Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Software Security

Spyware Masquerading as Spyware Removal Software 424

Cocooner writes "News.com is reporting that some of the anti-spyware/adware software out there is doing more harm than good by acting as double agents. One example is a software package named SpyBan (google cache since the original site has been removed), which happened to be hosted by download.com, accused of installing Look2Me, which monitors and reports web surfing habits. SpyBan was downloaded over 44000 times before it was pulled. How 'low' can they go?"
This discussion has been archived. No new comments can be posted.

Spyware Masquerading as Spyware Removal Software

Comments Filter:
  • Hmmm... (Score:5, Funny)

    by Anonymous Coward on Thursday February 05, 2004 @10:20AM (#8189438)
    I wonder if I can get a patent on "Invention that does completely the opposite of what it claims to do"
    • Re:Hmmm... (Score:3, Insightful)

      George Bush already has a patent on "Laws that do completely the opposite of what they claim to do," so you may run into copyright infringement issues. (Ok, flamebait, but it's true, you know it's bloody true.)
      • Prior Art (Score:5, Funny)

        by blorg ( 726186 ) on Thursday February 05, 2004 @10:45AM (#8189767)
        Spam advertising anti-spam software
        Viruses claiming to be security updates
        SCO pretending to be a software company
    • Re:Hmmm... (Score:5, Funny)

      by Anonymous Coward on Thursday February 05, 2004 @10:45AM (#8189776)

      Invention that does completely the opposite of what it claims to do

      Like "Microsoft Works"?

    • Re:Hmmm... (Score:5, Insightful)

      by orthogonal ( 588627 ) on Thursday February 05, 2004 @11:03AM (#8190003) Journal
      I wonder if I can get a patent on "Invention that does completely the opposite of what it claims to do"

      But these programs don't do the complete opposite of what they promise.

      I'm sure they do remove spyware.

      I mean, I'm sure they are very careful to remove competitors' spyware.

      That makes your system more private and more stable, while ensuring that they get a tighter lock on the market for the data they've purloined from spying on you.

      Think of it like government: government offers to protect you those who would rob you and beat you, so long as you agree to give the government 40% of your money in the form of taxes and take th eoccasional beating from a cop. Sure, if you fail to come up with the taxes, the government will take the money and beat you, but at least you're only getting robbed and beaten by one entity.

      Which entity, by virtue of having a monopoly, can specialize in giving you only the best robbings and beatings.

      As, God knows, with Reichsminister Ashcroft and Admiral Poindexter, the current government is I'm sure is getting very good at doing only the best spying on you, Citizen.

    • While what you said was a joke, it made me think of something that might be a good idea.

      How about we (geeks, slashdotters, etc) start pattenting all the evil ideas we can come up with? Think if we had the pattents to algorithms used in worms and viruses, or in spyware, etc. Of course, I don't mean we build anything with these evil ideas, but then we could sue the pants off anyone who did.

      I know a guy at Microsoft who says they have people to develop worm/virus algorithms just so if someone ever uses it,
  • by fredrikj ( 629833 ) on Thursday February 05, 2004 @10:21AM (#8189442) Homepage
    How 'low' can they go?

    All the way to hell, I really hope.
  • by QEDog ( 610238 ) on Thursday February 05, 2004 @10:21AM (#8189446)
    How 'low' can they go?

    As low as a worm?

  • by millahtime ( 710421 ) on Thursday February 05, 2004 @10:22AM (#8189462) Homepage Journal
    in using Spybot. It doesn't install spyware... or does it.
    • by Zocalo ( 252965 ) on Thursday February 05, 2004 @10:41AM (#8189712) Homepage
      Spybot S&D is clean according to Ad-Aware, which is clean according to Spybot S&D, which is clean according to Ad-Aware... The more paranoid out there will probably have more more packages in the loop, but this is definately one instance where is doesn't do any harm to use multiple packages in parallel.
      • Don't fall for it! They're obviously in cahoots!
      • by orthogonal ( 588627 ) on Thursday February 05, 2004 @11:27AM (#8190319) Journal
        The more paranoid out there will probably have more more [sic] packages in the loop, but this is definitely one instance where is doesn't do any harm to use multiple packages in parallel.

        Oh, it's simpler than that.

        Install the Spy-ware Remover. Remove the spy-ware. Remove the remover.

        For the more paranoid^H^H^H^H^H less trusting, take a snap-shot of the system, consisting of a list of all files with md5sums for each.

        As above, Install the remover, remove the spy-ware, remove the remover. In most cases the spyware will be stand-alone, except for crap like MS-Windows registry entries. Ensure that other than such system-wide repositories like that, after the removal of both spy-ware and spy-ware remover, than no files have been added to your system, and the md5sums of existing files haven't changed.

        Finally, spy-ware is only a problem if it can transmit the information it gathers out of your system to its masters. Here MS-Windows users actually have an advantage over linux, because most MS-Windows firewalls can block both incoming and outgoing connections, and can block or allow specific applications using specific protocols on specific ports.

        First, as a standard practice, block everything (I even block localhost to localhost connections), then allow only what you actually require (most MS-Windows firewalls allow you to do this interactively and some support single-time-only allowances, so it's not nearly the burden it seems to someone used to IP tables).

        Then watch to see if the firewall reports that an application is making outbound connections. If one does, ask yourself why it needs to connect out, and whether you did something to initiate its connecting out.

        The one Achilles's heel here is the multitude of applications that use HTTP connections for one thing or another, and the browser in general. To minimize (but not totally control) this, I route all browsers through two HTML transforming proxies, so many cookies and javascripts never even reach the browsers. Other applications get direct connections, but obly if they need them. My mail client, for example, does not need to connect to port 80 for any reason, so I never worry about web bugs in HTML mail. Browsers (well, the proxy at the end of the chain) can connect only to ports 80 and 8080, minimizing risks a little; connections to non-standard ports must be authorized interactively.

        I highly recommend Kerio firewall, by the way; it's free as in beer and quite full-featured. Proxomitron is excellent for transforming HTML. Get an md5sum implementation, or better yet, get Cygwin and have a linux-like environment too.
        • by Permission Denied ( 551645 ) on Thursday February 05, 2004 @12:27PM (#8191027) Journal
          Finally, spy-ware is only a problem if it can transmit the information it gathers out of your system to its masters.

          Not true at all. In fact, I couldn't care less about spyware transmitting information. When I start to care is when I get a call because someone's machine is malfunctioning.

          I've seen numerous spyware hijack IE, replace the startup page, install IE extensions to randomly popup advertisements, change how DNS resolution works, etc. I've seen machines where it takes minutes to start up a browser.

          I highly recommend Kerio firewall, by the way; it's free as in beer and quite full-featured.

          Kerio is trivial to bypass if you bypass the winsock API and program directly to NDIS. I've done this as a demonstration only, but seeing how spyware is so pernicious, I bet you'll soon see spyware doing the same things.

          Application-level firewalls are useless if the user has full access to the machine. If the user has the ability to bypass the firewall, a program can do so just as easily and there is no way in Windows to differentiate between messages coming from keyboard/mouse and messages coming from other applications. Similarly, these are useless if the user has the ability to choose whether a program is put in the firewall's "allowed applications" list, as a malicious program can simply fake the user input and put itself there; on the other hand, taking away this ability from the user is not something I'd like to do, as my users should be free to use Mozilla, Opera or any other browser they choose without going through me.

          I think we're talking about different things: I'm not concerned about keeping spyware off of my personal workstations, as these machines never get spyware in the first place due to me being careful about what I run. What I care about is keeping employee machines spyware-free while at the same time allowing users to install their own applications without going through me.

          Actually, the situation is exactly the same as with viruses: I don't worry about viruses on my personal machines, but I know my users aren't sophisticated enough to differentiate between an attachment called "file.doc" and "file.doc [fifty spaces] .exe", so I install antivirus software on their machines. Similarly, I know they're going to download and execute spyware, so I'd like some tool that runs in the background recognizing spyware and preventing it from running. The paid version of adaware does this, and I consider it a virus scanner that stops viruses written by questionably-legitimate companies instead of individuals.

          So there is a place for anti-spyware tools: if you're a sophisticated user on your own machine, you can do without antispyware software, but if you're in a situation where antivirus software is warranted, antispyware software is also a good idea. I just wish McAfee would stop pandering to these spyware "companies" so we wouldn't have to get two site licenses for similar software.

  • On download.com (Score:5, Interesting)

    by Kenja ( 541830 ) on Thursday February 05, 2004 @10:22AM (#8189466)
    So was it on Download.com after they started charging for hosting? Was this shareware or freeware? Geek minds want to know!
  • by Space cowboy ( 13680 ) on Thursday February 05, 2004 @10:22AM (#8189470) Journal
    How low ? Don't go there ...

    I've got Spybot on my Windows box at work, and the number of times it triggers is just amazing (yes, even on /. adverts...) On a commercial site, you've got about a 25% chance (empirical estimate) of getting a popup saying that XXX has been blocked...

    Simon
    • If you are getting hits in Spybot from advertisements, it is due to cookies. Spybot reports on any known spyware, malware, and privacy or tracking related items. It seems a little inefficient to use Spybot as a cookie blocker but it is an option and can be turned on or off if desired.
    • Hmm, I've never used spybot (use Ad-Aware myself) but from the descriptions I've seen here, it seems as if the cure is more annoying that the disease. I don't want a program that pops up a dialog box every fourth webpage I go to, just to tell me that it's doing it's job.
  • spybot (Score:5, Informative)

    by grub ( 11606 ) <slashdot@grub.net> on Thursday February 05, 2004 @10:23AM (#8189471) Homepage Journal

    If you run a Windows system then I heartily recommend Spybot Seek & Destroy [safer-networking.org] to keep it clean and immunized. Support the author too, donate a few bucks for good work.

    not related in any way, just a satisfied user
    • Re:spybot (Score:5, Informative)

      by garcia ( 6573 ) * on Thursday February 05, 2004 @10:39AM (#8189683)
      on side note...

      As someone who considers themselves "careful" as can be when it comes to keeping their system clean (Ad-aware was my option before finding Spybot) I was absolutely *shocked* at the volume of "tracking" cookies that Spybot found.

      I admittedly surf porn sites regularly. I found that Spybot never complains there. It mostly complains here on Slashdot (banner ads send Avenue A) and travel sites (some Travelocity cookie is blocked A LOT).

      It scared me how much shit is out there and I am GLAD that someone has created this software that is easily updated, runs relatively quickly, quitely, and easily.
    • Re:spybot (Score:4, Informative)

      by nija ( 667087 ) on Thursday February 05, 2004 @10:54AM (#8189883)
      In addition to Spybot, I use Ad Aware [lavasoftusa.com]. Used together they get rid of all the baddies.
    • by King_TJ ( 85913 ) on Thursday February 05, 2004 @10:56AM (#8189914) Journal
      Yep! I've been praising SpyBot and recommending it to practically everyone running a PC on the Inet for months now. (As I said in a previous /. thread, I work doing on-site PC service, and this program, alone, cures more PC issues I run into than anything else we use.)

      I'll tell you another little tip, though. If SpyBot already claims it's cleaned everything up, but your PC is *still* spontaneously generating pop-up ads on the screen, or running abnormally slow (perhaps you still see odd processes listed as running in the process list?), here's the way to fix it.

      Run regedit, and search the entire registry for "run once". There are several "run once" registry keys, with plain old "run" keys directly above each of them. (You're mainly interested in what's in the "run" keys, but searching for "run" will find hundreds of things we're not interested in.) If they're starting up some kind of trojan horse or spyware/adware program on your Windows PC (and assuming it's not simply in the "Startup" program group!), they've got to be doing it in one of these "run" keys. Look for sneaky files in there with names like "windowsupdater.exe" (MS doesn't ever run a file by this name to do the real Windows updates), or just gibberish names like 0br003445l.exe and delete them from the "value" line of the "run" key. I've even seen files in there I wasn't sure about, until I looked in the folder under "Program Files" where it was running from; Then I saw a *documentation* file in the program's folder explaining that the utility was "designed to automatically present advertisements to the computer user at random intervals"!
      • Actually, I did the same thing yesterday, I just delete the entire key. Since the key => value pair was added by the spyware itself, there is no adverse side effect from deleting the whole thing. Also, the 'run' directory shouldn't have a billion things in there, because those are all the programs that will try to run when you start up your computer. Consider looking into what it is trying to run and delete appropriately. Of course, be careful.
  • The Problem (Score:5, Insightful)

    by BeemanH2O ( 718832 ) on Thursday February 05, 2004 @10:23AM (#8189480) Homepage
    The problem here was this program claimed to be so amazingly user friendly that it was hard for anyone to turn down. I know a couple people that swore by it due to its ease of use. Granted that other solutions out there aren't difficult to use either, but we are talking about the masses of non-techies out there.
  • by spectrokid ( 660550 ) on Thursday February 05, 2004 @10:24AM (#8189490) Homepage
    They should try to spend their time on programs that are more usefull, like those thingies that prevent your IP adress from being visible on the net, or keep your computer clock accurate....
  • by mobiux ( 118006 ) on Thursday February 05, 2004 @10:24AM (#8189496)
    Worst thing is that they have started advertising on TV as a virus removal/firewall package.

    One user on my network install it, basically shut down all network connections. And loaded the computer full of crap.

    Also known as eAnthology.
  • Downloading. (Score:2, Interesting)

    by Anonymous Coward
    It is the people that would download and install these items that are the ones that would have originally downloaded the spyware.

    I have a client that has to have me clean his computer every 3 months of spyware since he and his children click on the banners on websites.

    It is time that websites stop showing banner ads for these types of websites. Afterall, if the uneducated people on the web only make it to portals and news sites, then it is unlikely they are going to find the spyware.

    I fear that the best
    • solution....

      internet junkbuster.

      install it on the local machine and set the browser proxy settings to use it. needs no user intervention after that.

      Voila... problem solved.
  • by real_smiff ( 611054 ) on Thursday February 05, 2004 @10:24AM (#8189500)
    The spyware removal tools i use regularly & trust are:

    Spybot [safer-networking.org]

    Ad-Aware [lavasoftusa.com]

    There are others, but these pretty much have it covered i think.

  • This could be a little off topic, but I don't really think so.

    Granted, this spyware crap is nasty, but lets look ahead to an optimistic future, where windows no longer sports .NET as a wrapper around the Win32 API, but rather the Win32 API emulation layer is built on top of .NET. Then, all of this will disappear. You could set a default that any random app, not explicitly OK'd by the Admin wouldnt even be able to make a network connection.

    Just dreaming I guess
  • False Advertising (Score:3, Insightful)

    by Anonymous Coward on Thursday February 05, 2004 @10:25AM (#8189512)
    The person or people who provide these products are claiming they do one thing but in actuality do another.

    Sue their asses into oblivion for false advertising, deceptive trade practices and any other related matters.

    You as an individual could also sue them on the same grounds.

    I am not a big fan of suing for the sake of suing but this stupidity and outright fraudulent practices must be crushed by all means necessary.

    IANAL but I do have a legal background (and I slept at a Best Western once).
    • Well, there's a problem with that.

      I am sure in the EULA there is a clause that you are agree for them to install anything they wish to. And that in return for use of thier software, you are allowing direct advertising.

      Terms and conditions of using the software.
  • Software firewall (Score:2, Insightful)

    by DRUNK_BEAR ( 645868 )
    People (Mr. and Mrs I-Use-My-Computer-To-Surf-The-Net-Or-To-Play-Solit aire)should learn to use a software firewall. Although this is not fool proof (I don't think anything is...), it allows one to at least accept which traffic in coming in or out of his/her computer... Along with antivirus software, it should be the minimum security on a pc...

    Again, just my 0.02$

    • Never happen. Keep in mind that these are the same people that click on MyDoom attachments. There is no way that they are going to learn what ports are, and what applications should/shouldn't be allowed to access the network.

      Don't get me wrong, I wish they would learn, but it's about as likely as getting hit by a falling piano.
  • Spyware = Virus (Score:3, Insightful)

    by IamGarageGuy 2 ( 687655 ) on Thursday February 05, 2004 @10:26AM (#8189522) Journal
    IMHO all spyware should be treated as a virus. It has all of the same symptoms, if not more than a regular run of the mill virus. It tries to infect people by tricking them, sneaks onto a box unknowingly and sends unauthorized data. When people start thinking of spyware as a virus, it will be treated as such.
    • Re:Spyware = Virus (Score:5, Interesting)

      by Deathlizard ( 115856 ) on Thursday February 05, 2004 @10:46AM (#8189782) Homepage Journal
      although I agree with you on that, there needs to be a ton of changes when it comes to scanning for spyware before I'd recommend any AV app to get rid of spyware.

      For example, We're forcing all the students on campus to install F-Secure. At this point I have had 300 of them call or bring in their PC because it keeps telling them their infected with a Virus. What is happening is that it detects one of the spyware files as a virus but leaves the rest of the spyware there. Then the Rest of the spyware happily reinstalles the file that F-secure Deleted, and Repeats the process over and over and over until adaware is run on it.

      Until virus scanners get into the act of completely removing a spyware/adware infection (IE Scan the Registry and remove viral entries, Clean all traces of a known Virus, ETC) its not helping out much other then pestering the user until they run spybot on it.
  • by willith ( 218835 ) on Thursday February 05, 2004 @10:26AM (#8189525) Homepage
    I spend a large portion of my day using Altiris's Notification Server [altiris.com] product to identify and remove spyware on computers at work. Believe me, this isn't new and there are *lots* of "spyware removal" apps that come bundled with spyware of their own--I see this crap every day.
  • Since we're on the topic of spyware and spyware removal, I'm currently using Ad-Aware [lavasoftusa.com] as my mal-ware removal program of choice, but I don't want to keep all of my eggs in one basket. Who can recommend some other good ones?
  • How Low (Score:2, Funny)

    by J3M ( 546439 )
    How 'low' can they go?

    I don't know, but the limbo hurts my back, so let's hope it does theirs as well.

    If not, someone kick them in the crotch while under the pole.
  • by Lipongo ( 704267 ) on Thursday February 05, 2004 @10:28AM (#8189546) Homepage
    Step 1: Format Hard Drive
    Step 2: Turn Computer off
    Step 3: Never use Computer Again
  • In other news...Bonzi Buddy claims to be your buddy, when he's not your buddy at all!

    Insensitive clod.

  • Not happy (Score:3, Interesting)

    by GeckoFood ( 585211 ) <geckofood AT gmail DOT com> on Thursday February 05, 2004 @10:29AM (#8189561) Journal

    Program authors who set up this kind of trojan horse (think about it, it is like a trojan horse), should be publicly flogged and hung from the gallows at dawn.

    I have lost hours cleaning up spyware messes. It would totally piss me off to have the tool I use be spyware-infested. That's akin to using a vaccine that is full of contaminants.

  • More fake programs (Score:5, Informative)

    by Mr_Silver ( 213637 ) on Thursday February 05, 2004 @10:29AM (#8189564)
    I found a comment from this page [netrn.net] very informative:
    Rogue Anti-spyware Programs Part 3

    I mentioned some of these before, but this is a more inclusive list.

    Spy Wiper
    AdWare Remover Gold
    BPS Spyware Remover
    Online PC-Fix SpyFerret
    SpyBan
    SpyBlast
    SpyGone
    SpyHunter
    SpyKiller
    SpyKiller Pro
    SpywareNuker
    TZ Spyware-Adware Remover
    xp-AntiSpy
    SpyAssault
    InternetAntiSpy
    Virtual Bouncer
    AdProtector
    SpyFerret
    SpyGone
    SpyAssault

    Sources: Doxdesk.com: parasite [doxdesk.com], Tom Coyote Forums [tomcoyote.org], Spywareinfo.com forums [spywareinfo.com], safernetworking.org, home of Spybot Search & Destroy [safer-networking.org]

    Looks like this program isn't the only one.
    • Nice to see Ethics class paid of for the authors of this crap... I'm almost in favour of increased regulation of the computer industry. If nothing else, this shit should be covered by basic consumer law.
  • ...you must not be using IE.
    This has been happening for a while now and is pretty obvious if you're forced to use IE for any extended period of time.

    There will be a popup or two with the not-so-subtle title 'SPYWARE DETECTED!' and enough flashing colors to make any experienced sufer wary. Spyware works best against the inexperienced, is this a surprise to anyone?
  • I guess that exactly proves the point why we need open source software. With OSS it is at least possible to actually examine what a program does without having to reverse engineer it (or having to monitor actual contents of all the local network traffic).

    I seriously wonder what other kind unknown spyware that are used to monitor us? I can even imagine information being collected and stored locally on the computer by various programs and that this information is later picked up and shared through a spyware

    • Erm...I'm not sure how much OSS is useful in this case. At all.

      I run SpyBot and Ad-Aware and I have never detected any real spyware on my computer. That's because I know enough to avoid it even when all my apps are closed-source.

      The people with the problems are people who can't examine the code for themselves anyway...which leaves the average Joe precisely where he is already.

      Besides, are you telling me that checking on network traffic on an individual machine (I've seen some fabulous programs that do th
  • Irony (Score:5, Informative)

    by somethinghollow ( 530478 ) on Thursday February 05, 2004 @10:30AM (#8189583) Homepage Journal
    I think there is some really nice irony here. I'll get a good laugh out of it. What it really comes down to, to me, is that users blindly install things (ha, even anti-spyware/adware) and don't listen to what people say about it.

    "Gator cursors?! Rad. I love little annoying cursors." Install spyware.

    If people would be more informed about their computing habits, spyware would be avoided, as would viruses.

    Adware, on the other hand, may have some legitamate uses. For example, Opera had a free version of it's browser that shows ads. AIM shows ads. Even Slashdot shows ads.

    But if you don't like it, don't run it. Research is the key. It's time we stop letting people use computers until they understand HOW to use them.
    • Re:Irony (Score:4, Interesting)

      by Moraelin ( 679338 ) on Thursday February 05, 2004 @11:07AM (#8190050) Journal
      No offense, but I think you've got it all wrong.

      Ever wondered why there are laws and courts of law out there? Because the "ha ha, if you're not informed, it sucks to be you" approach just doesn't work.

      You're no less than asking that everyone spends inordinate hours of their life doing research about every single piece of software. Maybe for you it's fun. For most of the rest of the world it isn't.

      And even if you enjoy that for software... how about imagining a world where some other product might be affected. Would you like to check every single pencil or roll of toilet paper or disposable razor blade for hidden spyware equipment? It's exactly the non-computer equivalent of spyware: something which masquerades as a useful everyday item, but which in reality exists only to rape your privacy.

      Would you even have time to do that? Would you enjoy doing that? Would you actually learn everything about mechanical watches just to be able to tell if there's a little extra in your watch? What about your new cell phone? How do you know it's not transmitting a little extra to a third party? Etc.

      If you didn't answer a wholehearted "Yes!" to each of the above, well, then you probably get my drift. Just as you probably have better stuff to do than becoming an expert in mechanical watches, other people have better stuff to do than to become an expert in computers.

      Either way, multiplied by the number of computer users, the "so get informed" solution would mean tens or hundreds of billions of hours wasted per year. A murderer can be sentenced to death for, basically, shortening someone's life by 20-30 years. This "so inform yourself" solution ammounts in the long run to stealing years off everyone's life.

      There has to be a better solution than that.
      • It doesn't take a rocket scientist to go to google.com [google.com] and type "software title spyware". Try it! It is fun.

        Opera 7 [google.com]
        Photoshop 7 [google.com]
        Flash 6 [google.com]

        Ever wondered why there are laws and courts of law out there? Because the "ha ha, if you're not informed, it sucks to be you" approach just doesn't work.

        It DOES work like that, depending on what you mean. I doubt if I said, "I didn't know that selling heroin was illegal," would get me out of jail. Further, if I say, "I didn't see the clause in the UELA that sa
  • Spyware vs. virus (Score:4, Interesting)

    by heironymouscoward ( 683461 ) <[moc.oohay] [ta] [drawocsuomynorieh]> on Thursday February 05, 2004 @10:31AM (#8189590) Journal
    Has anyone any statistics on the cost to end users of spyware/trojans as compared to viruses? Yesterday I cleaned-up a Windows PC that was being used by a visitor to the company, ad-aware found something like 10 different trojans and spywares on it. Nothing worked anymore: MSIE always went to some advertising site, Mozilla died (was killed, actually), installing ad-aware took ages because one of the trojans was deliberately killing the install program...

    My solution was to wipe the PC and stick on Xandros. But this is not feasible for everyone. So how much time and money do spywares actually cost, and is there no way these creeps can be persecuted for theft of computing resources or interference in operations? I know that the EU cybercrime laws prohibit at least some aspects of spyware (such as interference in normal system operations and interception of private communications).

  • Credit card scam (Score:5, Informative)

    by savagedome ( 742194 ) on Thursday February 05, 2004 @10:31AM (#8189599)
    This is similar to credit card scam that Bruce Schneier pointed out in his latest cryptogram [schneier.com]. Fooling people into eating poison wrapped up as a remedy. Bastards.

    New Credit Card Scam

    This one is clever.

    You receive a telephone call from someone purporting to be from your credit card company. They claim to be from something like the security and fraud department, and question you about a fake purchase for some amount close to $500.

    When you say that the purchase wasn't yours, they tell you that they're tracking the fraudsters and that you will receive a credit. They tell you that the fraudsters are making fake purchases on cards for amounts just under $500, and that they're on the case.

    They know your account number. They know your name and address. They continue to spin the story, and eventually get you to reveal the three extra numbers on the back of your card.

    That's all they need. They then start charging your card for amounts just under $500. When you get your bill, you're unlikely to call the credit card company because you already know that they're on the case and that you'll receive a credit.

    It's a really clever social engineering attack. They have to hit a lot of cards fast and then disappear, because otherwise they can be tracked, but I bet they've made a lot of money so far.


  • by Stingr ( 701739 ) on Thursday February 05, 2004 @10:36AM (#8189653)
    "How 'low' can they go?"

    As low as they need to in order to make a buck.

    Does this really suprise anyone? We've continuously seen spammers/telemarketers/advertisers/etc. sink lower and lower over the years as their tactics are countered. First there was telemarketing then the Telezapper [telezapper.com] gave us all a little hope that the incessant calls would stop. Then the telemarkters came up with a new tool [cnn.com] that beat the telezapper. We responded with the Do Not Call Registry [donotcall.gov] and now the telemarketers are suing on the basis of free speech. They will stop at nothing, not even the breaking the law, to make money.
  • I'll say it once (Score:5, Informative)

    by IWantMoreSpamPlease ( 571972 ) on Thursday February 05, 2004 @10:38AM (#8189676) Homepage Journal
    and I'll say it again, Ad-Aware (www.lavasoftusa.com) is the only spyware removal program that's worth a damn.

    Some of the others that I have seen/tried, are too zealous and end up removing bits that are *required* by proper programs, and end up wrecking things.

    Ad-Aware, good as gold.
    In addition, IIRC they offer a corporate-based version, much like Norton-Antivirus corporate, and that's a slick idea.
  • by Chibi Merrow ( 226057 ) <mrmerrow@monkeyinfini t y . net> on Thursday February 05, 2004 @10:39AM (#8189688) Homepage Journal
    Sitting at a coworker's PC trying to figure out what was wrong with it for her, had an installer popup out of nowhere when no web browser was open offering to install a Spyware removal tool for me. One Ad-Aware update and scan later and her system was behaving fine. Don't remember the name of the program... May of been SpyBan...
    Funnily enough as this article popped up I was on the phone w/ another coworker who had installed SpyHunter on a suggestion from an office mate... Problem was it started giving weird errors and she claims it kept reinstalling itself when she's remove it from Add/Remove Programs. She deleted the folder it belonged in and that seems to have eliminated it finally, but I had to clear a registry entry on her PC for her that was trying to start it...
    Funny thing was whatever genius wrote the software didn't enclose the path to the program in quotes, so it was trying to run C:\Program... That's really the kinda programmer I want mucking about deleting 'Spyware' off my PC.
    Thank God for Lavasoft...
  • How can you tell (Score:3, Insightful)

    by loconet ( 415875 ) on Thursday February 05, 2004 @10:41AM (#8189711) Homepage
    From their website:

    "About SpyBan
    SpyBan is a cutting edge software, which is able to detect and remove all popular forms of spyware programs including Trojans, system monitors, keyloggers and adware. You don't need to be a computer expert, or spend a lot of time learning how to use it. SpyBan is one of the most user friendly spyware protecting programs available on the market today and it is 100% FREE!"

    Technology
    SpyBan has very advanced algorithms, which not only can detect primitive and old spyware, but can detect new generation applications as well. SpyBan loads every time you start your Windows and appears on your taskbar next to clock. If you point your courser to the SpyBan icon and click on it, SpyBan will appear. If you click on "Scan Now" icon, SpyBan will immediately start scanning your computer's hard drive for existing spyware all available local disks.


    The descriptions themselves reek of spyware.
    • No where does it say: "SpyBan has no spyware". Unless it doesn't specifically say it doesn't have spyware, I assume that anything downloaded for free from the Internet actually does have spyware. Three good free programs I've found are: 1. Ad Aware 2. Spybot search and destroy 2. AVG Anti virus free edition
    • The fact that there are descriptions at all puts it a cut above most spyware. Of course, they would seem less like something nefarious if they they had more than a tenuous grasp of English.

      "Now Billy, pay attention! Sigh. You need to learn proper use of subject and predicate, because you'll never amount to anything besides a worthless huckster. What is wrong with the following sentence 'I send you this file in order to have your advice?'"

    • But it is easy to use! It invades your privacy with no user input at all!
  • Maybe Dell was smarter than we gave them credit for a few months ago when they refused to recommend any one spyware removal product. Just imagine if they had and it turned out to be this debacle. Ouch. The PR would be horrid.
  • This is the same stuff that makes people open random attachments without looking at them because the "from" is someone they know, or support@microsoft.com or whatever. Somehow they managed to get it past whatever filters there are at download.com (no idea if they do any checking at all) and got their program there, and people were now running it randomly without checking what it really does because it came from somewhere they trust.

    It kind of sucks that you can't trust download.com, but being paranoid a
  • Ok, well WHOIS tells us that www.spyban.net was registered to NicTech Networks, Inc. [nictechnetworks.com] Which is a 'desktop media' corporation based in Minneapolis, Minnesota. Site has a similar design to www.spyban.net, and they claim to 'offer highly-targeted online advertising solutions' with 'a reach of over ten million monthly Internet users'. Sounds right, and they are a domestic US company. I'm presuming something like SpyBan must break one or two laws? (At the very least deceptive advertising?)
  • by real_smiff ( 611054 ) on Thursday February 05, 2004 @10:44AM (#8189756)
    lol. never trust any program that just claims to have "very advanced algorithms" but gives you no details on what they are (i just noticed that people who don't know much about computers are fond of that word, makes them feel big. algorithms.). Really, any program that seems a bit too keen to get you to install it, you should stop and ask, why? Real freeware developers have bigger things to worry about, like maintaining their program & paying for their bandwidth... lol, I could have told you that program was dodgy just by looking at their site.. "not only can detect primitive and old spyware, but can detect new generation applications as well" really, how does that work then? not even Spybot can do that ;) of course this wasn't aimed at people like me.

    I particularly like this bit of their page:

    Need SpyBan?: Your computer and your privacy are at risk if you: - surf the internet more than 1 hour a week - share your computer with another person - make purchases online - use file-sha

    hmm, that's me! sign me up! classic scamster stuff, sad that it got 44,000+ people.

  • by Dark Lord Seth ( 584963 ) on Thursday February 05, 2004 @10:47AM (#8189799) Journal

    Remove spyware which log stuff for other businesses while installing your own. Business-wise very good move, granted you have no ethics and are morally bankrupt. Kind of like McAfee AV marking Symantec products are virusses and then installing trail versions of it's own competeting software.

    • Business-wise very good move

      Thats like saying that if Intel bombed AMD headquarters, it would be a good business move for them. Its not a good business move if you get sued and/or prosecuted.
  • Mozilla? Opera? (Score:5, Insightful)

    by RenegadeTempest ( 696396 ) on Thursday February 05, 2004 @10:49AM (#8189818)
    Most spyware is a result of the lax security of IE. Instead of installing anti-spyware programs (many of which are trojan horses for nasty malware), why not try a browser that doesn't allow the spyware on your system in the first place.
    • Re:Mozilla? Opera? (Score:4, Informative)

      by JediDan ( 214076 ) on Thursday February 05, 2004 @11:17AM (#8190179)
      The browser is only the beginning. It's all those other things that people like installing that pollute the system with crap: desktop modifications (blinky christmas lights), cursors, giant icon collections, etc.

      The less you install the more clean and stable the system - general rule-of-thumb for any windows box as anyone that's been intimate with their registry would know. One program I have to work with every day installs over 70 registry keys (which isn't too bad) but the uninstaller is lucky to find 4 of those.

      *sigh*
  • Download.com (Score:2, Informative)

    by Machine9 ( 627913 )
    Download.com is an insidious and very vile site to begin with. Sure, they have quite a lot of normal, decent shareware there, but it barely makes up for the vast amounts of mal- and spyware they host.

    Not to mention the oh-so-easily abused rating system, and obvious sponsoring BY spyware programmers...

    And with such a reliable sounding name, the average Joe just thinks "hey it's from Download.com how could it possibly be bad? right?"

    And the next thing you know, your computer illiterate relative is on th

  • by Fizzlewhiff ( 256410 ) <jeffshannon@NoSpAM.hotmail.com> on Thursday February 05, 2004 @10:54AM (#8189878) Homepage
    How do you know they aren't selling that info to these same companies?
  • Marketers (Score:5, Funny)

    by blunte ( 183182 ) on Thursday February 05, 2004 @10:56AM (#8189908)
    How 'low' can they go?


    These are marketers. Was that a trick question?

    If I were in a room with a lawyer and a marketer, and I only had one bullet... I'd kill myself.

  • This is good to know, but we need a solution. This is going to get worse before it gets better. What existing laws can we sue these people under?

    Could some simple law be developed that says software cannot do the opposite of what it says it does. Would this work? Or could we make an anti-spyware law that limits what software is allowed to report on without your consent? (Of course, some of these apps probably tell you that they do this in the EULA, which no one reads, but that is a separate issue)
  • by mctsonic ( 231767 ) on Thursday February 05, 2004 @11:01AM (#8189980)
    I've had really good luck with spybot s&d for removing Windows spyware/malware/adware, etc., but though it is freeware,
    I'd really like to use and support an Open Source removal tool - I want to see the source, etc. - in my co.'s environment. Is there such an animal?
  • My mother... (Score:3, Interesting)

    by smkndrkn ( 3654 ) on Thursday February 05, 2004 @11:13AM (#8190133)
    ...got bit by this. She paid something like $30 for a piece of software called spyware nuker. She coplained of pop-ups and general slowness so I took a look around and found out about the questionable activities of this program. Apparently it loads its own pop-ups.

    She finally caved in and allowed me to install Linux on her PC, thankfully!

    I converted my 70 year old grandmother to Linux last year and she loves it...hopefully my mom will stick with it as I usually have to remove viruses and trojans once every couple months.

  • I recommend blocking cookies that aren't from the web site you are at. For instance, doubleclick.com cookies given to you at non-doubleclick sites. These tend to turn out to be either ads.* cookies or other spyware cookies. Mozilla Firebird can easily block them in the cookie options.
  • Spyware? (Score:2, Offtopic)

    <Obligatory elitist linux quim>
    *shrugs* I guess this must be a windows problem.
    </OELQ>
  • by data64 ( 300466 ) on Thursday February 05, 2004 @11:35AM (#8190404)
    The FAQ from alt.privacy.spyware [shplink.com] lists the more popular and trusted anti-spyware/anti-adware tools. Lots of good information and advice in that group [google.com].
    Yes, I know the programs listed in the faq are a bit windows-centric. But guess which platform most posts on that newsgroup are about.
  • by Kurt Gray ( 935 ) on Thursday February 05, 2004 @12:57PM (#8191443) Homepage Journal
    At this office we have several machines with Norton AV pre-installed, what a pain in the ass! I wonder if just letting virii run amock through the office would be less annoying than dealing with Norton's constant nagging for attention. Every-frickin-day at least several times a day a Norton dialog pops up out of nowhere on your screen while you are trying work, simply to remind you of the number of days left in your Norton subscription and do you want to renew now? ... and of course the only two buttons you can click to make the dialog go away are a classic Hobson's choice: "yes, I have my credit ready so please take take more money from me now" or "remind me later, like say in an hour or two when I get even busier" ... then later an complete full-cavity virus scan starts up unannounced no matter how busy your machine is ... and of course the constant demand for you to ineract with Norton while virus updates are being downloaded and then after updates are downloaded it of course will say "click OK now to reboot" not even giving you the option to reboot later.

    Now of course if I'd bother to RTFM and spend my time reconfiguring Norton I suppose I could figure out how to make it less annoying, and then take up more of my time doing the same to every machine in the office... but I was just wondering if the people working for Norton might consider making their products less godamn annoying then the virii they aspire to prevent.

How many Unix hacks does it take to change a light bulb? Let's see, can you use a shell script for that or does it need a C program?

Working...