Lavasoft News, September '06

Spyware is here to stay. It has become a viable part of the economy and, as they say, money makes the world go 'round. Naturally, Lavasoft Ad-Aware SE products will protect you against computer parasites, but we're also committed to educating you with industry information, giving you more power to take preventative actions and to build a stronger defense against unwelcome infiltrators. Don't miss our preventative tips in this issue of Lavasoft News.


News from Lavasoft

Beware - Desktop Hijacks on the Rise Again
The Lavasoft Support Forums have been deluged with daily cries of help from victims of the "Smitfraud" desktop hijackers that are using fake codec to infect their prey.

Watch out for the Zlob Trojan that poses as a codec needed to view a video, then installs a fake virus and urges its victims to download a rogue anti-spyware program to remove it. Lavasoft has also confirmed that this malware takes advantage of unpatched systems using exploits on web pages. Visit Microsoft Update to ensure that ALL of your critical Windows security pages are updated.

Other victims have been infected by a fake e-card greeting, or even a spoofed e-mail that claims to be Windows Update (Microsoft never sends updates via e-mail). Still more unassuming victims received an e-mail asking them to open a link to see the message (these can be fake e-mails, intended only to infect), or even a link from your 'buddy' in instant messages - but don't trust it if you aren't expecting it. Even your buddy could be infected without his/her knowledge and the virus on their computer is sending you the link with one purpose, and one purpose only - to infect you!

A few of the fake codecs out there include:

emediacodec svideocodec
imediacodec v-codec
media-codec vidscodec
mediacodec zipcodec
Newvidscodec intcodec

We urge you to be aware and watch out for fake codecs. This is one of the favorite methods used by the authors of malware to lure you into downloading a file that infects your computer. If you receive a link for a video that says you need a certain codec in order to view it, be careful! Today, it could be a fake codec that is actually a Trojan just waiting to infect your system.

New variants are being released daily, even faster than Lavasoft receives new samples for detection. And because it does take time for due diligence on detection for the newer variants, it is important to remember that prevention is the key!

  • Watch what you download.
  • Be careful where you surf.
  • Do not openly trust attachments or links in e-mail and instant messages. Even your network of friends could be unknowingly forwarding a virus.
  • Be aware of "phishing", cleverly-crafted e-mails that look like they came from an official source like Microsoft, your bank, or some other official office. They often use links in their e-mails that lead to a third-party site (this is a choice avenue of infection).
  • Stay FAR away from cracks and warez sites - you are sure to receive infected files there.
  • More than half of p2p (shared) files are believed to be infected, so use a high level of caution when downloading shared files. The newest 'nasties' are easy to release through p2p files.


AOL Takes Another Blow
Coming off invasion of privacy charges over their disclosure of the search data of over half a million of their users, AOL has been hit with fresh accusations as to how they handle Internet ethics. This time, AOL has been picked up by a report over qualities consistent with badware in their free client software. is an educational, non-profit "neighborhood watch" organization designed to inform consumers about downloadable applications; they strive to provide information on badware and "the bad actors who spread it." The group is run by Harvard Law School's Berkman Center for Internet and Society and the Oxford University's Oxford Internet Institute, with Consumer Reports WebWatch serving as a special advisor.

The group's latest in-depth report places an open inquiry status on AOL's free version of AOL 9.0, deeming it to have "badware behavior." The report highlights the fact that AOL software has been installed with applications that, without consumer consent, alter the user's web browser and desktop.

Other specific badware behavior charges include interfering with computer use (by forcing users to take action), making changes to other software without disclosure (by adding to Internet Explorer "favorites"), and deceptive installation (by updating software automatically).

While AOL has apologized for the last breach of information, and has stated they are reviewing the latest incriminating report in order to rectify the situation, the Internet giant has its own view on both incidents.

In a recent New York Times article, AOL spokesperson, Andrew Weinstein, stated that his company believes that the so-called badware problems are "nonsubstantive" and "unmalicious."

Because AOL's response to the situation has been to take steps to address the noted problems, has refrained from giving an official badware rating to AOL 9.0.

Yet, for the millions of AOL users worldwide, drawing in more than 100 million monthly online users in the United States alone, who rely on AOL to bring them internet services, a level of trust has surely been violated.

The web site recommends, "... that users do not install the version of AOL software that we tested, unless the user is comfortable with the level of risk we identify or until the application is updated consistent with the recommendations in this report."


The Changing Face of Children's Online Enemies
MySpace, Facebook, Friendster, Hi5, Fropper, BingBox... The number of social networking sites for children and teenagers seems to be endless. Unfortunately, so do the online threats that these "cyber friend" sites could pose to households.

The popularity of such sites as hangouts for children is increasing in all corners of the globe. A recent article by the Gulf Times, published out of Qatar, depicts how more and more Indian children, some as young as 10 years old, are turning to Internet chat sites.

The concern, for parents worldwide, is that they may be unaware of the full extent of their children's surfing habits. "Many parents may take precautions in your own households but you cannot control what your children might be exposed to outside of your home or not in your presence," the Gulf Times reports.

"The biggest danger," the Gulf Times maintains, "is the possibility of predators targeting these children."

Because of the acute risk of physical predators that are known to lurk on the Internet, many parents already take precautions to educate children on these types of dangers.

However, these online enemies have also morphed to include malicious software looking for a way to creep into your computer and invade the privacy of your confidential information. Certain popular sites for children may even try to download programs without your kids asking for them.

Most children know that they should not give out personal or confidential details, but it is not difficult for malware and spyware, which are constantly being developed, to gain access to information.

Preventative measures that parents can take begin with installing anti-spyware software, an anti-virus program, and a firewall.

Other positive steps include educating children on the possible dangers of Internet use. Online sites, such as the NetSmartz Workshop, an interactive safety resource for online education powered by the National Center for Missing & Exploited Children, gives parents tips on how to talk to their children about proper Internet use. The site can be accessed at


State Takes on Spyware
The Washington State Attorney General's office in the United States has filed a second case under their 2005 anti-spyware law, accusing four California-based companies of violating both the Computer Spyware Act and Consumer Protection Act.

The Attorney General's Office is taking aim at Digital Enterprises, Alchemy Communications, AccessMedia Networks and Innovate Networks after thousands of consumers throughout the nation complained of unfair software practices.

A seven-month investigation by the Attorney General's Consumer Protection High-Tech Unit yielded a suit comprised of six causes. According to a news release by the Washington State Attorney General's office, the arguments range from "misrepresenting the method to uninstall software" to "using threats, harassment and intimidation in billing practices."

The defendants, who offer a three-day trial for several movie download services, such as, require users to download software; many of the users say the software installs without prior consent. After the trial period, the software inundates users with persistent pop-up windows and aggressive payment demands.

The state detailed that, "If found liable, each defendant could be fined $100,000 per violation of the Computer Spyware Act and $2,000 per violation under the Consumer Protection Act. They may also be required to pay restitution to affected consumers."

Consumers who have experienced similar problems concerning the defendants in the state's suit can file a complaint with the Attorney General's Office at


Ad-Aware SE Lands People's Choice Award, Yet Again!
Once again, Ad-Aware SE has been awarded the annual People's Choice Award by the Shareware Industry Awards Foundation, Inc. Ad-Aware SE won under the 2006 PC World's "Most Votes" category.

The Shareware Industry Awards are determined by software developers and reviewers, "in 87 countries, all 50 of the United States, and every province of Canada."

The SIAF People's Choice Awards, though, were created specifically so that the public could participate in choosing their favorite software products.

The creator of the awards, Michael E. Callahan, sought to focus attention on the shareware industry at their annual conference, by giving shareware authors a ceremony, "like the Academy Awards."


Spyware Newsbits

New Targets in Detection [August 2006]

Name Description
Adware.Axfibula An adware dropper
TrustCleaner.ref A rogue anti-spyware; false positives trick the user into purchasing products
Win32.Backdoor.Lanfiltrator A remote access tool, designed to access the remote computer through a router, LAN or proxy server
Win32.Generic.Annoyware A program that may annoy and/or scare the user
Win32.Generic.Worm Spreads from computer to computer through compromised users
Win32.Hacktool.AmericanPride Features multiple malicious functions used to harm remote systems
Win32.Hacktool.Brontok A tool used to build adware pages
Win32.Hacktool.VncNoAuth A patched version of VNC Client that allows a malicious user to bypass authentication on a remote server
Win32.Keylogger.SoftForYou A commercial keylogger
Win32.Malware.Jeefo Infects .exe and .dll files
Win32.Spyware.Acoona Transmits all URL queries entered in Internet Explorer to a remote site
Win32.ToolEvID A tool that allows changes to the amount of simultaneous half-open connections available by XP. It could potentially harm the system and even result in boot failure
Win32.Worm.Tibick May result in limited damage to the host computer, but it contains an internal IRC client to distribute itself to other users
Win32.Worm.Viking Injects itself into system processes and attempts to spread using Windows RPC services


TAC - Threat Assessment Chart The Lavasoft Threat Assessment Chart (TAC) point system is based on a ten-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAC points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer userís full understanding and approval, then it will automatically be given higher TAC points. A minimum TAC value of 3 is required before the malware is put into detection. Read more on the Lavasoft Research site here.

TAC Index Visual

Home  arrow


Fun Forum FAQs
In August:
New topics: 707
Posts: 3,534
Views: 184,732
New member registrations: 1,853
Overall Stats:
Lavasoft has 8,041 registered members, a total of 15,499 posts, and the most users ever online was 1,291 on June 28, 2006, 11:11 AM
McAfee Plays Fair Again
And we quote, "Several products that were previously marked as incompatible will no longer be flagged (this includes Ad-Aware)." McAfee has patched their updated virus scan, and now both Ad-Aware SE and McAfee users are sighing with relief. Read more at McAfee's forum
Spy Sweeper Conflict Solved
As reported by one of our Lavasoft forum members in August, Webroot has updated Spy Sweeper and fixed all conflicts with Ad-Aware SE. Read more at the Lavasoft Forum
Ad-Aware SE Lands People's Choice Award, Yet Again!
The people have spoken! It's confirmed: Ad-Aware SE is a favorite among computer users around the world. Read more

Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Page footer