Spyware Weekly Newsletter :· August 4,2004

The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/aug4,2004.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

Permalink | Top

Adware maker 180Solutions has filed a lawsuit against two distributors of its software. The suit claims that Internext Media and its distribution partner Aztec Marketing breached a contract by using security flaws to install the I-Lookup toolbar on unsuspecting computer users.

In June, a security researcher discovered that a new toolbar, I-Lookup, containing software from 180Solutions was being installed surreptitiously on PCs by exploiting a previously unknown Windows security flaw. I-Lookup is distributed by Aztec Marketing, which is an affiliate of Internext Media. Internext Media is run by the Yomtobian family, the people responsible for the Xupiter browser hijacker.

Upon learning about this unethical method of installation from the SpywareInfo developer's mailing list and from other sources, the Centers for Democracy and Technology contacted 180Solutions about I-Lookup. Those discussions led to the current lawsuit.

Software from 180Solutions, such as N-Case, has been installed on computers without permission for a long time. New software from the company even steals commissions the company has not earned, according to spyware researcher Ben Edelman.

180Solutions claims to be trying to clean up its act. Earlier this year, 180Solutions drew up a new agreement prohibiting distributors from using drive-by download techniques and requiring full disclosure during installation. Internext, via Aztec, broke this agreement according to the lawsuit filed by 180Solutions. 180Solutions is demanding the immediate removal of their software from any software distributed by Aztec Marketing, as well as monetary damages.

Links:

http://www.doxdesk.com/parasite/nCase.html :: N-Case
http://www.spywareinfoforum.info/newlsetter/july21,2004#180solutions :: Adware or Thiefware?
http://www.spywareinfoforum.info/newsletter/archives/0604/15.php#ilookup :: Hijacker exploits previously unknown MSIE flaw
http://news.com.com/180solutions+sues+allies+over+adware/2110-1024_3-5287885.html :: 180solutions sues allies over adware
http://seattlepi.nwsource.com/business/184352_suit31.html :: Firms' ad software placement spurs suit

Permalink | Top

I know, I know. I've said repeatedly that I don't agree with blocking ads (pop-ups and sliders excepted). I usually do not promote ad blockers except for pop-up blockers. This one time I will make an exception. This program includes the best pop-up blocker in existence.

SuperAdBlocker is flat out the best ad blocking software I have ever seen. SuperAdBlocker blocks every known method of generating a pop-up ad, something I've never seen in a blocker program before now. It passed every single pop-up test I threw at it, including a few nasty ones included in 1st Page HTML editor (the so-called six buttons virus). Not even my beloved FireFox is that good.

Something else I've never seen is the fact that it also blocks DHTML slider ads. You've probably seen these a few times. When a slider loads, it either slides in from the side or the top and looks like a new window and stays there until you dismiss it. It is part of the page, not a new window, so most pop-up blockers miss them. With the rise in pop-up blocker programs, many sites have started using these. Personally, I find those to be many times more annoying than a pop-up.

SuperAdBlocker uses heuristics as well as a rules database to determine what is an ad. It is very accurate and it is very careful not to block things that are not ads. The database is updated constantly and the company always is looking for ads that slip past the program. It can be set to update itself from the company servers automatically so that new rules can be integrated almost as soon as they are created.

SuperAdBlocker also blocks pop-ups generated by most adware programs. I've seen that in only one other program. It also scans the hard drive to look for installed spyware and will warn you if it finds any. It won't remove the spyware itself, but it will warn you that it is there. It even disables Windows Messenger spam.

SuperAdBlocker also deletes the URL History from the Internet Explorer address bar, visited page history, cookies and temporary internet files.

If you are looking for an ad blocking program, this is the one to buy. Simply put, this is the best ad blocker I have seen ... ever.

If you have any problems with the purchase page or with the coupon code (SPYWAREINFO), please email my partner Catherine.

Permalink | Top

Trek8 (also known as TrekBlue or TrekData), developer and distributor of SpywareNuker, has filed a lawsuit against Symantec Corporation for their labeling of SpywareNuker as adware. Trek8 adamantly denies that its software is adware or spyware. Trek8 claims that by labeling SpywareNuker adware, Symantec has caused the company to lose customers and distributors; and the company is no longer able to advertise with Google.

SpywareNuker did not have a very good entry into the antispyware market. It is reviled among the better-known antispyware sites. The original version was a licensed copy of another antispyware program from BulletProofSoft (not to be confused with the FTP server software maker).

According to an examination done by Patrick Kolla, developer of Spybot, the database of both BPS Spyware Remover and the original SpywareNuker contained entries identical to entries in Spybot's database. Some of these entries had been misidentified in Spybot's database and others were for malware which did not exist at all. A common technique used to discover copied code or documents is to insert harmless errors that can be identified later.

Trek8 categorically denies copying any code from Spybot. The current version of SpywareNuker has been rewritten completely and does not contain any code licensed from BPS or stolen from Spybot. BulletProofSoft circulates an email reply to those writing to them denying the claims but has not otherwise commented publicly on the allegations, to my knowledge.

Another company owned by Trek8, Blue Haven Media, is a distributor of software considered to be adware and/or spyware, including BargainBuddy, CommonName, WhenU.com, N-Case, ShopNav, IGetNet, Sidestep, WurldMedia/ebates, MySearch/MyWay, and Gigatech SuperBar. Blue Haven bundles these products into their own software and then distributes them to computer users.

Trek8 was founded by James Leasure, formerly an employee of Lion's Pride Enterprises or a subsidiary thereof. In late 2001, Lion's Pride distributed a game called Yo Mama Osama. This game would install a spyware known only by its main program file, wnad.exe. Wnad.exe monitors a user's internet usage and uploads the data to Lion's Pride Enterprises, Inc., and to its subsidiaries, affiliates, partners, divisions, and clients, who then send advertising content to the infected computer.

For these and other reasons, very few, if any, of the major antispyware sites recommend SpywareNuker. Certainly it is not recommended at SpywareInfo. I've repeatedly had to reject advertising offers from the company and now just blackhole any further email from them. Their sales manager is nothing if not persistent and stubborn. The new version of the software does work as advertised (the original version was another story), however it is not something that I would recommend for the reasons above.

In all fairness, the software is not adware. I can't imagine why it is labeled as adware by Symantec. There were some rumors that the original version might have bundled adware or been distributed using drive-by downloads, but I've never seen any proof of it myself. If it were a new program put out by any other company, I probably would test it out and see if it were worth recommending on the site. With all of their unsavory relationships, however, nothing by Trek8 will ever be recommended here.

Links:

http://spybot.info/en/news/2003-02-12.html :: The black sheep in the anti-spyware business, BulletProof and TrekBlue
http://www.spywarewarrior.com/rogue_anti-spyware.htm#swn_note :: Spyware Warrior: SpywareNuker
http://news.com.com/2100-1023_3-5293992.html :: Symantec sued for labeling product 'adware'
http://support.microsoft.com/?kbid=319607 :: Wnad.exe May Cause an Error Message

Permalink | Top

The main web site is having some odd problems lately. A large number of people are unable to load it and I can't figure out what is going on. The trouble seems to be at the Globalservers end of the chain. Globalservers hosts the proxy servers that protect the site from denial of service attacks. Those proxies have given me nothing but trouble for the last couple of weeks.

The losers who attacked the site back in February apparently still haven't given up. Every time I try to put up a mirror on a different server, that server dies shortly thereafter. When the proxy servers start giving me trouble, it makes the main site appear to be offline.

By the way, if you've seen a message on the site saying "This site is under construction" or similar, that also was a problem with the proxies. That, at least, has been fixed and shouldn't happen again.

It also caused a problem with the July 21 newsletter. The servers kept dying as I tried to send it, so only about half of them went out. I tried a couple of times to restart it but it wouldn't work.

Those of you trying to unsubscribe from the newsletter who can't reach the site, send an email to unsubscribe@spywareinfoforum.info with the email address you want removed, as well as the version of the newsletter you receive (HTML, text or short version). I'll take care of it manually.

I'm in touch with Globalservers now to see what we can do to improve the arrangement. If I must, I'll buy more servers and spread out the load even further. Whatever I have to do, I'll make sure Spywareinfo stays up. Please bear with us.

P.S. If you need a copy of HijackThis and can't download it from SpywareInfo, you also can download it from TomCoyote.

Permalink | Top

As soon as we figure out and fix the problems with the site, I plan to make a few changes. The most important will be a switch to a CMS (Content Management System) program called Wordpress. This will put the entire site in a searchable MySQL database and just generally make things much easier.

As it stands now, I update everything the old fashioned way, by editing text files and uploading them. Wordpress is similar to Moveable Type (MT). Basically it is blogging software. Unlike MT, Wordpress saves all the content in a MySQL database, so it won't create a bunch of files all over my server. It also allows for a very accurate search engine.

Wordpress allows for much better organization, letting me set up the permanent links any way I choose. I'll even be able to have a comment section for each article just like a blog. I might even start an actual blog - who knows? It also will update an RSS feed automatically whenever I publish something new. I have a feed now, but I have a bad habit of forgetting to update it.

My partner and I are preparing to switch DogReader.com over to Wordpress. As soon as I stop being lazy and copy over all the articles, I will switch over to Wordpress there. At the moment, she has to send the articles to me and I post them when I'm able to get around to it (which I know drives her crazy).

I also plan to reorganize the collection of malware that I host. In the past, we would collect files from infected people at the forums and someone would upload it to the web site, then report it over a mailing list to antispyware/antivirus developers.

Ever since the DDoS attacks started in February, this has been disrupted by the various security measures put in place to protect the site. I'm going to see what I can do to fix the problems there and make sure that these new malware files are reported quickly. I may even be able to use Wordpress for that.

Permalink | Top

Spammer outfit D Squared Solutions has agreed to stop sending spam over Windows Messenger to avoid a lawsuit by the Federal Trade Commission (FTC).

Last year, the company began a campaign of sending spam to Windows PC users by exploiting the Windows Messenger Service. Windows Messenger is a background service that allows networked computers to send messages to each other. Unfortunately, spammers discovered how to send spam to thousands of XP computers over the internet and it started an epidemic of messenger spam.

*Learn how to disable messenger spam*

One of the spams sent by D Squared popped up on the desktop of an FTC official. The advertisement was for a product to stop the very advertisement being used to promote it. The FTC official decided that this was extortion and filed suit against the company.

D Squared now has agreed to stop using the Messenger service to send advertisements, to stop selling messenger blocker programs and is barred from sending advertisements which consumers cannot opt out of.

Good riddance.

Permalink | Top

I do not intentionally link to web sites that require registration before allowing visitors to read the article. At the time I read these articles, I was not required to register. If one of these sites requires that you register before allowing you to read the article, please let me know and I will blacklist that site.

http://www.ecommercetimes.com/story/35295.html :: New Strategies Emerging in Spyware Fight

http://www.enterpriseitplanet.com/security/features/article.php/3389851 :: Spyware: Who Is Really Paying the Price?

http://weblog.infoworld.com/foster/2004/08/03.html :: Privacy Policies As a One-Way Ticket

http://www.computerworld.com/industrytopics/financial/story/0,10801,94954,00.html :: Banks balk at info-sharing provision in privacy law

http://www.theregister.co.uk/2004/07/30/personal_data_online/ :: Your data online: safe as houses

http://seattletimes.nwsource.com/html/businesstechnology/2001993604_ptinbo31.html :: House e-mail bill raises the bar on privacy

http://www.theolympian.com/home/news/20040731/topstories/110265.shtml :: Spyware draws complaints, little federal scrutiny

http://www.registerguard.com/news/2004/07/31/d1.cr.leatherpeeper.0731.html :: Manager suspected of privacy violation

http://www.democratandchronicle.com/biznews/0801AC53C5I_business.shtml :: Spyware lurks online, and an innocent click is all it needs to strike

http://www.palmbeachpost.com/accent/content/accent/epaper/2004/08/02/a1d_SPYWARE_0802.html :: Spyware - Here lurks the seedy side of cyber life

http://www.mediapost.com/dtls_dsp_news.cfm?newsID=262032 :: Privacy Expert To Publishers: Don't Bury It In The Privacy Policy

http://www.out-law.com/php/page.php?page_id=californiasprivac1091187709&area=news :: California's privacy policy law affects us all

http://www.mediapost.com/dtls_dsp_news.cfm?newsID=261462 :: Verizon Grows Wary, Outlaws Spyware As Ad Targeting Tool

http://www.boston.com/business/technology/articles/2004/07/02/adware_firm_casts_its_marketing_net_wide/ :: 'Adware' firm casts its marketing net wide

http://news.bbc.co.uk/1/hi/technology/3933679.stm :: Privacy foes named and shamed

http://cnews.canoe.ca/CNEWS/Canada/2004/07/23/554684-cp.html :: B.C. touts privacy shield that offers protection from U.S. Patriot Act

http://www.ohioccw.org/article2273.html :: Cleveland Plain Dealer fulfills promise to violate privacy of CHL-holders