Internet Security

Spyware - Understanding and Addressing the Risks

2012-01-15T23:59:00.001-08:00

"Spyware" is no longer simply a nuisance to enterprises. It is estimated that 90% of desktop PCs are infected with some form of "Spyware" (Source : US National Cyber Security Alliance). According to Gartner between 20 and 40% of enterprise helpdesk calls are now related to unwanted "Spyware" programs.

There are different classes or types of "Spyware". These are summarised below.
· Tracking Cookies. Cookies are text files saved by the browser that allow tracking of user activity on a website. Users typically allow cookies as some sites won't work without them or they are useful in that they store information about personal preferences, IP addresses, login information, user options and date and time stamp of the last time the site was visited. Cookies may also contain any information provided by a user during a particular visit - including any personal information provided in the course of completing forms. Cookies are at the most benign end of the "Spyware" spectrum.

· Adware. This form of "Spyware" is responsible for generating the by now familiar pop-up, pop-under, banner, floating and animated advertising seen whilst surfing the web. Adware typically uses advanced scripting that manipulates the browser by exploiting flaws in Java, ActiveX, the operating system and the browser itself. Adware may collect information for cookies and report information directly to sites on the Internet. On clicking-through ads additional cookies or utilities may be installed silently. Some adware makes changes to browser settings - resetting the homepage for example - or to the user system (including Windows registry changes). Often clicking on 'No' or 'Cancel' buttons within the advert result in the same code executing as if the user had clicked on 'Yes' or 'OK'. Adware is the greyest area of "Spyware" - some Adware certainly should be considered as malicious 'malware'.

· Scumware. Scumware modifies the contents of a web page adding hypertext links and alternative text. Scumware can also position competitive ads over the originals. Scumware can also install hidden or background processes and services and should therefore be considered as malware.

· Malware. Originally malware referred to viruses, worms and Trojan horses. The term also applies to the more disruptive forms of "Spyware". Such programs might enable third parties to take control of microphones and web cams installed on a particular client, make changes to browser and systems settings, launch Web activity even when all browser sessions are shut down, install hidden or background processes and services. Keyloggers fall into this category. Malware is the most damaging of all types of "Spyware" from a risk perspective. It should be noted that this form of "Spyware" is increasingly being spread through Instant Messaging applications.

1.1 Different Variants, Different Risks
The different types of "Spyware" present different risks to enterprises. Cookies raise privacy concerns but are relatively low risk.

Adware can begin to impact heavily on productivity. Orthus are aware of several instances where close to 200 different pieces of Adware were present on a single client degrading performance to the point where the client was unusable. In addition to user productivity, productivity is affected through increased help desk calls and the time spent by help desk staff in cleaning up or re-building infected machines - which in turn further impacts user productivity whilst the infected machines are unavailable.

The risk of data leakage - of both personal and corporate information - is a very real threat with the most malicious type of "Spyware".

Mitigating the Risk
The main technologies available to mitigate against the risks associated with "Spyware" within the enterprise environment are discussed below.

Mitigation techniques are two-tiered or two-part - at the gateway and at the desktop level.

Desktop Protection
At the desktop or client there are notably three technologies available to mitigate against the risks posed by "Spyware". These are personal firewalls, dedicated anti-spyware programs, and traditional desktop anti-virus (AV) tools.

AV
In some respects forms of "Spyware" strongly resemble viruses. They are uniquely identifiable, can be detected by scanning the client machine and are sometimes packaged as a set of files that can be removed to clean up the infected system. However many forms of "Spyware" do not reside on disk as persistent files - such as hostile ActiveX and Java applets. The motives, delivery mechanisms and often the removal of "Spyware" is different however from the protocols followed for viruses and worms.

"Spyware" is also different in that there is no one definition agreed on what constitutes "Spyware". Some programs that might be classed as "Spyware" - such as Microsoft's Windows Update Notifications - are useful, disclose their tracking capabilities, do not disrupt desktop operation impacting user productivity, and are distributed by responsible companies. "Spyware" therefore needs to be classified and identified by the actions it performs and the level of risk - complicating detection and removal, as the users must be given a choice over what is permitted.
AV vendors - notably Trend Micro, McAfee and Symantec - already have software that is very good at scanning files before they execute. The software also has mature enterprise management suites and the vendors have support teams in place to handle enterprise customers' needs.

Independent reviews and tests show repeatedly that AV tools are not as good at catching "Spyware" as dedicated anti-spyware programs. Whilst AV tools may detect 99% of viruses this number falls considerably to perhaps 70% - when considering "Spyware" programs.

Using the next releases of desktop AV tools to protect desktops against "Spyware" is extremely attractive to enterprises. There is no need to deploy yet another software agent on every machine within the desktop population, there is no need to monitor yet another 'console'. AV already incorporates the management features that enterprises require - such as 'headless operation' and centralised reporting. Enterprises achieve greater consistency with standardisation on a smaller number of vendors, leading ultimately to cost efficiencies.

Dedicated Anti-Spyware Programs
There is an ever-increasing list of dedicated anti-spyware programs available from vendors including Ad-Aware from LavaSoft which is the most popular product with some 128 million downloads to date. Other notable products include SpyBot Search and Destroy, CounterSpy and Spyware Eliminator. Microsoft has also entered the market with Windows Antispyware following their acquisition of Giant Company Software.

Whilst dedicated anti-spyware programs are more effective today at detecting and removing Spyware than AV products this will change over the forthcoming quarters. Most of the dedicated anti-spyware offerings are available as free downloads aimed at consumers / individual users and not at large enterprises. Site licensing is rarely available for example. Some of the emerging vendors have enterprise offerings on their roadmaps. However these companies are small, lack corporate / financial stability in some cases, and typically do not have the support teams and infrastructure in place to handle large enterprise customers.

Orthus are of the view that many standalone dedicated anti-spyware programs will cease to exist in the relatively near future and the dedicated anti-spyware market will not be significant in years to come as established vendors offer integrated AV/anti-spyware/personal firewall products.

Personal Firewalls
Just as AV tools now include some "Spyware" protection so many of the personal firewalls available offer a level of protection as well. These include McAfee, Check Point and Internet Security Systems (ISS) with the release of Proventia Desktop in March 2005. Sygate is following a similar path to Check Point and ISS.

Personal firewalls are recommended for particularly mobile clients that are regularly taken outside of the corporate perimeter and used to access corporate systems from DSL connections in the home and public WLAN hotspots, where typically direct Internet access is also allowed. They are also recommended for fixed desktop and mobile clients in smaller locations where there is little or no gateway level protection in place and where again direct Internet access is available from those locations.

Gateway Protection
Desktop protection is only half of the story when it comes to "Spyware" protection. Gateway level protection is also available.

Blue Coat offer a range of proxy appliances that, in conjunction with popular URL filtering solutions, offer a strong defence against "Spyware". "Spyware" often secretly installs via "drive-by" installers, which install "Spyware" in the background without any user interaction. Blue Coat combats this with anti-spyware policy controls that inspect, filter and block web content associated with "Spyware" installation software. This preventive approach is critical when "Spyware" originates from an unknown web site - not yet categorised within URL filtering solutions - and when there is no known signature available to detect the malicious program.

Gateway protection incorporating a strong URL filtering solution is particularly good in preventing programs on infected systems from sending information back to "Spyware" sites, mitigating against the productivity impact of Adware but also the more serious privacy and data leakage concerns associated with more malicious code. URL filtering solutions also offer some protection from infection in the first place by preventing users from visiting known infected sites.

Gateway solutions typically incorporate logging and reporting features that can be used to identify infected systems thus facilitating a targeted "Spyware" clean-up periodically. This capability is also useful to target mobile clients (notebook PCs) that are not protected with Personal Firewalls that become infected whilst outside the corporate perimeter.

Recommendations
In light of the above Orthus suggest that enterprises take the following approach to mitigating the risks posed by "Spyware" today :

* deploy gateway "Spyware" protection to prevent back-channel communication by infected systems augmented with a leading URL filtering solution.

* use granular reporting capabilities from gateway solutions to identify infected systems and choose a dedicated anti-spyware tool to clean-up infected systems on a case-by-case / ad hoc basis.

* do not deploy dedicated anti-spyware programs across the desktop population - instead wait for AV vendors to add strong anti-spyware capabilities in future releases.

* force remote office branch office based systems to access the Internet via the corporate gateway (where gateway anti-spyware protection exists).

* for remote and mobile clients, in addition to AV, install a recognised personal firewall to increase protection.

SpyWare Frequently Asked Questions (FAQ)

2009-04-27T16:26:00.000-07:00

Q: What is spyware?

A: Webopedia’s sharpness of Spyware is equally follows: Any software with the aim of secretly gathers addict in order in the course of the user’s Internet link devoid of his or else her knowledge, as a rule on behalf of publicity purposes. Spyware applications are typically bundled to the same degree a secret section of freeware otherwise shareware programs with the purpose of tin be there downloaded on or after the Internet; however, it ought to ensue famous with the purpose of the best part of shareware as well as freeware applications get something done not approach through spyware. Once installed, the spyware monitors client occupation by the side of the Internet then transmits so as to in order hip the education on the road to a big cheese else. Spyware tin moreover arrange in rank vis-а-vis your e-mail addresses furthermore stable passwords along with prestige certificate numbers. For a ample convey break http://www.virus.ca

Q: How does spyware cause hooked on my computer?

A. Spyware regularly arrives passing through an computerized download on or after a website you are surfing. If you download freeware or else shareware software, spyware preserve subsist embedded during the installation process. Spyware preserve furthermore download by the side of en route for your supercomputer from beginning to end send an e-mail to attachments.

Q: What is a cookie?

A: They slight documentation otherwise are pieces of in sequence so as to are positioned wearing your trap browser on the way to footprint confusion habits. Cookies are regularly useful; as a a tangled web locate tin trail to you give birth to visited it facing in addition to permit you key the location lacking a registration process. Cookies are what's more second-hand in the direction of persevere with trail of your proceed out of a trap store. They are and worn on the way to make specially website ads just before your likes then dislikes. Some cookies tin subsist well thought-out spyware.

Q: How figure out I be knowledgeable about condition my central processing unit has spyware?

A: Typical symptoms of spyware embrace a slower PC than normal. If your CPU unexpectedly starts headed for scurry if truth be told slow, what time it not at all second-hand to, it follows that it can be present infected and spyware. Spyware regularly hogs organism income counting the recollection as a consequence rigorously floppy space, therefore your workstation slows down. Another symptom is stipulation you follow popups proceeding sites anywhere you didn’t obtain them before. To regain out, organize a Google search. If you step a insert happy next you perhaps maintain adware otherwise spyware as Google does not own popups. Another symptom is once your complication browser’s homepage is hijacked as you depart online. If your browser is abruptly redirected on the road to a foreign website, it’s a large amount expected spyware.

Q. Why is spyware careful dangerous?

A. Spyware tin can settlement your privacy in addition to bestow others as well as in turn regarding you furthermore your processor routine lacking your knowledge. Keylogger spyware preserve capture your

keystrokes plus mail it on the road to a third party. This may possibly expose your abuser IDs in addition to passwords near thieves. Other spyware add in trojans which set a limit a big shot toward project keen on your computer

remotely moreover practice it headed for convey spam or else launch malicious attacks on top of supplementary computers never-endingly the

Internet, construction it peek be fond of you are next to fault.

Q: What is a “jacker” otherwise a “switcher?”

A: These are slang terminology in lieu of Hijackers, otherwise applications with the purpose of hope against hope alter your browser domestic page, your evade exploration engine afterward steady redirect you absent commencing websites you stab on the way to reach. Though the label hostage taker sounds in the vein of individual anyone is at the rear of it all, today, present are several scams connecting Browser hijackers, which are malicious programs.

These programs container and construct pop-up ads representing pornography, enhance bookmarks in the direction of Internet Explorer’s Favorites folder, plus container flat redirect users toward porn websites while they mistype URLs.

Q: What’s the diversity relating Adware in addition to Spyware?

A: Adware is an function so as to pops in the lead advertisement banners or else windows by random.

Adware be able to in addition live seen happening your browser contented dressed in pardon? is acknowledged the same as pop-ups. Spyware gathers in a row just about your computing habits.

Q: I receive a spyware remover course bar I don’t judge it has detached a definite spyware line up happening my computer. What ought to I do?

A. Just in the vein of your anti-virus program, you require near modernize the spyware signature store trendy your anti-spyware encode thus with the purpose of it wish fastening additional spyware programs. If you before now take antispyware software, progress addicted to your spyware plan then date stipulation it has a fashion on the road to keep posted these files. Or you tin ensconce CyberDefender AntiSpyware 2006 instead of a uninhibited trial, then escort pardon? spyware your instruct is missing. Visit http://www.virus.ca/anti-spyware-download.asp

Q: Is near a line of attack with the purpose of I be capable of scrap spyware manually?

A. If a spyware predetermine is same obvious, in place of example; rider it adds itself near your menu impede then remain bring into being scheduled here your Add/Remove Programs slant in vogue the Windows Control Panel. Click START, after that Control Panel, it follows that Add/Remove Programs next appear in place of a agenda with the purpose of you don’t recognize. Sometimes it is obvious….such to the same degree “XXX dialer.” Simply make use of the Add/Remove Programs highlight headed for cut off it.

Q: How know how to I occur positively with the intention of my mainframe not at all gets spyware?

A: There are countless anti-spyware programs without a break the marketplace today; however, CyberDefender AntiSpyware 2006 catches spyware the others miss. Plus, CyberDefender’s untested know-how monitors your processor constantly, by means of untested in the early hours cover technology. Every laptop without stopping the CyberDefender interact is lying on the sentinel in place of suspicious library as well as news them on the road to Threat Central - http://www.virus.ca/anti-spyware-download.asp Lightning-quick updating ensures you are sheltered starting spanking cyber-attacks nearer than whichever new anti-spyware tool. AntiSpyware 2006 is congruent in the company of every one of further chief anti-spyware products.

Because CyberDefender AntiSpyware 2006 facility in addition to additional spyware software, it’s simple on the way to paddock a test, with agree to CyberDefender detain the spyware your additional anti-spyware is missing. It’s resembling indemnity then preference grant an extra layer of protection. Or qualification you sort out not by now engage in a spyware program, mount lone of the on the house anti-spyware programs such the same as Microsoft’s released anti-spyware program. Then rush scans by means of every one program. CyberDefender AntiSpyware 2006 hope against hope a large amount liable perceive other spyware.

Q: How does the CyberDefender Threat Central work?

A: Threat Central ranks threats on or after solitary on the road to ten according in the direction of its Universal Severity Scale Threats rated on top of five are well thought-out viruses whilst threats ranked underneath five are measured spyware or else adware.

CyberDefender Universal Severity Scale

Category 7-10 Very High

Category 5-7 High

Category 3-5 Moderate

Category 1-3 Low

Viruses rated by means of CyberDefender’s Universal Severity Scale by seven near ten are careful Very High hazard then precise dangerous. Typically these viruses follow abuser leisure interest plus impart a from head to foot lay bare of facts moreover method damage. These types of threats are obstinate on the way to hold in addition to exceedingly testing headed for remove. They time and again exercise unauthorized, indistinguishable installation, in addition to trendy tallying toward taking down piano leisure interest furthermore captivating classification snapshots, these Very High chance viruses state the talent just before disable anti-virus as well as anti-virus firewall programs, approachable statement ports, after that convey confidential abuser information just before improbable servers.

Q: How sort out I be familiar with CyberDefender Antispyware 2006 is working?

A: To verify whether your CyberDefender series is running give pleasure to seem to be by the side of the underneath upright distribute plane of your notebook screen. dressed in the icon tray you be supposed to learn the CyberDefender icon which is a indigo surround and the alphabet C adorned secret it. If you work out not attain this within the icon tray peep instead of it by the Desktop with increase by two click by the side of it on the road to begin the program. If you perform not perceive it happening the desktop before inside the icon tray afterward you don’t say the code installed. Please proceed near www.cyberdefender.com en route for download as well as establish the program.

Q. Is near no matter which I tin make headed for bring to a halt spyware?

A. To guard your supercomputer on or after spyware, don’t download programs sooner than companies you are not personal with. Don’t download criminal pirated software. Avoid shareware as well as freeware. agree your browser sanctuary on the way to HIGH. Use CyberDefender’s Internet Security Toolbar next to visiting http://www.virus.ca/anti-spyware-download.asp Its Safe Search introduce long for shield you while surfing the Internet. Last, resting on your Internet Explorer, click Tools > Internet Options > at that time the Security tab in addition to attempt the slider on the road to MEDIUM otherwise sooner HIGH. But be on familiar terms with with the aim of you can oppose entrйe on the road to a quantity of websites you hanker after in the direction of see. Ultimately your unsurpassed put money on is toward find an anti-spyware code plus scrutinize your orderliness regularly.

How to refurbish your laptop after spyware

2009-04-27T16:22:00.000-07:00

There are quite a few types of programs so as to be able to bring about complete damage on the road to your computer- as well as spyware is solitary of them. Spyware is very hazardous as it may perhaps mosquito outmoded influential in sequence on or after your notebook after that lay it in the direction of go to work beside you- production central processing unit refurbish important.

Anti-spyware programs are a necessity condition you are departing toward defend in contradiction of a spyware problem. This may perhaps stop your notebook beginning having in the direction of remain repaired concerning the at the outset place, consequently you ought to explore together remunerated then uncontrolled options modish processor programs with the intention of container shelter you. Some of the further extremely notorious companies comprise Symantec as well as McAfee, though others exist.

The the largest part indispensable of spyware tin now and then live just deleted otherwise indifferent in an anti-spyware program. These types of programs don’t typically pose a lot of a peril then are simple in the direction of obtain rid. Sometimes your anti-spyware instruct force correct certified \"cookies\" of in order your browser food to the same degree this key of spyware, even if you shouldn’t happen especially alarmed.

Some types of spyware container not tell beginning you with your attempts on the road to scrap it. By modifying the arrangement registry, which handles which programs riding boot positive after you create your computer, a spyware instruct tin can reinstall itself both period you ankle boot your computer. By operation taking part in safe and sound style now Windows, you be able to actually take away it not including problems. These are harder on the way to follow purge of, in addition to possibly will expect the good thing of a licensed workstation darning expert, depending never-endingly the circumstances.

The paramount spyware on show nearby in the present day is thus sneaky so as to you may perhaps not unchanging be acquainted with it’s present pending you ensure the property it causes. Some spyware is skilled en route for bypass detection of anti-spyware programs with the aim of aren’t updated, as well as cause havoc scheduled a machine, one’s identity, otherwise extra machines. during this defense you bidding hardship near give up just before a laptop revamp technician, who be able to make a diagnosis your supercomputer next advocate agreeable methods headed for check advance infection.

Other types of programs can appear among spyware with the aim of you be supposed to be there perceptive of. This may perhaps bring in trojans before viruses, in support of example. Whereas the spyware may possibly develop your credentials, a trojan may possibly evaluate in the direction of broaden the code supplementary in the direction of others you may possibly know. This know how to direct on the way to a rife dilemma stipulation it isn’t rigid wearing a correct total of time. You ought to enjoy a habitual customary of preparing your workstation pro plea measures.

Your central processing unit is a waste of time qualification it isn’t organization properly- plus soul such a hefty investment, it be capable of take place completely saddening headed for foresee your supercomputer not succeed correctly. Look in support of a processor patch-up companionship in close proximity your put of residence also progress au fait by way of the employees therefore with the aim of you may perhaps give birth to a fleeting character reference pro at what time possessions stretch wrong.

SpywareBlaster - free antispyware software

2009-04-27T16:12:00.000-07:00

SpywareBlaster, formerly installed, does not administer appearing in the setting moreover nonetheless continues on the road to grant security not including the requirement on behalf of customer interaction.

SpywareBlaster prevents ActiveX-based spyware, adware, dialers, with browser hijackers beginning installing by your logic near disabling the CLSIDs (a procedure second-hand not later than software applications near relate a keep otherwise extra item), of spyware ActiveX controls.

A derivative bar just as valuable act obtainable sooner than SpywareBlaster, is its power on the way to thwart spyware/tracking cookies next control the proceedings of spyware/adware/tracking sites taking part in Internet Explorer, Mozilla Firefox, Netscape, Seamonkey, Flock next extra browsers.

Since SpywareBlaster doesn’t examine for, or else neat spyware, save for being affirmed earlier, prevents installation only, you must exploit it appearing in recipe by your enthusiastic malware security applications.

SpywareBlaster is categorically depression maintenance then the just mechanism you ought en route for reminisce is en route for fill in the database, which contains in order without a break celebrated spyware Active-X controls, regularly. Automatic keep posted is as well on hand meant for an yearly fee of $9.95 USD.

SpywareBlaster what's more includes a System Snapshot piece by way of which you tin can brook a print of your laptop voguish its launder state, in addition to afterward revert on the way to this state, undoing every changes prepared beside spyware next browser hijackers so as to take part in infected your scheme even though the confidence in vogue place. I vouch for so as to you understand plus of this worthy feature.

This is an significant guarantee shield tool en route for instate continuously your system; especially rider your browser uses Active-X.

Commentary: As a computer nation, we are insecure

2006-09-07T04:11:00.000-07:00

Consumer Reports recently published a study indicating that 20 percent of households in the United States are currently defenseless against online attacks in the form of viruses, phishing scams and spam e-mail because they do not have an anti-virus software installed on their computers. The study also found that 35 percent don't use software to block or remove spyware.

It is estimated that virus- and spyware-related damages to personal computers cost Americans billions of dollars annually. Fortunately, there are several options for avoiding cyber attacks.

The two top manufacturers of anti-virus software are McAfee and Symantec. Their products range from approximately $40 to $70, depending on the package selected, and can be purchased at most computer retail stores as well as online.

Alternately, Grisoft's AVG program is highly effective in terms of virus detection and can be downloaded for free at the manufacturer's Web site, www.grisoft.com.

Lavasoft's Ad-Aware, also free, detects spyware from pop-up ads very well and can be downloaded at the manufacturer's Web site, www.lavasoft.com.

The difference between the programs insofar as attack detection is minimal; however, preferences such as the user interface may affect your buying decision. For the typical Internet user, having these two free programs installed should be ample defense in the war against cyber attackers.

While improvements are being made every day in terms of punishment for offenders as well as technological advances to thwart attacks, cyber predators are not slowing down their efforts. According to the same survey, the odds of becoming a cyber victim are still about one in three, which has not decreased since last year.

Ultimately, it's up to each person to protect their computer and personal information from online attacks. Given the free programs that are available as well as relatively low-cost packages, there's no good excuse to leave a computer exposed to cyber threats.

Larry Fiorino, the founder and chief executive of G.1440, a Baltimore-based e-solutions firm, writes Web Sightings every week for The Daily Record. The opinions expressed are Mr. Fiorino's and not necessarily those of The Daily Record. He can be reached at 410- 843-3800.

Copyright 2006 Dolan Media Newswires
Provided by ProQuest Information and Learning Company. All rights Reserved.

Adware Firm Accuses 7 Distributors of Using 'Botnets'; Lawsuit Claims Defendants Spread Pop-Ups Via Hacked PCs

2006-09-05T19:17:00.000-07:00

Byline: Brian Krebs

A major online advertising company that has been accused by security experts of fueling the spyware problem says it is taking legal action against seven people in six countries who, it claims, used viruses to spread ad software to thousands of computers without their owners' consent.

In a lawsuit filed yesterday in a federal court in Washington state, Bellevue-based 180Solutions names seven of its affiliates -- individuals whom it paid to distribute the company's software, which causes advertisements to "pop up" depending on which Web sites the users visit -- and accuses them of installing it on thousands of Microsoft Windows PCs that they had infected with computer viruses. The company seeks unspecified damages and a halt to their distribution of its software.

The legal action is the latest effort by 180Solutions to clean up its image following years of criticism for failing to more closely monitor its distributors and crack down on those who profit from installing its software illegally. Since January, the company says, it has severed ties with more than 500 distributors who were found to have installed its "adware" without the recipient's knowledge or consent.

180Solutions claims the affiliates used "botnets" -- large groupings of hacked, remote-controlled computers or "bots" -- to distribute and install their software. A single botnet can consist of thousands of computers, most sitting on desktops of innocent users who have no idea that a virus infection is allowing a hacker to use their PCs for illegal purposes.

Online criminals have long used such networks to steal sensitive information from their victims, distribute junk e-mail and to wage debilitating "denial of service" attacks that inundate Web sites with so much bogus traffic that they can no longer accommodate legitimate visitors.

Increasingly, however, botnets are being used to install spyware and adware. McAfee Inc., a computer security company based in Santa Clara, Calif., said it witnessed a 12 percent increase in the number of adware programs installed on computers in the second quarter of 2005, an increase it said was driven heavily by the proliferation of bot programs configured to install the adware.

The legitimate distribution method for 180Solutions contractors is to embed computer code into their Web sites that asks each visitor for consent to install, in exchange for access to content on the site. Each time a visitor agrees, the Web site owner earns a small commission, usually between 5 and 20 cents. 180Solutions requires its partner Web sites to prompt visitors for approval, but security experts have documented hundreds of sites that use security holes in the visitor's browser to quietly install the adware without permission.

Armed with a botnet of several thousand computers, distributors can make big money, and fast. LoudCash.com, a Quebec-based distribution firm bought by 180Solutions earlier this year, promises affiliates "big league payouts" and claims to offer the best per-installation rates in the industry, currently 25 cents.

LoudCash's site features a "revenue calculator" which prospective affiliates can use to estimate their monthly earnings. An enterprising hacker controlling a network of just 5,000 PCs -- and at least half of the target computers are located in the United States -- that bot master could make as much as $744 a day, or $22,346.25 a month, according to the company's calculator.

That sort of easy money is a strong draw for hackers who already control botnets and are willing to use them as platforms for spyware and adware, said Sam Norris, president of San Marcos, Calif.-based Changeip.com, a company that helps Web sites remain reachable at the same domain name no matter how frequently their numerical Internet address changes. These "dynamic DNS services" allow botnet operators to periodically change the location of the Web servers used to control their networks, thus making them much harder to detect or shut down.

Norris said that each week he terminates several new Changeip.com accounts that appear to be connected with botnet and spyware activity. In the spring, Norris began tracking one customer who was using Changeip.com's services to control a botnet of 40,000 computers. Norris obtained a copy of the virus the customer used to infect machines and install the 180Solutions software; the programming code also contained an affiliate ID number issued by LoudCash.

Norris alerted 180Solutions to the activity, and the advertising company said it later traced that affiliate ID to one of the defendants. The bot program directed computers to download and install 14 different adware products, more than half of which were produced by 180Solutions, Norris said. The virus also included at least 30 other features, including the ability to capture all of the victim's Web traffic and keyboard keystrokes -- with a particular interest in Paypal user names and passwords. Other programs installed by the bot allow the attackers to peek through the user's Webcam, or steal PC game registration keys.

The lawsuit alleges that the defendants -- Eric de Vogt of Breda, the Netherlands; Jesse Donohue of South Melbourne, Australia; Khalil Halel of Beirut; Imran Patel of Leicester, England; Zarox Souchi of Toronto; Youri van den Berg of Deventer, the Netherlands; and Anton Zagar of Trbovlje, Slovenia -- used botnets to install 180Solutions' software. The company has notified the FBI about its findings, but an FBI spokesman declined to say whether the agency was investigating the claims.

Five of the defendants were contacted by washingtonpost.com but have not responded to requests for comment.

180Solutions attorney Kevin Osborn said the company does not know exactly how many illegal installations the seven former affiliates were responsible for, but estimates that in all they were paid at least $60,000 during the weeks and months that they worked for the company.

David DeLanoy, manager of partner development at 180Solutions, said the company's software is installed on about 20 million computers worldwide, but that so-called "rogue installs" account for just five percent of that user base. 180Solutions made more than $50 million in revenue last year through its software, which serves online advertisements for some of the nation's largest companies, including Cingular, Expedia.com, JP Morgan Chase, Monster.com and T-Mobile International.

But 180Solutions' estimates don't sit well with Ben Edelman, a PhD candidate at Harvard University who has documented the most egregious practices in the adware industry. (Edelman was hired in 2003 as an expert witness by The Washington Post Co. and other news outlets in their lawsuit against the Gator Corp. -- now Claria Corp. -- one of 180Solutions' biggest competitors. The media companies accused Gator of serving pop-up ads over the Web publishers' pages without their permission. Gator later settled the suit.)

"I'd estimate that more than half of [180Solutions'] 'users' have no idea they even have the software, let alone ever consented to installing it in the first place," Edelman said. "The company says in one breath that rogue installs account for just 5 percent of their user base, but they also say they have no real way of knowing which installs are legit, so I'm not sure how they could really draw that estimate."

Edelman said that if the companies do know which installations were fraudulent, it should already have devised a way to remove them.

"There is no reason for them to have waited this long, except to receive the revenue that those installs bring in," Edelman said.

Eric Howes, a spyware researcher at the University of Illinois at Urbana-Champaign, said 180Solutions is not only a major cause of the spyware and adware problem, but that it also is in a position to significantly clean up the problem.

Howes pointed to the turnaround in the past year of WhenU, once reviled for its aggressive adware installation tactics. Last year, for example, the company announced it would no longer allow partners to install its software through Microsoft ActiveX, a component of the Internet Explorer Web browser that adware company affiliates have long used to conduct illegal "drive-by" installations.

"WhenU pretty much put an end to the problem of sleazy installs of its software, so we know it can be done," Howes said. "180's enforcement division has really got to get up to speed, because I've seen no evidence they have a robust enforcement division, other than when they occasionally track down leads that people in the anti-spyware community hand to them."

DeLanoy said the company is putting new technologies in place that will allow it to better track how its software is installed and by whom, and ensure that users agree first. In the meantime, 180Solutions is using its ad-serving network to display pop-up notices warning customers that its software may have been installed on their computers without their consent and providing instructions on how to uninstall it.

Later this year, the company also will begin uninstalling its software from computers on which it has reason to believe that the software was installed in violation of the company's terms, DeLanoy said.

Changeip.com's Norris commended 180Solutions for its actions, but said the company and other adware vendors need to be far more aggressive in policing their affiliates.

"Right now there are a lot of people distributing their software like this and getting away scot-free, and every day we're seeing more and more people getting into this," Norris said.

Viruses and spyware have created a huge market for security software and services. At-home computer users invested more than $2.6 billion in software to protect their computers during the past two years, according to a study released this month by Consumer Reports. Even with those protections in place, however, consumers spent more than $9 billion on computer repairs and parts due to damage inflicted by viruses and spyware.

(c) 2005 Washingtonpost Newsweek Interactive
(c) 2005 Gale Group

Taking Internet security off the backburner: it's the whole company's job, not just IT

2006-09-05T19:10:00.000-07:00

Identity theft, spyware, adware, spam, phishing, pharming, online fraud--these modern-day threats require CEOs to constantly reassess the emerging dangers of the Internet and reconsider what they're doing to protect the company, employees and customers.

Not focusing on Internet security is like opening the cash register to hackers and thieves. I know from experience. When I joined Network Solutions in 2001, our fraud rate was an astounding 19.88 percent. One out of five dollars was a fraudulent transaction. Nothing was being done about it; today, our fraud rate is 0.18 percent, lower than the most popular offline merchants.

Yet today, the problem of security is worse for business than it was in 2001. The types of security violations have multiplied. The creativity and savvy of hackers and scamsters has grown. Why should businesses care? If your systems are infected, the cost and disruption of a cleanup are large. If you sell online, a sense that the Internet cannot be trusted means customers spend less. Even if you sell nothing on the Internet, it can be a powerful tool to reduce costs for your business, such as Internet-based customer support. If customers feel their information is not secure, they will not use the medium. Even more, if your business is the one publicized for a security breach, who is going to trust you with important information necessary to transact business with you? If someone puts up a Web site that looks like yours and collects customer information, when the word gets out will customers still come to you?

Internet security must be a top-level priority. The first step: Don't fall into the trap of thinking that Internet security is solely the job of your information technology team. Frankly, most IT people do not think like crooks. Even when the IT department has the capability to design protective systems, that alone will not stop the bad guys. As long as employees can communicate with the outside world from their desk, you have a hole. So the responsibility of Internet security rests with every single employee who has any connection to the outside world (including those who manage online logistics, inventory management, and e-billing), anyone who sends an e-mail.

At Network Solutions, we filter out millions of spam messages daily, and in addition, we post security alerts and tips on our internal Web site and ask all employees to notify the IT department of any suspicious e-mail activities or network performance issues. We scan desktop systems daily for adware, spyware, viruses and worms. At times, we even disable communications systems such as Instant Messenger if we learn other companies are experiencing security violations through them. This helps keep our own systems clean and cuts down on the chance of a violation of customer information through the back door. Regardless of how strong your security policies and programs are, people are still both the biggest risk factor and the best defense.

And don't think that the world's biggest companies are the biggest targets. The vast majority of these security breaches happen in small businesses. No matter what size business you run, the bottom line is that your bottom line is only as good as your Internet security. Some basic measures we should all make a priority:

Realize that security is not the real cost. Not having proper security measures and focus in place is the real cost--the cost of fraud, the cost of cleanup, the cost of lost customers--which could put you out of business.
Internet security is not just an in house concern. With many more services being outsourced, it's vital that confidentiality and protection of sensitive materials be maintained both contractually and by checking the provider's security history.
Quick communication should be automatic when security breaches occur, internally and with external partners. This is not the time to hide bad news (in fact, it is illegal to hide a security breach under the laws of several states).
Limit the collection of sensitive personal information. We're seeing a move away from using such sensitive data as social security numbers as identifiers.
If it's sensitive, encrypt it. A firewall is no guarantee. Consider encrypting customer data you store and getting an SSL digital certificate to secure data in transmission. It gives customers a much greater sense of security.
If you have a Web site, get a site seal. This allows customers to know the site is yours, not a phishing or pharming operation to steal their information, which more than half of them fear.

While these precautions do require the focus of the business community, we need to make systems as user-friendly as possible. Dedication and attention to detail is one thing; an overloading and complex burden on users is another. Internet security is only as strong as peoples' compliance.

The Internet has changed the way in which we all conduct business, almost all for the better. Yet we also need to get serious about making business on the Internet safe. It's the only way we can continue to make people feel confident about the Internet. And that confidence is the only way we'll see this medium reach its full potential.

Yahoo and Symantec unveil joint consumer Internet security service

2006-09-05T19:07:00.000-07:00

A joint consumer Internet security service has been unveiled by Internet company Yahoo Inc and security solutions company Symantec Corp.

The two companies will offer the Norton Internet Security product from Symantec to Yahoo's customers, while Symantec will gain access to the customers using Yahoo services. The agreement is expected to help the companies compete against competitors such as software company Microsoft Corp and Internet search engine Google Inc.

The co-branded Norton Internet Security product will be marketed by Yahoo and Symantec through the Yahoo network, which incorporates online services such as Yahoo Search, Yahoo Mail and Yahoo Toolbar. Symantec will offer its anti-virus and online firewall protection on Yahoo's Online Protection for broadband users and provide Norton Spyware scan for the Yahoo Toolbar.

Yahoo customers can sign up for a free 30 day trial of Norton Internet Security, which blocks viruses, spam and adware, and then purchase a USD49.99 12 month subscription, which includes a USD20 discount for Yahoo users.

Sweeping for Spies, Improved

2006-08-11T02:28:00.000-07:00

by Konstantinos Karagiannis

Adware, key loggers, and other spyware can send personal information about you out to the wired world, as well as make your machine run sluggishly. Spyware-removal tools are as important as firewall and antivirus packages these days. We covered nine removal tools in our April 22, 2003 issue, but we never thought our last-place entry would improve so much within two seasons. Webroot's Spy Sweeper 2.1 (yearly subscription, $29.95) is now a viable choice.

The slick new version sets up by default to run when Windows is started and will prevent your machine in real time from installing or activating spyware.

When a snoop is found, the program identifies and defines it to the user and prompts for permission to scan and quarantine it. You can then decide whether to delete it and other offenders permanently. Spyware you may have to live with is also identified. For instance, Spy Sweeper tells you that Cydoor Peer-to-Peer Dependency is necessary to keep Kazaa or a similar client running.

A subscription product, Spy Sweeper automatically updates itself with what seems to be a wonderfully current database. The program found a couple of spyware apps and traces that even our previous Editors' Choice, SpyBot Search & Destroy, left happily running on our test systems (although these do not seem particularly malicious).

For Spy Sweeper to be most effective, you have to be aware of its settings and invoke the program occasionally. A little experimentation showed us that someone with access to your machine can install, say, a key logger, and then tell Spy Sweeper to ignore it in future scans.

Fortunately, if you pay attention during such future scans, you'll still notice the installed covert app such as Spector or WinWhatWhere mentioned at the bottom of the scan window as being present. If you do see something there that you didn't okay in the past, drill into Options and the Always Keep tab to remove it from the list. A nice future improvement would be to password-protect the interface.

While SpyBot is still free and likely to keep improving as well, Webroot's Spy Sweeper 2.1 is a tough service to pass up.

Copyright © www.ziffdavis.com

Software combines anti-spyware and privacy protection

2006-08-10T04:56:00.000-07:00

By safeguarding files, folders, and applications against unauthorized access, Internet Cleanup(TM) v5 for Windows protects user privacy from spyware and phishing scams as well as intruders trying to gain access to sensitive information. It erases Internet data trail and permanently removes tracking devices left on computers by visited websites. User can select security level to block banner ads and pop-ups, and software can be scheduled to clean remote computers as well as local computer.

Internet Cleanup 5.0 Combines Anti-Spyware and Enhanced Privacy Protection to Provide a Comprehensive Solution for the PC

ALISO VIEJO, Calif., June 21 -- Smith Micro Software, Inc. (NASDAQ:SMSI) announced a new version of Internet Cleanup(TM) for Windows. Internet Cleanup 5.0 has been redesigned to enhance protection of your privacy online and offline. Using Internet Cleanup 5.0 users' not only protect their privacy from spyware and phishing scams but also from intruders trying to gain access to their personal information.

Internet Cleanup 5 protects files, folders and applications from unauthorized access and blocks sensitive information from being transmitted over the Internet. Internet Cleanup 5 erases their Internet data trail and permanently removes tracking devices left on computers by websites they have visited. Users can easily select a security level to block banner ads and pop-ups. Informative statistics tells users the number of unwanted cookies and history files, their cache size, Active X controls, recent list entries, and more. Internet Cleanup 5 allows scheduled cleanings of remote computers as well as the local computer.

"Internet Cleanup 5 protects your private information from intruders, spammers, keyloggers and other spyware," said Pauline Shumake, Senior Product Manager, Smith Micro Software, Inc. "With Internet Cleanup's QuickFill feature you can deflect keyloggers by limiting the keystrokes you use to enter private information."

Internet Cleanup 5's redesigned interface includes a new spyware engine with a quarantine feature that detects and removes more spyware than ever. Configuring Internet Cleanup's features is easy with the new Configuration Wizard. Protection against phishers and spammers is built right into Internet Cleanup.

Internet Cleanup 5.0 also contains the following features:

RE-DESIGNED ANTI-SPYWARE ENGINE WITH QUARANTINE -- Internet Cleanup 5 now detects and removes more spyware than ever. Place offending files in quarantine or destroy them forever. Internet Cleanup 5 protects against the newest spyware programs with one year of routine updates to give users the latest security.
QUICKFILL(TM) STOPS KEYLOGGERS -- Internet Cleanup 5 protects users from keyloggers even before they know they have one installed. QuickFill enters user's private information for them so that keyloggers cannot record those telltale keystrokes that reveal account numbers, PIN's and like.
SPAMCATCHER(R) -- Award winning anti-spam tool, SpamCatcher, has been integrated into Internet Cleanup. Combining six anti-spam tools and vast network of users, it blocks 99% of unwanted emails, just letting in the emails that users want. Internet Cleanup users enjoy a full year of spam filter updates.
ANTI-PHISHING -- Internet Cleanup blocks phishing attacks from getting through to email in-boxes with fingerprint technology and ScamDefense tools. Anti-phishing protection requires no set-up and starts automatically as soon as SpamCatcher is activated.
PASSWORD GENERATOR -- Generate complex and random passwords and keep them in an encrypted keychain for easy and protected access. Easily generate passwords for use in any program, utility, or website.
USER INTERFACE -- Internet Cleanup has been re-written to enhance the user experience. Features are easier to use, faster to get at, and easier to set up.
CONFIGURATION WIZARD -- Setting up Internet Cleanup's privacy protection and anti-spyware is a breeze with the new Configuration Wizard. Set up passwords and profiles during installation or any time thereafter.

Pricing and Availability

Internet Cleanup sells for MSRP of $29.99. Users of earlier versions of Internet Cleanup can upgrade to Internet Cleanup 5.0 for a special price of $14.99. This offer is available for a limited time only. To upgrade go to: http://www.allume.com/store/upgrades.

To learn more about Internet Cleanup, on the Net visit: http://www.allume.com/win/cleanup/

To learn more about and our product lines visit: www.smithmicro.com or www.allume.com.

About Smith Micro Software:

Smith Micro Software, Inc., headquartered in Aliso Viejo, CA, is a developer and marketer of wireless communication, broadband and utility software products for multiple OS platforms. The company designs integrated cross platform, easy-to-use software for personal computing and business solutions around the world. With a focus on Wireless and Broadband technologies and the Internet, the company's products and services enable wireless communications, file and image compression, digital image and music management, eCommerce, eBusiness, Internet communications (voice-over-IP), video conferencing, and traditional computer telephony. The Consumer division develops and publishes award-winning software solutions for Windows and Macintosh, empowering users in the areas of information access, removal, recovery, security, and Internet distribution. Our leading brands are QuickLink(R), StuffIt(R), Internet Cleanup(TM) and Spring Cleaning(R). Smith Micro's complete line of products are available online at the company's websites, direct from our enterprise group, retailers, and through original equipment manufacturers (OEMs) symbol SMSI. For more information, contact Smith Micro at (949) 362-5800.

Smith Micro and the Smith Micro logo are trademarks or registered trademarks of Smith Micro Software, Internet Cleanup is are trademarks or registered trademarks of Smith Micro Software. All other trademarks and product names are the property of their respective companies

From www.productnews.com

First post

2006-08-10T04:37:00.000-07:00

Now I am starting this new blog to publish some info on internet security.