Spyware Weekly Newsletter :· August 12, 2003
The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/aug12,2003.
Framed by a Browser Hijacker
This article that appeared in Monday's New York Times will chill your blood when you read it. If you have any doubt that spyware and browser hijackers are a real and severe threat, then read this story.
Julian Green, a resident of the town of Torquay, in western England, lost custody of his seven year-old child and nearly was imprisoned because his computer was infected with a browser hijacker. After an anonymous tip, which some people close to the man say most likely came from Green's estranged older daughter, the police seized his computer.
After finding nearly 200 pornographic images of minor children, Green was arrested for possession of child pornography. When an examination of his hard drive revealed several trojans, the charges against Julian Green were dropped.
Quote from the article:
One evening late in 2001, Julian Green's 7-year-old daughter came upstairs from the computer room of their home in the resort town of Torquay, in western England, and said, "The home page has changed, and it's something not very nice."
When Mr. Green checked the machine, he found that the family PC seemed almost possessed. The Internet home page had somehow been switched so that the computer displayed a child pornography site when the browser software started up. Even if he turned the machine off, it would turn itself back on and dial the Internet on its own.
That is a classic example of nearly every single browser hijack I've experienced.. This sort of malicious software does exist. It will infect your computer if you aren't careful. It doesn't matter if you are surfing for porn, searching for cracked serial numbers, looking at music sites or just following a link from a message board.
This software spreads by exploiting java and ActiveX vulnerabilities. It spreads through spam. It spreads by tricking people into installing it. It turns your computer in a pop up porn gallery, and there isn't a single thing that can be done to stop the people who spread them.
Despite the fact that several browser hijackers are targeted as trojans and viruses, according to the law, they have done nothing illegal. The people that distribute browser hijackers and spyware hide behind the ActiveX security prompt. They pretend that the existence of that security alert is an excuse not to provide a proper dialog asking the user if they want the software. They hope that you have lowered your security settings to the point that you won't even receive a security alert.
These hijackers take control of your computer by preventing you from changing your own start page and search settings. They generate vile, obscene, pornographic pop up ads. They infect you with their trojan software and turn your computer in a source of revenue for them, and who gives a damn if your seven year-old child is exposed to enough porn to make Hugh Hefner blush?
Why is it legal to infect thousands of people to drive traffic to your pay-per-click search portal? Why is it legal to hijack a person's computer settings to create pop ups and litter the hard drive with porn and casino ads? Why is it legal to expose someone's children to pornography just to make a few bucks?
This madness needs to end! A man has lost custody of his child and only just narrowly avoided being sent to prison. Do you know what they do to pedophiles in prison? Julian Green very nearly found out.
This has gone on long enough, and it's time to put a stop to it! The time has come to make browser hijacking illegal.
I predict that 30,000 or more people will read this issue. How many of you reading this page have had this happen? How many of you have had your start page hijacked to a porn site? How many of you have had your search page set to a pay-per-click search portal. How many of you have gone through the never-ending cycle of pornographic pop ups? How many of you had to format your hard drive and reinstall windows just to regain control of your own computer?
ENOUGH IS ENOUGH!!
Remember Congresswoman Bono's bill to regulate spyware in the US? It says nothing about dialers or browser hijackers. This is a serious omission, and it must be addressed. Who cares if Gator knows you like yellow toasters and GAP clothing when your 8 year-old son is bombarded with pornographic pop ups every time he starts the computer to do his homework?
The two people sponsoring the Safeguard Against Privacy Invasions Act (SPI Act) are Congresswoman Mary Bono of California, and Congressman Edolphus Towns of New York. All of you Americans out there, contact these people and ask them to include browser hijackers and porn dialers in the SPI Act. Write to them, call them, fax them, email them, walk into their office and talk to them. Do whatever it takes to get their attention. I've sent my letters to both of them. Have you?
http://www.marybono.com/Feedback/Feedback.cfm :: Mary Bono
http://www.cnn.com/ALLPOLITICS/CA/bios/H/413.html :: Edolphus Towns
Links:
http://www.tuscaloosanews.com/apps/pbcs.dll/article?AID=/20030811/ZNYT01/308110346 :: Acquitted Man Says Virus Put Pornography on Computer
http://www.spywareinfoforum.info/articles/hijacked/ :: Browser Hijacking Explained
Downloads
 |
Program: Spyware Eliminator
Author: Aluria software
Platform: Windows 98, ME, NT 4.0, 2K, XP
License: $59.98 $39.99
Download
Aluria's Spyware Eliminator is an excellent program. It cleans out computer usage history that someone snooping around on your computer might use to piece together your computing activity.
ASE also detects and removes advertising spyware, porn dialers, and browser hijackers. ASE also detects and removes most surveillance spyware and keyloggers such as Spectorsoft's e-blaster and Spector Pro.
Spyware Eliminator has just been updated to version 3.0.6, and this program looks better every time it's updated. It now protects your browser's home page settings, blocks ActiveX from known spyware just like SpywareBlaster, and restricts an enormous list of web sites from being able to run scripts or set cookies, just like IE-SPYADS.
ASE is a commercial program, which you have to buy in order to use all of its features. Aluria has started a new advertising campaign that singles out Gator for extermination, and ASE will now detect and remove this unwanted parasite for free.
I can't imagine that Gator Corporation likes this at all, but I think the new ad banners are hilarious. Aluria sent an email to all of it's affiliates with the new graphics, and I fell right out of my chair laughing at them. You can see one of them above. The rest of them can be seen here, including a flash banner that lets you take potshots at the gator.
 |
Author: STOPzilla, Inc.
Platform: Microsoft Windows XP, 2000, NT, Me, 98, 95
Browser: Internet Explorer (Netscape support is planned)
License:
Purchase: Click here to purchase
Download: Click here to download (Must purchase by August 20 for the discount)
STOPzilla was the featured product last week. We have arranged to have the discounted price extended for another week due to an unexpected problem some people experienced when they tried to buy it.
The page at stopzilla.com may have shown the wrong price if you had an existing cookie from stopzilla.com. The cookie will override the price on the page. We have a feeling that a lot of people simply left after seeing the wrong price displayed. For that reason, we want to try it again.
If you go to the page and see that the price is $29.95 instead of $24.95, close all of your browser windows and delete any cookies from stopzilla.com. Go back and try it again and that should take care of it. If not, go ahead and download the program, send me an email telling me you are having problems with the page, and I'll see if I can take care of it. The discounted price is good until August 20, so there is no hurry.
The Matrix, TIA Reloaded
After being crippled by the US Congress, TIA, the Terrorist Information Awareness project, was believed to be all but dead, at least for now. TIA has been criticised widely for being unnecessarily intrusive. However, a similar project now is underway in Florida that is attracting the attention of individual state governments across the United States.
The Multistate Anti-Terrorism Information Exchange, or Matrix as it has been dubbed, combines police crime databases with commercial databases, allowing law enforcement to discern relationships between people and events faster than ever before. The system allows police to access a person's criminal history, driver license data, vehicle registration records, and incarceration/corrections records including digitized photographs, along with a "significant" amount of information gathered from commercial databases.
For instance, if a red-headed man driving a blue Chevrolet Camaro abducts a child, police will be able to look up the names, addresses, and criminal history of every red-headed male living within 100 miles that owns a blue Camaro.
Currently, 135 police agencies in the Florida have signed up for the program, and a dozen other states want to participate. The Departments of Justice and Homeland Security have pledged millions of dollars to the project to help deploy it nation-wide.
Florida's government states that only authorized law enforcement personnel will be able to access the database, and that they will be under close supervision. According to state officials, the system will provide the same information that already has been available to law enforcement for years, but will speed up dramatically the process of accessing that information.
According to a statement on the official Matrix web site, "Information submitted by a state may only be disseminated in accordance with restrictions and conditions placed on it by the submitting state, pursuant to the submitting state's laws and regulations. Information will be made available only to law enforcement agencies, and on a need-to-know and right-to-know basis. Data access permissions will be conditioned on the privileges of the user making the inquiry".
The project's web site makes no mention of oversight to ensure the system is not abused. Messages have been sent to Daryl McLaughlin and Clay Jester, respectively the Matrix project's Executive Committee chairman and Project Coordinator, to ask how citizen oversight will be handled and to ask what criteria must be met for someone to access the database. As of this writing, those messages have gone unanswered. Any response will be made public to the Spywareinfo readership.
Related:
http://www.iir.com/matrix/ :: Matrix Project Web Site
Featured Site
The CoolWebSearch Chronicles
The story of a thousand hijacks
By Merijn
http://75.127.110.25/~merijn/cwschronicles.html
This is an article which details the variants of the browser hijacker known as CoolWebSearch (CWS). In the last few weeks, the people behind this name have succeeded in becoming (IMHO) an even bigger nuisance than the now infamous Lop.
The difficulty of removing CWS from a user's system has grown from slightly tricky in the first variant to virtually impossible for the latest few. Some of the variants even used methods of hiding and running themselves that had never been used before.
The chronological order in which the CWS variants is detailed here, along with the approximate dates when they appeared online. However, even though the evil programmers of CWS have released over half a dozen versions of their hijacker on the advertising market in such a short time, it should be mentioned that to this date, no one has caught an live CWS installer.
I was planning to write an article very similar to this one, but Merijn beat me to it. Merijn is the author of HijackThis, StartupList, CWShredder, and more. He is a university student living in The Netherlands. If you have ever had your browser hijacked and received help fixing it on a message board, most likely you have used HijackThis.
CWS has become the new lop.com. It is annoying, it is tenacious, and the infection is widespread. There are scores, possibly hundreds, of affiliated web sites around the world. As I write this, we know of 81 different affiliate web sites to which people have had their browsers hijacked.
The name CWS covers all of these web sites, and the many variations of the software that hijack a victim's browser to them. Some of these variants are targeted by antivirus products as trojan horse viruses. Computer Associates has it listed under the following aliases: Win32.Startpage.C, JS.CSSPopup.B, JScript/IEstart.Trojan, and Win32/IEstart.Trojan
What is the purpose of this trojan that hijacks the web browsers of so many people? That's simple, it's all about money. These affiliate web sites are paid for each click they send to coolwebsearch.com, and coolwebsearch.com is paid for each click they send to advertisers. Most of the sites listed there probably have no idea about the methods used by the people they pay to increase traffic to their web sites.
Links:
http://www.spywareinfoforum.info/articles/cws/ :: CWS article at SWI
http://www3.ca.com/virusinfo/virus.aspx?ID=35839 :: CA trojan info page on CWS
http://http://75.127.110.25/~merijn/~merijn/files/cwshredder.zip :: CWShredder download link
Caspian Launches Worldwide Gillette Boycott
http://www.spywareinfoforum.info/articles/gillette/caspian,812.php
CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) is calling for a worldwide boycott of Gillette products since the company failed to renounce a Gillette Mach3 "smart shelf" spy system.
"We have corroborated evidence that a Gillette 'smart shelf' fitted with radio frequency identification (RFID) devices can sense when packages are removed from a store shelf and, in response, take pictures of consumers handling them," says CASPIAN founder and director Katherine Albrecht. "Tracking and photographing consumers without their knowledge and consent is unacceptable."
CASPIAN sent an open letter to Gillette VP Dick Cantwell July 21 requesting information about the smart shelf and Gillette's item-level RFID tagging of consumer products. The group also sought assurances that the company would not condone the photographing and tracking of consumers anywhere in the world.
"Since Gillette failed to renounce the photographing and tracking of innocent shoppers, we can only conclude that they plan to continue down this ill-advised path," says Albrecht. "We want to send a clear message to Gillette and other companies that consumers will not tolerate being spied on through the products they buy."
I can't decide if I want to support this boycott or not to be honest. What Gillette is doing really is over the line. It's one thing to track where your merchandise is. It's another to snap a photograph of every single person that picks up a package of razors, and then treat those people like criminals because they aren't photographed buying that package when they leave.
Having worked in a warehouse for years, I can tell you that these tracking devices are a good thing. Far more work can be done for the same effort using technology like this. I've never worked in retail, but the benefits of being able to track exactly where each piece of merchandise is at any given moment is obvious to see. Although I disapprove of Gillette's methods, using RFID tags to combat petty theft of merchandise in an ethical manner will save all of us a considerable sum of money.
As beneficial as this technology is, it does need to be kept under tight regulation. They are, after all, designed specifically to be tracking devices. Retail shops should be forced - by law, not voluntarily - to disable these tags the moment the merchandise they are attached to are purchased. Once you have bought something, it ceases to be merchandise and becomes private property, and no one outside law enforcement has the legal right to track it.
Why is it so difficult for the few retailers pushing for adoption of this technology to agree to do this voluntarily? They know good and well that privacy fears are going to cause a massive backlash against the use of RFID tags. Nevertheless, they refuse to agree to disable these tags unless the consumer requests it at the time of purchase.
Why? What use are the tags to them once the tag is out of the store? Why refuse this simple thing that will avoid a messy fight with their customers? Do they have plans for these tags that they aren't discussing publicly? Maybe it takes something on the scale of a general boycott to knock sense into some of the people in control of these huge corporations.
Corrections and Goofs
Ok, you caught me. I goofed. 
Last week, I quoted someone that had installed Windows 2000 Service Pack 4 and posted to a web site that it had turned on his auto-update service. His exact words were "I regularly disable the Automatic Updates and the BITS services on my servers..." and "It seems SP4 will set those two services to run again...".
I misunderstood what the person I quoted was saying. I thought he was saying the service pack repeatedly was turning the updater back on. According to others who have this service pack have written to me, it appears that what the poster meant was that it turned his update service back on once during the service pack installation.
In other words, while the service pack does turn on a service you may have chosen to disable, it only does so once, during the installation. Once you turn it off yourself, it stays off. It does not turn it back on over and over. I apologize for the confusion.
To the several dozen people that have written to point out my mistake politely, thank you.
To the trolls who felt the need to send juvenile flame mail, I have a word to introduce to your vocabulary. That word is "maturity", which you can read all about here.
Last week, I linked to Bear Pond Books bookstore in Montpelier, Vermont. Bear Pond Books is one of many book sellers purging customer records rather than be forced to turn them over to someone invoking the Patriot Act.
Unfortunately, I messed up the address to the site. The address to the site is http://www.bearpondbooks.com. Go have a look around.
Related:
http://www.w2knews.com/anecdotes.htm :: Windows 2000 SP4 comments
Recommend SpywareInfo to a friend
Do you like SpywareInfo and this newsletter? Then please tell a few friends about it! We are trying to come up with ways to increase the number of visitors to the web site and the number of subscribers of this newsletter.
Recently I signed up for RecommendIt's service, also used by Scot Finnie and Fred Langa. When you use RecommendIt's service to send a link to a friend or family member, you can also choose to enter a contest with a grand prize of $10,000.
The privacy policy of the site looks solid and I did ask around if anyone had heard anything bad about it before I signed up for it. You can use their service to recommend SpywareInfo to someone you know at http://www.recommend-it.com/l.z.e?s=881459
Of course, you don't *have* to use RecommendIt's site to send a friend a link to the site. Just sending an email will also do the trick.
Links:
http://www.scotsnewsletter.com Scot Finnie's Newsletter
http://www.langa.com/newsletter.htm The Langalist
