Visit SpywareInfo

ZoneAlarm Pro


Pest Patrol


March 15, 2002

Is it just me, or does it seem like more and more people are finding their web browser settings hijacked lately? I've been seeing this happen for months now, but lately they're popping up all over. From (don't go there!) to various seedy porn palaces, sites all over the web are hijacking browsers using javascript, activex, and some are even downloading .exe files to users' computers in a sleazy attempt to generate bogus traffic to their site.

It's not a safe thing to do however. (this domain no longer works) found out the hard way what happens when one of their hijacking victims contacts their web host, in this case. After ridding their system of the hijack, one of their victims contacted Webalias about the problem. Webalias did the right thing and snatched that person's files right off of their server and replaced them with a page detailing what had happened. They even provided a link to my Hijacked! article so anyone else hijacked to the site could remove it.

I thought that was pretty funny. Now, if we can get shut down....

Did I mention I discovered the solution to this problem the other day? That's right! I was looking for something else and started reading about IE-Spyad and it hit me that using it would prevent a browser hijack from ever happening.

Lavasoft just released an updated signature file for AdAware. New in this update: BonziBuddy and Attune detection and removal, as well as several updated components from other scum\spyware systems.

The update (084-11-03-2002) can be downloaded directly from Lavasoft's download site or from my site.

It has become apparent that Gator has mutated. On message boards all over the web people are scratching their heads in confusion as AdAware runs through a scan and removes Gator, only to find it back the next time they run AdAware. Even the just-released reflist doesn't take this mutation into account. For now, the unofficial removal instructions are as follows.

Do a search of your computer for these two.
Do you know how to boot to safe mode?
If so boot to safe mode and delete the folder "CMEII".
This will kill that problem.
Then scan with AdAware while in safe mode.

A new reflist is expected to be released soon to deal with this mutation.

It seems that Morpheus may be installing spyware now. There's an interesting thread on this at the AdAware forums. I'm keeping my eye on this thread

By the way, I'm now a moderator at those support forums. And yes, that ugly mug at the top belongs to me.

Last week I featured Startup Log in the downloads section. I forgot to mention that it only works on Windows 95, 98, and Me. It won't work with Windows NT/2000/XP. Sorry about that. There is also a new version out (released a day or two after last week's edition went out). Pick up the new version at

Featured site

The mission of this site is to inform the public of unethical or disagreeable use of Internet technology and software and to protest the various software and Internet technology mentioned here at It is believed that software is being used to advertise in ways many Webmasters and site owners do not approve of.

Some software packages sometimes get installed onto users' computers by unsuspecting individuals who download desired programs that include ThiefWare. ThiefWare can change regular words found in Web page content into ad links (one method of using sites to advertise on—other software uses other methods). This is accomplished from the client-side (a.k.a. manipulation of browser content by using 3rd party software).


IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of known ad/spy servers and domains to the "Restricted Zone" of Internet Explorer. Once IE-ADS.REG is "merged" into your Registry, most ad/spy servers will not be able to resort to the usual "tricks" (e.g., cookies, scripts, popups, et al) that they use in order to track and monitor your behavior while you surf the Net.

The Weekly Hack

Ever wonder what your IP address is (for those of us STILL on dial up)?

Here's a quick and easy way to get it.

Paste this into notepad. There cannot be a blank line at the end or it will cancel out the pause command. Name it IP.bat, and doubleclick it to get your IP address.

You can also download this in a ready-made batch file.

@echo off

In the News,1285,51082,00.html

LONDON -- Morpheus MusicCity, a service that allows users to trade copyrighted songs and films, has quietly added an anti-piracy feature to its site, its first move to protect some artists from unlawful downloads of their music.

Beginning in April, Streamcast Networks, the U.S. company that operates the popular site, will add technology to erase a downloaded song from a computer after the user listens to it a certain number of times.

Your computer may be watching you. If you download free software from the Net -- especially the ragingly popular music-sharing programs and Web games -- chances are you've also gotten more than you've bargained for.

Freeloading programs can quietly piggyback onto your PC during the download process and then do things surreptitiously once they get there.

The software -- dubbed adware, stealthware and spyware -- can track your surfing habits, use your Net connection to report back to a home base and deliver targeted ads to you. It also can collect your personal information and store it in databases.

With all of our advances in security technology, one aspect remains constant: passwords still play a central role in system security. The difficulty with passwords is that all too often they are the easiest security mechanism to defeat. Although we can use technology and policy to make passwords stronger, we are still fighting the weakest point in any system: the human element.

Ultimately the goal is to get users to choose better passwords. However, it is not always clear how to achieve that goal. The problem is that as creative as humans are, we are way too predictable. If I asked you to make a list of totally random words, inevitably some sort of pattern will emerge in your list. Selecting good passwords requires education. System administrators need to be educated and that education needs to be passed on to end users. This article is meant to bring you closer to understanding passwords in Windows 2000 and XP by addressing common password myths.