Spyware is here to stay. It has become a viable part of the economy and, as they say, money makes the world go 'round. Naturally, Lavasoft Ad-Aware SE products will protect you against computer parasites, but we're also committed to educating you with industry information, giving you more power to take preventative actions and to build a stronger defense against unwelcome infiltrators. Don't miss our preventative tips in this issue of Lavasoft News.
Beware - Desktop Hijacks on the Rise Again
Watch out for the Zlob Trojan that poses as a codec needed to view a video, then installs a fake virus and urges its victims to download a rogue anti-spyware program to remove it. Lavasoft has also confirmed that this malware takes advantage of unpatched systems using exploits on web pages. Visit Microsoft Update to ensure that ALL of your critical Windows security pages are updated.
Other victims have been infected by a fake e-card greeting, or even a spoofed e-mail that claims to be Windows Update (Microsoft never sends updates via e-mail). Still more unassuming victims received an e-mail asking them to open a link to see the message (these can be fake e-mails, intended only to infect), or even a link from your 'buddy' in instant messages - but don't trust it if you aren't expecting it. Even your buddy could be infected without his/her knowledge and the virus on their computer is sending you the link with one purpose, and one purpose only - to infect you!
A few of the fake codecs out there include:
We urge you to be aware and watch out for fake codecs. This is one of the favorite methods used by the authors of malware to lure you into downloading a file that infects your computer. If you receive a link for a video that says you need a certain codec in order to view it, be careful! Today, it could be a fake codec that is actually a Trojan just waiting to infect your system.
New variants are being released daily, even faster than Lavasoft receives new samples for detection. And because it does take time for due diligence on detection for the newer variants, it is important to remember that prevention is the key!
AOL Takes Another Blow
StopBadware.org is an educational, non-profit "neighborhood watch" organization designed to inform consumers about downloadable applications; they strive to provide information on badware and "the bad actors who spread it." The group is run by Harvard Law School's Berkman Center for Internet and Society and the Oxford University's Oxford Internet Institute, with Consumer Reports WebWatch serving as a special advisor.
The group's latest in-depth report places an open inquiry status on AOL's free version of AOL 9.0, deeming it to have "badware behavior." The report highlights the fact that AOL software has been installed with applications that, without consumer consent, alter the user's web browser and desktop.
Other specific badware behavior charges include interfering with computer use (by forcing users to take action), making changes to other software without disclosure (by adding to Internet Explorer "favorites"), and deceptive installation (by updating software automatically).
While AOL has apologized for the last breach of information, and has stated they are reviewing the latest incriminating report in order to rectify the situation, the Internet giant has its own view on both incidents.
In a recent New York Times article, AOL spokesperson, Andrew Weinstein, stated that his company believes that the so-called badware problems are "nonsubstantive" and "unmalicious."
Because AOL's response to the situation has been to take steps to address the noted problems, Stopbadware.org has refrained from giving an official badware rating to AOL 9.0.
Yet, for the millions of AOL users worldwide, drawing in more than 100 million monthly online users in the United States alone, who rely on AOL to bring them internet services, a level of trust has surely been violated.
The StopBadware.org web site recommends, "... that users do not install the version of AOL software that we tested, unless the user is comfortable with the level of risk we identify or until the application is updated consistent with the recommendations in this report."
The Changing Face of Children's Online Enemies
The popularity of such sites as hangouts for children is increasing in all corners of the globe. A recent article by the Gulf Times, published out of Qatar, depicts how more and more Indian children, some as young as 10 years old, are turning to Internet chat sites.
The concern, for parents worldwide, is that they may be unaware of the full extent of their children's surfing habits. "Many parents may take precautions in your own households but you cannot control what your children might be exposed to outside of your home or not in your presence," the Gulf Times reports.
"The biggest danger," the Gulf Times maintains, "is the possibility of predators targeting these children."
Because of the acute risk of physical predators that are known to lurk on the Internet, many parents already take precautions to educate children on these types of dangers.
However, these online enemies have also morphed to include malicious software looking for a way to creep into your computer and invade the privacy of your confidential information. Certain popular sites for children may even try to download programs without your kids asking for them.
Most children know that they should not give out personal or confidential details, but it is not difficult for malware and spyware, which are constantly being developed, to gain access to information.
Preventative measures that parents can take begin with installing anti-spyware software, an anti-virus program, and a firewall.
Other positive steps include educating children on the possible dangers of Internet use. Online sites, such as the NetSmartz Workshop, an interactive safety resource for online education powered by the National Center for Missing & Exploited Children, gives parents tips on how to talk to their children about proper Internet use. The site can be accessed at www.netsmartz.org.
State Takes on Spyware
The Attorney General's Office is taking aim at Digital Enterprises, Alchemy Communications, AccessMedia Networks and Innovate Networks after thousands of consumers throughout the nation complained of unfair software practices.
A seven-month investigation by the Attorney General's Consumer Protection High-Tech Unit yielded a suit comprised of six causes. According to a news release by the Washington State Attorney General's office, the arguments range from "misrepresenting the method to uninstall software" to "using threats, harassment and intimidation in billing practices."
The defendants, who offer a three-day trial for several movie download services, such as movieland.com, require users to download software; many of the users say the software installs without prior consent. After the trial period, the software inundates users with persistent pop-up windows and aggressive payment demands.
The state detailed that, "If found liable, each defendant could be fined $100,000 per violation of the Computer Spyware Act and $2,000 per violation under the Consumer Protection Act. They may also be required to pay restitution to affected consumers."
Consumers who have experienced similar problems concerning the defendants in the state's suit can file a complaint with the Attorney General's Office at www.atg.wa.gov
Ad-Aware SE Lands People's Choice Award, Yet Again!
The Shareware Industry Awards are determined by software developers and reviewers, "in 87 countries, all 50 of the United States, and every province of Canada."
The SIAF People's Choice Awards, though, were created specifically so that the public could participate in choosing their favorite software products.
The creator of the awards, Michael E. Callahan, sought to focus attention on the shareware industry at their annual conference, by giving shareware authors a ceremony, "like the Academy Awards."
New Targets in Detection [August 2006]
TAC - Threat Assessment Chart The Lavasoft Threat Assessment Chart (TAC) point system is based on a ten-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAC points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer userís full understanding and approval, then it will automatically be given higher TAC points. A minimum TAC value of 3 is required before the malware is put into detection. Read more on the Lavasoft Research site here.