Spyware Weekly Newsletter :· October 7, 2003
The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/oct7,2003.
Spy On Your Lover, Go To Jail
Last week I warned you about the Lover Spy spyware that was being advertised through spam. It looks like I scooped quite a few major news sites with that.
Something that I forgot to mention last week is that the method used by this company to install the spyware on its victims' computers is probably illegal. You can install spyware on your own computer any way you like, but it is illegal in most places to install spyware on someone else's machine. This doesn't apply to advertising spyware sadly, although that may be coming.
Those of you who might be tempted to use this or some other spyware to spy on people, it's not worth the risk. You can go to prison if you sneak spyware onto someone else's computer. If you feel the need to use something like this to check up on your significant other, that relationship is probably over anyhow. Either end it or seek some professional counseling, but don't risk doing something illegal.
Links:
http://www.spywareinfoforum.info/newlsetter/sept30,2003#ecard :: Spyware Program Impersonates E-Card
http://news.google.com/news?q=lover+spy+illegal+-movie :: Lover Spy in the news
 |
Title: Invisible Secrets 4
Author: NeoByte Solutions
License: $39.95
Keep those prying eyes out of your communications and prevent unwanted people from reading your private files!
If you have let your friends, family, or guests use your computer, they can poke around in any document on your hard drive. If your computer or laptop is stolen or broken into by a hacker, they can cause you severe personal and financial harm. Using Invisible Secrets, you can hide those files very easily. Files containing personal and financial information can be hidden in an anonymous looking picture and encrypting them.
If you are on a business trip and need to email an important document to your boss, you would attach that document to the email and click "send". You may think of an email as an electronic letter that stays sealed until it reaches its recipient, but in reality it is more like an electronic post card. Anyone between you and the recipient can read every word in it and access any attachments.
Encryption helps, but even the strongest encryption on the planet fails when people use a predictable password (an all too common problem). Invisible Secrets makes it very easy to hide that sensitive document inside of a picture and encrypt it. Even if the wrong person intercepts your email, they probably won't realize that there is anything significant there.
Invisible Secrets makes it very easy to take all the precautions people warn you to take in protecting sensitive documents, whether you are storing them or sending them to someone else. There is no complicated procedure involved.
Every product featured here is reviewed by a number of volunteer testers. They liked Invisible Secrets very much and found it very easy to use. This is what one person said:
"I tested Invisible Secrets Version 4.0.2 in April 2003, this version is 4.0.6. It appears to be improved and I will use it. I do not use every licensed/free program I have available - only the best."
Invisible Secrets has also been reviewed by many respected software and technology sites. It has a 5-star rating at File Transit, BrotherSoft, FileHungry, Epinions, 5-star Shareware, Share-up, and several others.
Click here for more detailed information
Every week, SpywareInfo arranges a discount on the programs best suited to keep your private life private. This arrangement lets us pay the bills to keep SpywareInfo running without having to sell ads to the likes of DoubleClick and X-10.
We do need your input, as the discount is for your benefit. What commercial privacy software would you like to see featured here at a discount? Drop us a note and let us know.
Telemarketers Forced To Change Phone Number
The US DoNotCall registry is unavailable and currently is not accepting new numbers. This is due to the decision by US Federal judge Edward Nottingham that telemarketers have a constitutional right to advertise products over the telephone. According to Nottingham, for the government to enforce the wishes of people who explicitly do not wish to be called would violate the rights of telemarketers.
I for one am proud to live in a nation where the right of telephone spammers to harass people is more important than two acts of Congress, the approval of the President of The United States, and the collective wish of 50 million citizens. It's things like that which make me proud to be an American.
Miami Herald columnist Dave Barry published the telephone number of a telemarketing company a few weeks ago. The company whose number Barry published is one of those fighting the enforcement of the DoNotCall list. So many people called the number that the company was forced to disconnect it. Supposedly it took nearly a week for a staffer to go through all the voicemail looking for messages not from Barry's readers.
In light of the legal developments surrounding the DoNotCall registry, Barry has written another column about it. And yes, he once again published the number of the telespammer company.
As I write these words, lawyers and politicians and lobbyists and judges are swarming all over the telemarketing issue, so I don't know what the legal status of the Do Not Call registry will be when you read this column. But it appears that the telemarketers plan to continue their efforts to save the planet by fighting for the right to call people who do not want to be called.
I realize that this makes many of you angry. I realize that many of you would like to, once again, let the telemarketers know how you feel. And I am, frankly, tempted to reveal to you here that the American Teleservices Association (www.ataconnect.org) seems to have a phone line working (at least for now) at 317-816-9336.
But would it be right to reveal this? I mean, yes, you could call the ATA again. But the ATA surely doesn't WANT you to call again. It's inconvenient! And to insist on calling somebody who doesn't want to be called, even if you have the legal right to call, well, that's just plain rude.
So I am taking the high road.
I can only comment that it's too bad it wasn't a toll-free 800 number. In that case, the company would have been forced to pay for the phone calls.
If you would like to share your opinion of telemarketing with the American Teleservices Association, but find that they have had their new number disconnected, perhaps you could try calling other telemarketing companies. There are two whole pages full of telespammer call centers and their telephone numbers right here (and mirrored here in case someone "accidently" removes that page). Go forth and exercise your First Amendment rights.
Links:
http://www.spywareinfoforum.info/stuff/telespammers.txt :: Mirror of the call center phone numbers
http://www.law.du.edu/judicial_clerkships/USEdwardNottingham.html :: Judge Nottingham
http://www.miami.com/mld/miamiherald/living/columnists/dave_barry/6934584.htm :: So what's their hang-up?
http://www.salesvantage.com/Telemarketing_Call_Centers/telemarketing_call_centers.shtml :: Call center numbers
Search Engine Hijacker Follow Up
Last week I wrote about a recent hijacker using a bad HOSTS file to hijack victims away from popular search engines such as Google and Yahoo. Antivirus companies now are targeting the hijacker under two names, Delude and Qhosts.
My advice last week was to delete or edit the HOSTS file. At the time, there were a few people at the SWI support forums for whom the advice didn't work, but we weren't sure why. As it turns out, it didn't work because the hijacker had dropped the bad HOSTS file in an unexpected location and hacked a little-known registry key to make Windows look for it there. Windows was reading the file from C:\windows\help\HOSTS.
I also mentioned that this hijacker was spreading possibly by exploiting a flaw in Internet Explorer that Microsoft's patch did not fix. Microsoft has released a new patch which seems to work this time. I recommend installing this patch if you have not already done so.
I also would like to extend a special thank you to Network Associates for publishing the registry key that needs to be hacked in order to make Windows look in an alternate location for a HOSTS file.
Up until now, there was only one hijacker using this method. Now that NAI has published this information for the benefit of the more uninformed malware authors, we at SpywareInfo expect many thousands of additional visitors who will be seeking help to fix hijacks that use this method.
Of course, I could have published it myself nearly a week ago, when it was discovered by one of the members of the message board, instead of moving all mention of it to non-public areas. Then again, I'm sure Network Associates has done a much better job of broadcasting that information out to the malware authors than I ever could have done on my own. Thanks guys, great job. 
Links:
http://news.com.com/2100-7349_3-5085861.html :: Attack program hijacks surfing in IE
http://www.spywareinfoforum.info/newlsetter/sept30,2003#searchjack :: Are You Trying To Get To Google?
http://antivirus.about.com/cs/adwarespyware/a/qhosts1.htm :: Delude.B (a.k.a.QHosts-1) Trojan
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-040.asp :: Microsoft Patch
Earth Station 5 May Be Malware
I hesitate to publish this, but I feel obligated to warn my readers about this situation. Shawn Garriok has made a disturbing discovery about a peer-to-peer file sharing program called Earth Station 5. Garriok is the person responsible for hacking KaZaA to remove the spyware and distributing it as K++.
Earth Station 5 is a fairly new program. It is produced, supposedly, by programmers in the Jenin refugee camp in The Middle East. From this refugee camp, the authors thumb their nose at the likes of the MPAA and RIAA and openly advocate piracy. The program is designed to prevent corporate tracking of users by routing the connections through multiple, anonymous proxy servers.
Garriok decompiled a beta version of Earth Station 5 and says he discovered programming that allows someone to delete files on a user's machine remotely. According to him, the coding was designed with the intent to allow deletion of files, not an accidental software bug that can be exploited. He posted his findings to the Full Disclosure mailing list on October 2.
In a statement published at Slashdot, a spokesman for Earth Station 5 said the programming discovered by Garriok exists, but denies any malicious intentions. According to the statement, the code was for an automatic update function which has since been removed. Strangely, the statement goes on to deny claims that spyware is present in the software, a claim that no one has made that I have seen.
Whatever the reason behind the existence of the code, it has now been removed from the software. Even Garriok has confirmed this.
I don't know what the real situation is, but for now I recommend that people stay away from this software. Whether it was an accident or not, the software once had coding that allowed it to delete any file off the hard drive on which it is installed. I wouldn't trust it on my computer and I cannot recommend its use.
Links:
http://lists.netsys.com/pipermail/full-disclosure/2003-October/011339.html :: Garriok's original post
http://yro.slashdot.org/article.pl?sid=03/10/04/188219 :: Earth Station 5's statement
Five Years With The DMCA
It has been five years since the Digital Millennium Copyright Act (DMCA) became law. Hailed as an update to existing law to protect copyrighted art in the age of the Internet, the DMCA has become one of those most reviled, ineffective, and misused laws in American history.
The DMCA has done nothing to stop piracy or guarantee that artists will be paid for their creations. Instead, it has allowed corporations to engage in anti-competitive and monopolistic behavior, eroded and even overridden Constitutional freedoms and has been used to stifle discussion of severe security flaws in popular software.
The DMCA is one of those things for which someone coined the phrase "it seemed like a good idea at the time...."
The Electronic Freedom Frontier has an in-depth report on the DMCA and many, many examples of the law being abused in situations for which its authors never intended it to apply. I also have published my own, shorter piece about the law.
Whether you support the DMCA or hate it, give these two articles a read. I guarantee you will be shocked at the abuses carried out in its name.
Links:
http://www.mikehealan.com/articles/DMCA/abuses.php :: My Take on the DMCA
http://www.eff.org/IP/DRM/DMCA/20031003_unintended_cons.php :: EFF: Unintended Consequences of the DMCA
Good Guy of the Week
I have nominated two "Scumbag of the Week Awards" recently, so I figure it's time to do a "Good Guy of the Week" now.
This week's Good Guy is Charter Communications Inc. Remember the hundreds of subpoenas sent out to ISPs by the RIAA looking for file swappers to sue? Charter Communications Inc. has given the RIAA the proverbial finger and has taken them to court.
Charter Communications Inc. filed a suit on Friday seeking to block the recording industry from obtaining the identities of Charter customers who allegedly shared copyrighted music over the Internet.
Charter filed papers in U.S. District Court in St. Louis in a bid to quash subpoenas that the Recording Industry Association of America issued seeking the identities of about 150 Charter customers.
Great going Charter!
I hope Charter wins their lawsuit. Even if they lose, I hope other ISPs do the same thing and refuse to cooperate with the RIAA's Gestapo tactics. If it costs the RIAA too much money to pursue this war on their members' customers, perhaps they will stop waging it.
I encourage all of my readers to BOYCOTT all merchandise distributed by members of the RIAA. Before purchasing a CD, look up the album to see if it was distributed by a member of the RIAA. If it was, don't buy it and write the record label a letter stating why you won't buy it.
If you would like to support that artist without spending any money that might go to the RIAA, buy their concert tickets. CDs, MP3s, radio, and music videos are free advertising as far as most artists are concerned. Artists rarely receive any royalty money from those things, but they do make considerable money selling concert tickets. Even if you can't attend the concert, buy a ticket anyway and donate it to a radio station or to someone who can attend.
The RIAA is trying to protect an archaic, obsolete method of distribution that benefits no one but themselves. It should be pointed out that not a single penny of lawsuit or settlement money given to the RIAA will ever be given to any artist under any circumstance.
When a CD is purchased, very little money or no money at all is distributed to the artists. Don't be misled by the deceptive ads you see on TV or online claiming that artists are starving because of file sharing online. Most artists lose no money when their music is swapped online. Most artists gain from the free advertising, just as they do when music is played on the radio.
Don't take my word for it. Take the word of someone who has been in the music creation business for decades, Janis Ian.
Links:
http://www.magnetbox.com/riaa/ :: RIAA Radar
http://www.spywareinfoforum.info/newlsetter/rd/charterriaa :: Charter cable sues to block music inquiry
http://www.janisian.com/article-internet_debacle.html :: The internet debacle - an alternative view by Janis Ian
Newsletter Archives
Just as a reminder, I would like to point out that old issues of the newsletter are available on the web site. I've had several emails recently asking where to find these. You can find links to all past issues on the Resources page. I've added that to the "Terms" blurb at the top as well.
Links:
http://www.spywareinfoforum.info/links.php?cat=newsletter#newsletter :: Links to archived newsletters
Think Before You Email
I am on the verge of shutting down my email server and removing my contact page. The next idiotmail that comes in might make me do it. Idiotmail is my term for email sent by those people who really should have been licensed before being allowed onto the internet with the rest of us. Perhaps they are from a different gene pool.
ONE EXAMPLE OF THIS WOULD BE THE EMAIL FROM DEB, WRITTEN COMPLETELY IN CAPITAL LETTERS, THREATENING TO REPORT ME TO AMERICA ONLINE AND TO SHUT DOWN MY SITE FOR SENDING HER POP UP ADS.
Another example would be the fifty or so people who have sent threatening letters about Virtual Bouncer. Virtual Bouncer is a malware distributed by a company named Spyware Labs. I have nothing to do with it, yet people search for it on Google, find my site, and send absolutely moronic letters about it.
Other people send all manner of threats, flames, and unlikely theories about my genealogy while thinking mistakenly that I have some connection to either SpywareNuker or to something called Spyhunter. As with Virtual Bouncer, these people searched Google and found me. Why they believe that means I am responsible for them is utterly beyond me.
Sometimes I wonder if these people are really that stupid or if they are waiting just to see how I react to it. Let me save them the trouble by explaining it here. I react to these emails by deleting them. If it's particularly stupid, I'll publish it at the forums and let thousands of people laugh at them.
This is just one of the joys of running a well-known web site. Those who also run popular sites will sympathize. The rest may count yourselves lucky that you don't have to deal with it.
Links:
http://forums.spywareinfoforum.info/index.php?showtopic=10241 :: DEB'S EMAIL
Recommend SpywareInfo to a friend
Do you like SpywareInfo and this newsletter? Then please tell a few friends about it! We are trying to come up with ways to increase the number of visitors to the web site and the number of subscribers of this newsletter.
Recently I signed up for RecommendIt's service, also used by Scot Finnie and Fred Langa. When you use RecommendIt's service to send a link to a friend or family member, you can also choose to enter a contest with a grand prize of $10,000.
The privacy policy of the site looks solid and I did ask around if anyone had heard anything bad about it before I signed up for it. You can use their service to recommend SpywareInfo to someone you know at http://www.recommend-it.com/l.z.e?s=881459
Of course, you don't *have* to use RecommendIt's site to send a friend a link to the site. Just sending an email will also do the trick.
Links:
http://www.scotsnewsletter.com Scot Finnie's Newsletter
http://www.langa.com/newsletter.htm The Langalist
