The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/sep23,2004.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

Sorry folks. Those of you receiving the short version of the newsletter just received three blank emails in a row. I have absolutely no idea why it's doing that. The message should have said that a new newsletter is available.

Permalink | Top

The hurricanes that have destroyed large swaths of Florida also did plenty of damage further north in Georgia. I have been stranded in meatspace for nearly a month with no internet access. My satellite internet access was damaged severely and only recently have I been able to return to the internet. Sometimes I am surprised anyone stays subscribed to this newsletter considering all the interruptions.

Anyway, I have moved to a new town and now have cable internet. If you would like to know what the difference is between cable and satellite internet, drive a Ford Model T, then drive a Ferrari. I no longer have to depend on good weather for my internet service. With satellite, if the weather was bad here or in Maryland (where Direcway's Network Operations Center is located), then my internet connection was toast.

I want to thank the roughly 10,000 readers that tested my servers after the last newsletter. Whatever change had been made obviously didn't work, as nearly everyone reported that the servers were not accessible. Fortunately, another change was made at the data center recently and now all of the proxy servers are up and running. They are quite fast also. Now, Spywareinfo is running normally again. Hopefully this is permanent.

Assuming the site continues to operate correctly, I'll be doing some updates and changing a few things soon. I mentioned a while back that I would be switching to using the Wordpress blogging software. I still plan to do that. It has been working well on my partner's site at www.dogreader.com.

Thanks for reading this newsletter and helping to support SpywareInfo.

Permlink | Top

Program: Spy Sweeper
Author: Webroot Software
Platform: Windows 95, 98, ME, NT, 2000, XP
License: $29.95 Now only $19.95 for SpywareInfo readers. (Valid for purchases until September 30, 2004)
Purchase: http://www.webroot.com/wb/land/land-spysweeper6_6.php?rc=325

Spy Sweeper is an antispyware program from Webroot. It has received some very favorable reviews and awards. Spy Sweeper was named PC Magazine's Editors' Choice in March 2004.

Spy Sweeper absolutely rocks. On my computer (Athlon XP 2400, 1024MB RAM), Spy Sweeper scans in less than twenty seconds. You also can set it to do a much more extensive scan of the entire hard drive. This takes much longer (about 7 minutes on my machine), so I would advise doing this when the computer is not being used. Spy Sweeper will let you schedule an automatic scan, so this is no problem.

The slick interface is very user-friendly and intuitive. You can install this on your grandmother's PC and she will have no trouble using it. If you don't know what a particular button does, just hover the mouse over it for a description.

Spy Sweeper will detect and eradicate virtually every known adware, spyware, browser hijacker and porn dialer out there and it is updated soon after new ones are discovered. It also seeks out surveillance spyware and keylogging trojans.

Spy Sweeper provides active protection against home page hijackers and cookies belonging to web sites known to invade your privacy. It also monitors your PCs memory to watch for targets being loaded in the background.

The results list, showing the targets found after a scan, is the best of any antispyware program. If 20 components are found that all belong to Gator, Spy Sweeper will collapse those results to a single line. Most other antispyware displays an enormous list of individual items and that makes it hard to read. Expand the listing and it will show you each component it found along with its location.

At the bottom, Spy Sweeper shows detailed information about each component, including location, and to which category it belongs. If you want more information about a particular item that has been detected, highlight that item in the list and click the "More Details" button to be taken to Webroot's online database to read more about it. Not everything has a description yet, but they are adding more to it all the time.

Spy Sweeper is careful to point out when removing a particular piece of adware will cause the program that installed it to stop working. Some free programs such as KaZaA will stop working if you remove the obnoxious adware bundled with it, so this is a nice feature.

If you have any problems with the purchase page, please email my partner Catherine.

Permalink | Top

Help Wanted: Accused computer hacker to guard our internet merchant clients. Please bring your rap sheet to the interview.

If the above makes absolutely no sense to you, join the club. Would you hire Jack the Ripper as a security guard for an all girls' catholic school? Would you hire Hannibal Lector as a chef? Would you hire Norman Bates for the night shift at Holiday Inn? Would you hire Bonnie or Clyde to guard a bank?

Most people would say no to these questions. How about this one; if you were a computer security company, would you hire a person who wrote and released 34 computer viruses that caused millions of dollars worth of damage worldwide?

Securepoint, a computer and network security consulting company, has answered yes to this question. Sven Jaschen, the author of 30 different variants of Netsky and four different variants of the Sasser worm, has been offered a job by German security company Securepoint as a developer for security software.

Jaschen currently is on trial in Germany for the creation and distribution of the Sasser and Netsky viruses. Jaschen is credited with being personally responsible for well over 70% of all virus infections worldwide in the first half of 2004.

And Securepoint wants to hire this kid to help secure their customers' networks and computer systems.

Sometimes I wonder, very seriously, whether the entire world has gone completely mad. I cannot comprehend how a company that does business protecting internet merchants from malicious hackers could even think of hiring a malicious hacker. It is accepted holy writ that security firms do not hire virus creators.

This job offer is beyond outrageous. In my opinion, every single customer of this company should cancel their contracts if Securepoint does not immediately withdraw this job offer and fire the person who thought of it. I sincerely hope that Securepoint does the right thing in this situation and I will be watching to see if they do.

Permalink | Top

Site Name: TomCoyote
Address: www.tomcoyote.org
Purpose: Killing spyware

Many of you probably know TomCoyote's site already. The owner is formerly an administrator with Lavasoft's support forums and currently is an administrator at SpywareInfo's forums.

The site itself deals primarily with spyware issues. Several computer tips and tricks are explained on the site. Other antispyware and privacy sites are listed as well as recommended programs and hardware. It has a section explaining how to use HijackThis and Spybot. You can even find recipes for spinach burgers and brisket (whatever a brisket is).

The largest part of the site is the support forum, which is nearly as busy as SpywareInfo's. In fact, I usually redirect people there when SWI's forum is having trouble.

The TomCoyote site used to be hosted by your's truly, on the same server as SpywareInfo. The still-ongoing denial of service attacks against SpywareInfo put an end to that. Now it is hosted by the good people at Net-Integration.

Visit the site, look around, learn to make Beefmaster's sauce or to disable the preview pane in Outlook Express. Find out why a power supply issue can look like a spyware problem. Consider making a donation to help with costs. Neither I nor SpywareInfo would be where we are today without TomCoyote's help and advice in the early days.

Permalink | Top

Spyware is about to be made illegal.

At least that's the hype surrounding a bill soon to be voted upon in the US House of Representatives. The bill would make it illegal to install software designed to monitor a user's computer activities without notifying them beforehand. A similar bill, already passed by the Judiciary Committee, would make it a criminal offense to use spyware to commit identity theft.

Some antispyware crusaders who have read this bill don't like it. Everyone fears another CAN-SPAM law, a thoroughly useless piece of rubbish that has only made the spam problem far worse. I haven't had a chance to read the bill myself, so I'll hold my comments for now.

Permalink | Top

It is accepted wisdom among experienced internet users that you never, ever click an opt-out link in a spam email. For the most part, the spammer will not remove you from their mailing lists and, in fact, even will sell your address to other spammers. It is best simply to delete the spam or, if you are feeling vengeful, to report the spammer to their ISP.

Now there is another and much better reason to avoid using those opt-out links. Some clever miscreant has taken "proof of concept" exploit code posted to one of the "security" mailing lists and used it to install a trojan. A spam mailing making the rounds recently links to a web site hosting this trojan. The trojan exploits a flaw in - what else - Internet Explorer to install itself. After it has been installed, the trojan may steal passwords, install keyloggers and set up a proxy server for use in relaying spam mailings.

As always, never interact with spam except to delete it or report it to the sender's ISP. Make sure your computer is updated with the latest WindowsUpdate patches.

For complete protection (I hope) from accidental infection by malicious software, be sure to read my article, Prevent Browser Hijacking.

Permalink | Top

The government of Ireland has ordered the suspension of direct dialing access to 13 nations in an attempt to stop the fraudulent use of auto-dialing software.

Some of the countries that telephone customers will be unable to call directly include Norfork Island, Solomon Islands, Tuvalu, Comoros and Diego Garcia. To complete a legitimate call to these locations, customers will have to ask an operator for assistance.

An auto-dialer is software that causes a computer to dial a telephone number automatically using its modem. When used fraudulently, the dialer will install silently by exploiting any of numerous security flaws in Microsoft software. Once installed, the dialer will disable the speaker on the modem and then dial numbers in selected foreign nations.

These calls usually are very expensive, usually costing victims hundreds or even thousands of dollars. What's worse is the fact that most telephone companies, although aware of the fraud, have no wish to take appropriate action to prevent it. In many cases, your local or long distance carrier is an active participant in the scam, taking their cut of the fraudulent fees. Many carriers will refuse to remove or even reduce these charges, despite their clear knowledge of the fraudulent nature of the billing. One Canadian telephone company even violated an agreement made with the government in order to collect these fraudulent fees.

Ireland isn't the only country taking steps to deal with dialer fraud. Earlier this year, Spain arrested several people for distributing dialers that automatically called "premium" numbers within Spain. The government then took steps to make it harder to use those premium telephone numbers.

In order to access a premium telephone service in Spain, a telephone customer must request a form, sign it and return it to the telephone company. Spanish telephone companies will be required to list on the customer's bill the names of the companies using those premium phone numbers.

Unfortunately, I have heard rumors that certain companies in Spain are setting up alternative premium telephone numbers in an effort to circumvent the new law. I'll keep an eye on the situation there.

If you should fall victim to this scam in the US, my advice is to dispute the charges on your bill, in writing, to both your local and long distance carrier, the state public service commission (or its equivalent in your state) and to both the Federal Trade Commission and Federal Communication Commission. This step always should be taken if you suspect a charge on your bill is due to dialer fraud.

This next piece of advice is trickier. I would advise you to not pay the fraudulent charges. If you do, you will never, ever see that money again. Pay the rest of your bill but subtract the fraudulent amount from your payment. Perhaps have an attorney put the amount into an escrow account while it is being disputed. In many cases, the telephone company will realize you are serious about not paying for fraud and will remove or substantially reduce the charges. Unfortunately, in many other cases, the telephone company will make good on their threats to disconnect your service. Do what you feel is right in this situation.