning classes for a Master's Degree in computer sciences. Unfortunately, he is unable to keep up with his studies while fighting what is essentially a one-man war against the CWS trojan. CWS is continually updated and every new mutation is nastier than ever. At this moment, the only program that can find and remove nearly all variants of CWS is CWShredder.

Merijn has announced that he will discontinue updating CWShredder while he concentrates on his studies. Not to worry though, we have other tools available that will remove CWS, although they require the guidance of someone trained to use them. I also will be pushing the developers of regular antispyware programs to improve their detection of CWS. No other program will detect or remove as many different variants of CWS as Shredder. Hopefully that will change soon.

On a side note, we still need a massive infusion of new blood at the message board. There are more browser hijackers now than ever. More than 30,000 people visit our message board every day. Nearly 1,000 people register and ask for help on a daily basis. We are overwhelmed and need more volunteers. If you would like to fight on the front lines in the war on spyware by helping people clean their infected computers, please read this post at our message board.

The pay sucks (in fact, there is no pay), no medals are given out and some of the members will drive you nuts by not following instructions. However, the first time someone writes back and says "Thank you. You've saved my computer", that is an awesome feeling. Plus, it's good karma. And it's fat free. And..... just go read the page and sign up.

Permalink | Top

Last week, I wrote a piece about the Spanish Civil Guard arresting five men for operating an illegal dialer operation. I said that the dialers would disconnect the infected computer from the normal ISP and call a long distance number. That was an error.

In fact, the dialers were calling "value-added" phone numbers within Spain, not long distance numbers. These numbers are similar to 900 "per minute" phone numbers in the United States. Those numbers will be available to telephone customers only if they opt-in for them in the future to avoid this problem. Additionally, the Civil Guard closed down 150 web sites that were responsible for distributing these dialers illegally.

Permalink | Top

Reader Emiliano Martin from Argentina sent the following letter. The opinions expressed within are the author's.

Some months ago, I bought Norton Internet Security 2004 (NIS). It's pretty useful and protected me, big-time, even with the latest virus. However, I don't like the Norton AntiSpam (NAS) application. It was never that effective. Some of the SPAMs were left in the inbox folder and some of the "valid" emails were tagged as SPAM and moved to the spam folder. I didn't care that much because I don't receive much spam. I used to go to the spam folder and rescue the false positives.

The problem is that NAS adds the text "Norton AntiSpam" at the beginning of every spam email. You can go to the spam folder and rescue a false positive but this annoying tag remains in the subject. So, if you like a particular email and would like to leave it in your inbox, you'll have to bear the fact that the subject states "Norton AntiSpam". Since I am too fussy, I de-activated NAS from my system because I didn't want Symantec invading my emails.

Unfortunately, my ISP bought NIS to provide all their clients all these features. The NAS is running on their server and scan all email that arrives. There is absolutely no way (despite what they say) to configure the NAS. This means that I'm receiving emails from my mother, my girlfriend, my friends and even from myself with the text "{posible spam}" (Spanish for "possible spam") in the subject. Some of those emails are worth saving but I hate to have them tagged that way.

Apparently, they think they have more rights than I do over my emails. They had the nerve to tell me that I should remove the rules (or methods) I was using to filter SPAM in my own email program which might lead to delete false positives (caused by their NAS).

They claim that the system can be configured. For those who don't speak Spanish, their instructions have nothing to do with configuring NAS on their email server. The instructions are for configuring your own email client to move the emails, tagged by NAS on the server, to another folder. In other words, my mother's, my girlfriend's, my friends' and my own emails are bound to be moved to that folder.

This method is far from being effective. If you can't configure the white-list and/or the black-list, there's a huge chance of getting lots of false positives moved to the spam folder. Hence, the subject line tags only bothers the user because it cannot be used to filter at all.

I'm seriously considering to stop using their email server (and my email address) because I don't like to be invaded that way. If any of you are in this ISP area (Argentina), and/or are considering an application for a subscription.... THINK AGAIN!!! The service support sucks, they are not willing to analyze anything a user suggests and they will invade your emails with tags which are of no use at all. You have been warned!! ;-)

Permalink | Top

I do not intentionally link to web sites that require registration before allowing visitors to read the article. At the time I read these articles, I was not required to register. If one of these sites requires that you register before allowing you to read the article, please let me know and I will blacklist that site.

http://www.baltimoresun.com/news/nationworld/bal-te.library24jun24,0,3748518.story :: Librarians set aside 'shhh' to speak out for privacy

http://www.cnn.com/2004/TECH/internet/06/24/internet.attack.ap/index.html :: Experts studying Internet attack

http://zdnet.com.com/2100-1105_2-5247187.html?tag=zdfd.newsfeed :: Researchers warn of infectious Web sites

http://www.k-praxis.com/archives/000101.html :: Adware, Spyware, and Zombie Machines

http://www.theregister.co.uk/2004/06/24/spyware_crosses_line/ :: When spyware crosses the line

http://www.out-law.com/php/page.php?page_id=spywareadwaremal1088077115&area=news :: Spyware, adware, malware, thief: what's in a name?

http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=5506760 :: Anti-Spyware Bill Advances in Congress

http://www.benningtonbanner.com/Stories/0,1413,104~8670~2234123,00.html :: Our privacy is under assault

http://www.indystar.com/articles/3/157551-7913-021.html :: Protecting privacy in era of terror

http://www.wired.com/news/infostructure/0,1377,63978,00.html :: An Arsenal to Combat Spyware

http://searchwin2000.techtarget.com/originalContent/0,289142,sid1_gci990410,00.html :: One company's spyware is another's monitoring tool

http://www.reuters.com/newsArticle.jhtml?type=healthNews&storyID=5519346 :: Patient Privacy Often Compromised

http://www.technewsworld.com/story/34775.html :: Spyware: The Next Spam?

http://www.kansascity.com/mld/kansascity/business/9016201.htm?1c :: A search for work and privacy

http://www.jdnews.com/SiteProcessor.cfm?Template=/GlobalTemplates/Details.cfm&StoryID=23666&Section=Opinion :: Court undermines basic privacy right

http://www.stuff.co.nz/stuff/0,2106,2956761a11,00.html :: Secret filming to be made illegal

http://zdnet.com.com/2100-1104_2-5250383.html :: Google feels spyware strains

http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,94128,00.html :: First Online Data Privacy Law Looms in California

http://www.vnunet.com/news/1156261 :: Spyware support costs run into millions