The Wayback Machine - https://web.archive.org/all/20050420080554/http://www.adwarereport.com:80/
News and Reviews of the top Spyware removal tools.Contact Adware Report
Adware and Spyware Resources
Advertise on Adware Report
Click for the latest adware and spyware news and reviews
spyware frustrationsAdware and Spyware could be harming your computer

April 14, 2005

Fake Microsoft Security Trojan on the Loose!

Moral of the Story: Be very suspicious of any email that asks you to visit a website to update your computer, account information, or anything else...

Paul Roberts, IDG News Service

A new campaign by malicious hackers uses a Web site designed to look like Microsoft's Windows Update page to trick unwitting Internet users into infecting their computers with a Trojan horse remote access program, according to antivirus experts at Sophos.

The scam uses e-mail messages that appear to come from Microsoft to get recipients to visit a Web page that uploads the malicious program. Using the promise of Windows software patches to distribute malicious code isn't new. However, the latest attacks show that scammers are adopting strategies used by phishers to evade detection by gateway and desktop antivirus programs, says Graham Cluley, senior technology consultant at Sophos.

The attack was first detected on Thursday in Sophos's Vancouver, Canada, lab after it was distributed in a spam campaign. The messages have subject lines like "Update your windows machine" or "Urgent Windows Update," Cluley says.

What Happens

A link in the body of the e-mail message appears to take users to the Microsoft Windows Update Web site, but would actually forward them to a Web site operated by the attackers and install a Trojan horse program called DSNX-05, according to Sophos.

The Web site run by the hackers was registered to an Internet service provider in Toronto, but it has since been shut down. The site looked very much like the actual Microsoft Windows Update page and displayed Microsoft's corporate logo. One clue that something was amiss: The URL displayed in the Web browser address bar showed only the IP (Internet Protocol) address of the site, instead of the Windows Update address, Cluley says. Sophos does not know how many Internet users may have fallen for the ruse, he adds.

The method of attack is similar to the phishing identity theft attacks that have become common in the last year. As with many phishing attacks, gateway antivirus software does not detect the scam, because there is no malicious code in the e-mail. Desktop antivirus software with spam detection could spot the e-mail, but only if an antispam definition for the attack had been created and the user had updated the antispam definitions for their product, according to Cluley.

Real Update Coming April 12

Those behind the attack may have been trying to capitalize on anticipation of Microsoft's upcoming software security patch release next Tuesday, Cluley suggests. On Thursday, the Redmond, Washington, company said it intends to put out a number of security patches for its software.

"It's such a shame that, just as we're beginning to teach people more about security updates, cybercriminals are exploiting that," Cluley laments.

Sophos points out that Microsoft does not issue security warnings in the manner used by this attack. E-mail users should be on guard when receiving an unsolicited e-mail that contains an attachment or asks the reader to click a link to a Web page, Cluley says.

Although the Web page used in the latest attack has been disabled, those behind the scam could post the content in a new location and restart the attack, he warns, adding, "It's hard being an average Internet user. You just can't trust anyone."

Original Link

Posted at 12:08 in News | Permalink | 0 Trackbacks

April 08, 2005

Scam Web Sites Bilk Consumers Twice

Editors Note: Yet another type of online security threat to be aware of!

By Erika Morphy
NewsFactor Network
April 8, 2005 12:32PM

This is a new and more aggressive form of phishing, says Luis Corrons, director of PandaLabs. Previously, online scammers would troll for victims through mass e-mails. In this case, “it is actually the buyer, in searching for the best prices online, who goes to the fraudulent Web page.

A new online scam could bilk consumers not only of their credit card information, but also of their savings, warns Panda Software.
A Web site discovered to be operating the scam has been dismantled by authorities. It advertised bargain rate airline fares, and consumers happened upon it by entering relevant terms in search engines, such as Google .

The site included a form asking the user to enter personal details, including credit card number, expiration date and verification value. Once those details were entered, an error page would appear, telling the user that the transaction was unsuccessful, and offering instructions on how to pay for the ticket by postal money order.

Luis Corrons, director of PandaLabs, expects that similar Web sites will be established by fraudsters, perhaps with offerings other than discounted airline tickets.

Different Kind of Fraud

This is a new and more aggressive form of phishing, Corrons says. Previously, online scammers would troll for victims through mass e-mails. In this case, “it is actually the buyer, in searching for the best prices online, who goes to the fraudulent Web page. This creates a false sense of security that can lead users to proceed with the transaction.”

Indeed, phishers continuously try out new ruses. "Pharming," a recently coined term, is becoming more common, for example. Unlike phishing, which directs users to fake sites through e-mail links, a pharming attack installs a Trojan horse virus on a user's machine. Then, when the user types in the URL of a targeted banking site, the virus reroutes the request to a fraudulent Web site, where personal information can be collected for identity theft.

Recent targets have been the British banks Barclays, Bank of Scotland, Lloyds TSB and NatWest.

Unrelenting Activity

Few believe online financial crimes will diminish anytime soon; it is an easy and non-violent way for criminals to steal money, says Sophos security consultant Graham Cluley. Perpetrators of these frauds grow savvier in their social engineering and technical ruses and are quick to discard a scheme once it becomes known to authorities and move onto the next.

“Even hackers that were once bent solely on mischief are aligning themselves with spammers to make a quick buck,” Cluley notes.

Original Article Here

Posted at 13:47 in News | Permalink | 0 Trackbacks

March 21, 2005

Hackers more active in 2004

Internet attacks on businesses and other organizations increased by about 28 percent in the second half of 2004 compared with the first six months of the year, a report on Internet security warned.

And hackers are setting their sights on the rapidly-emerging mobile-computing market, it added.

On average, businesses and other organizations received 13.6 attacks on their computer systems every day in the second half of 2004.

That’s up from 10.6 attacks in the first half of the year, says the report by Cupertino, Calif.-based Symantec Corp., which makes the popular Norton anti-virus software and other security products.

“There’s all sorts of malicious code out there increasing in frequency and severity,” said Dean Turner, executive editor of the Symantec Internet Security Threat Report, which was set for release today.

“Users have to make themselves aware.”

The burst in activity follows a shift in the motivations of attackers. Where the hacker community once sought notoriety, today it is largely a vast network of crooks going after other people’s money, experts say.

The favourite tools of online attackers include phishing, spyware, and adware. Phishing scams involve e-mails appearing to come from legitimate companies that direct people to divulge credit card numbers and other data.

Spyware is hidden software that captures information about a user’s web-surfing habits. Adware is a type of spyware that collects data to target users with e-mail marketing campaigns or pop-up ads.

Symantec says its anti-spam filters blocked an average of 33 million phishing messages a week in December—up from just nine million a week in the first half of the year.

The trend will continue upward this year.

“Phishing attacks are difficult to defend against. As the sophistication of spoofed e-mail and Internet sites increases, it will become more difficult for users to determine what is legitimate and what is not,” the report said.

Industry estimates of what phishing scams alone cost U.S. companies in 2004 range from $1.2-billion (U.S.) to $2.4-billion.

The recent proliferation of mobile devices is seeding a whole new category of viruses. At the end of December, there were 21 known samples of malicious code for mobile devices—up from just one at the end of last June, the report said.

Turner said those numbers will keep rising as the popularity of mobile computing grows. A short-range wireless connection standard called Blue Tooth is proving to be the conduit for most attacks.

Users may forget to turn off the connection feature as they move around public spaces, leaving themselves open to viruses, he noted.

Posted at 16:58 in News | Permalink | 1 Trackbacks

March 17, 2005

FTC shuts down makers of "Spyware Assassin"

Firm purporting to remove spyware receives temporary shutdown order

Editors Note: First in a long line of bogus spyware company shutdowns? We can only hope so.

THE ASSOCIATED PRESS

SPOKANE, Wash. -- The Federal Trade Commission has temporarily shut down a Spokane company whose software purported to help people remove spyware, but that regulators claim often did nothing to stop the malicious programs.

A U.S. District Court judge in Spokane has approved a temporary restraining order against MaxTheater Inc., which makes Spyware Assassin. In April, the FTC will ask a federal judge to make the ban permanent.

The FTC alleges that Spyware Assassin offered customers a deceptive spyware scan. The FTC said the scan either said it had found spyware that didn't exist or said it would remove spyware and then didn't.

MaxTheater owner Thomas Delanoy, who is named in the complaint, told The Spokesman-Review newspaper he had been advised by his attorney not to comment.

Spyware is a growing online security threat that can be used to track a user's computer habits, steal valuable personal information and slow performance.

Posted at 9:58 in News | Permalink | 2 Trackbacks

March 16, 2005

A letter from Cydoor

I received an interesting letter from Cydoor the other day. They want me to change our definition of Cydoor. I'm not sure what to make of this, so I thought I would post it on the site and leave the comments section open.

I would like to bring your attention to your categorization of our ad-serving technology as spyware. I believe that this categorization is mistaken, and I would like to show you why. I would also like to request that you update your description of Cydoor to be a mild adware.

In the past, Cydoor’s client was defined as Spyware by several members of the press and the anti-spyware industry. The client itself was mostly bundled with free software for the sole purpose of enabling that application to display ads. The client communicated with a Cydoor host periodically in order to present new ad creatives and to report on ad performance. Though no personally-identifying information was ever transferred, this method was considered invasive because users did not explicitly agree to install a Cydoor component or to the transmission of information.

However, today Cydoor has significantly changed its technology to offer end-users and partners an unobtrusive ad-serving solution. With a greater emphasis on visibility and privacy issues, Cydoor provides its partners with a reliable source of revenue, while making sure users are aware of its activities.

How does it work?

Cydoor provides all its publishers with a complete interactive advertising solution, including ad serving, frequency capping, and performance statistics. Cydoor allows each publisher to implement a solution that provides them with the advertising flexibility that they require, including any and all communication to Cydoor’s servers. Cydoor has no presence on the end-user’s desktop in any way, and our partners can serve ads and generate revenue from their application or web property.

Users download the desired application, while noting that it is ad-supported. Cydoor strongly urges all its partners to state upfront that their application is freeware but is supported by advertising revenue, and most state it in their End User License Agreement (EULA). There is no installation, explicit or otherwise, of any Cydoor component on the user’s computer.

After installation, the partner application manages the various advertisements and their performance. The ads are served according to predefined impression requirements and caps and exposure is not based on any aspect of the user’s behavior. From time to time the partner application connects to Cydoor's servers in order to report aggregated performance records such as which ads were displayed, how many impressions they received, and which, if any, did the user click on. These are the same kind of performance parameters that are tracked by any online advertiser, including banners published on a web site.

I’d like to emphasize that the application does not download ANY information from the Cydoor servers aside from ad creative. The application reports only basic aggregated campaign performance parameters. Under no circumstance does the application report on any other user behavior or does it transmit any personally identifiable content.

I’d like you to note that as an example, two of our partners, Download Accelerator and PalTalk Instant Messenger are either certified as Spyware-Free or are working with the leading Anti-Spyware vendors to be removed from their Spyware list.

Please let me know if you need any additional information regarding my request.

Posted at 17:42 in News | Permalink | 0 Trackbacks | 1 Comments

March 15, 2005

Spyware Removal Starts At Home

Consumers, Microsoft and the Federal Trade Commission are similarly confounded when it comes to defining spyware and how best to combat a spreading plague of intruding and often malicious software. It’s up to individual users to stop it on their own computers, at the first sign of infection.

Ask a personal computer user suffering from a spyware or adware infection and they’ll easily define it for you. Slower Internet connection speeds, unwanted popup ads, changed Web browser settings or home pages, computer unresponsiveness and a general anxiety about exposing personal information and passwords.

"Adware and spyware victims need to take immediate action at the first sign of a spyware symptom," advises Richard Stokes, a computer engineer who runs www.AdwareReport.com, an established adware removal, consumer review site. "Don’t wait for the government or for Microsoft to find an adware solution, because every moment you wait is another moment that you risk your privacy and general frustration with your computer.

"Having said that," Stokes added, "even when consumers do decide to find a spyware solution on their own, they’re often confused about which anti-spyware program will do the trick." Hundreds of anti-spyware programs elbow for search engine space, as consumers get bombarded with anti-spyware ads and promising spyware cures.

"As with anything consumers buy, the smart shopper will always come out ahead," said Stokes. Nobody wants to waste their time researching for the right spyware remover, but wasting your money purchasing a useless spyware remover can be twice as frustrating. "When people visit Adware Report, I encourage them to take their time, read the reviews and be certain that the spyware remover they buy is the right fit for them." Consumers need to make their own, knowledgeable decisions or their spyware problems are sure to persist.

Although the FTC and similar government agencies are finally making strides towards first defining and then solving the growing spyware epidemic, the burden ultimately falls on the individual spyware victims to take swift and intelligent action at the slightest hint of a spyware infection. It could take years before consumers see the benefits of the FTC’s recent spyware and adware report (available at www.AdwareReport.com). Until then, the only viable solution is to continue turning to review sites like Adware Report to ease their confusion and help find anti-spyware solutions.

Posted at 12:04 in News | Permalink | 0 Trackbacks

March 13, 2005

Federal Trade Commission releases 62 page report on Spyware

The FTC has released a very interesting report about their findings on spyware. The report is a bit lengthy at 62 pages, but I plan on reading this and distilling the most interesting points here on the site.

I immediately noticed this quote from the report relating to the difference between adware and spyware. It appears that even industry experts can't seem to agree on how adware and spyware differ:

Workshop panelists and commenters stated a range of views as to whether and when adware should be classified as spyware. Some panelists argued that adware is spyware if users have not received clear notice about what the software will do or have not provided adequate consent to its installation or operation. In turn, some types of adware would not meet some definitions of spyware because they do not monitor computer use. Other workshop participants apparently would view adware as spyware if it causes consumers to receive pop-up ads, regardless of whether consumers are bombarded with such ads or just occasionally receive such ads.

If the industry can't seem to agree on even what spyware is, how can we expect the FTC or other governmental bodies to effectively legislate on this issue?

Read the entire report here (1.1Mb)

Afterthought: We've seen this same type of confusion recently when Lavasoft, Computer Associates, and Aluria decided to de-list WhenU as "spyware". Many industry experts, some of them rather thoughtlessly, expressed outrage at the de-listing, continuing to label WhenU as spyware, when they should actually be considered adware.

Posted at 13:30 in News | Permalink | 4 Trackbacks

All content copyright 2004, Gooroo, Inc. All Rights Reserved.
Adware Report | Site Map | spyware reviews | Book List