Many of you have perhaps learned a second or third language. It's not easy is it? However, if you stick with it, the aggravation of struggling with your words one day pays off when the light switch turns on and you just get it. For those of you new to the world of spyware, all the technical terminology may seem foreign to you, but here at Lavasoft News, our goal is to skip that initial aggravation and just keep it simple. This issue is a lesson in spyware education. Find out about how spyware trends are heading in a scary direction. Cyber crime is becoming more organized and more devious. The authorities have caught up with some of these online creeps, but it's also up to you to protect yourself. Stay educated. Stay with us at Lavasoft.
Scary Spyware Trends
It used to be that when you thought of cyber crime you imagined a teenager sitting at his computer in his basement trying to hack into some government agency. And he just wanted to make a name for himself.
Those days are gone. Cyber crime is becoming more organized, according to top U.S. officials.
"There has been a change in the people who attack computer networks, away from the 'bragging hacker' toward those driven by monetary motives," Christopher Painter, with the Department of Justice Computer Crime section, told Reuters. "There are still instances of these 'lone-gunman' hackers but more and more we are seeing organized criminal groups, groups that are often organized online targeting victims via the Internet."
The real danger today lies in what are called "anonymous virtual interlopers". They focus on identification theft, illegal use of bank and credit cards and creating Botnet armies that can hijack hundreds or thousands of computers in an effort to infect other systems.
Profiting from these scams seems to be the name of the game now. Several recently released industry reports have found that malware creators are making money from their code and are therefore creating increasing numbers of sophisticated Trojans and bots.
One recent criminal indictment alleged a convicted bot-herder, Jeanson James Ancheta, received $150 for each of 1,000 infected computers.
Cyber crime is a big business. The FBI (American Federal Bureau of Investigation) estimates that computer crime in general in the U.S. costs industry about $400 billion. In Britain the Department of Trade and Industry said computer crime had jumped by 50 percent in the last two years alone.
And industry analysts expect the problem to only get worse. Gartner researchers expect spyware to infect up to 50 percent of companies in the next two years.
The question is no longer if you'll be affected, but when.
FTC Closes the Book on Spyware Op
The people behind an operation that allegedly installed illegal spyware on computers, which according to federal regulators affected 18 million users worldwide, will have to dig deep in their pockets to settle a complaint filed by U.S. Federal Trade Commission.
In the fall of 2005, at the FTC’s request, the operation had its assets frozen and was ordered to shutdown.
This fall, the commission disclosed that a settlement had been reached, requiring two companies and three individuals to give up just over $2 million of their “ill-gotten gains,” along with a suspended judgment of $8.5 million for alleged violations of the FTC Act.
The settlement is said to be the second biggest ever made by the agency, that has been involved in more than a dozen settlements, totalling around $8 million in the past two years.
The California-based defendants, Enternet Media Inc., Conspy & Co. Inc., Lida Rohbani, Nima Hakimi, and Baback Hakimi, have been distributing software under the names Search Miracle, Miracle Search, EM Toolbar, EliteBar, and Elite Toolbar.
The ruling by the U.S. District Court for Central California permanently prohibits the defendants from interfering with consumer computer use, including distributing software that collects information concerning a consumer’s Internet use and personal information, installing advertising software code, hijacking homepages or browsers, or installing dialers.
The defendants are also prohibited from making “misleading representations” about the performance, features, and cost of any type of software, including misrepresenting that code is an Internet browser upgrade, online security software, music, lyrics, or a cell phone ring tone, the FTC said.
The FTC charges that the defendants caused installation boxes to pop up on users’ computer screens, offering a variety of freeware, or security patches and upgrades to fix supposedly defective browsers. Instead of getting freeware or security upgrades, once consumers downloaded the software, their computers were infected with spyware that interfered with computer use and was difficult to uninstall.
The defendants also allegedly used software code to track consumer Internet activities, change home page settings, insert new toolbars, and manipulate browser windows, the agency said.
Click here to view a PDF of the original FTC complaint.
Jail Time for Worm Creators
Two students behind a pesky worm that wreaked havoc at more than 100 American companies, including media outlets CNN and the New York Times, are doing time behind bars.
Farid Essebar, 19, a science student from Morocco , was sentenced to two years in prison by a Moroccan court in mid-September. An accomplice, 22-year-old Achraf Bahloul, received a one year sentence.
A third man from Turkey has been charged with financing the attack, which disrupted more than a quarter of a million PCs in August of 2005.
"The court convicted the two men for conspiracy, theft, using forged credit cards and illegal access to computer systems," a court official said.
The Zotob worm mostly affected Windows 2000 systems, taking advantage of a bug in the operating system’s Plug and Play service that had been patched by Microsoft days earlier.
Privacy Issues Surround Emerging Google Software
A software prototype that Google is developing will allow the company to listen in on the “ambient sound emitted from a TV,” in order to simultaneously send tailored information and advertising to your computer.
The new technology will gather background sounds, like those coming from shows on the TV, through a PC’s built-in microphone. The software breaks the audio sample into five second snippets, creating a digital fingerprint.
The fingerprint is matched to a similar one in a database, and then shows online content related to what it found. The personalized software could include advertising, search results, or a chat room on the subject.
Two research scientists on Google’s Research Blog explained the benefits of the software, saying, “The system could keep up with users while they channel surf, presenting them with a real-time forum about a live political debate one minute and an ad-hoc chat room for a sporting event in the next.”
In a recent Technology Review article, Google’s director of research, Peter Norvig, said that the software will eventually showup in Google products. According to Google’s Research Blog, company researchers presented a paper detailing the software prototype at the Euro Interactive Television Conference (ITC), which took place in Athens this past June.
Due to issues of privacy invasion, it seems that civil liberties activists could have strong arguments against putting this technology into practice.
However, according to researchers, the fingerprinting technology in the prototype makes it impossible for the company to eavesdrop on other sounds in the room, such as personal conversations; the only personal information revealed, Google says, is TV-watching preferences.
"Some people did get the impression that we had an open microphone that was going to listen in on them. Clearly, that was not what we were doing. We are transmitting a key that can be matched but not reversed.” Norvig said, in the same Technology Review article.
According to their paper on the subject, which was presented at the Euro ITC, Google researchers contend that their goal is, “to combine the best of both worlds: integrating the relaxing and effortless experience of mass-media content with the interactive and personalized potential of the Web, providing mass personalization.”
Industry Questions Consumer Reports' Testing Practices
Security vendors are up in arms over Consumer Reports' "State of the Net 2006". Just days after the September issue hit newsstands, the magazine's anti-virus testing procedures were raising eyebrows.
Lavasoft's CEO, Ann-Christine Åkerlund, finds the testing practices of Consumer Reports "highly suspicious. We're keenly aware of the reputable anti-spyware programs and how they detect spyware. That is why we question how one program receives top ranking while Ad-Aware SE anti-spyware is ranked fifth, according to this Consumer Reports analysis."
Industry analyst, Mary Landesman, agrees. She takes on the Consumer Reports methods in her article, Testing Hocus Pocus, and also refers to the 5,500 new viruses created in order to support the tests.
McAfee AVERT's Igor Muttik posted a blog on the security company's website taking the publication to task for hiring a lab to design new virus variants. "Creating new viruses for the purpose of testing and education is generally not considered a good idea& Viruses can leak and cause real trouble," Muttik wrote.
Adware Report online also criticized the technique, "Basing test results on fabricated viruses is misleading. The testers claim that viruses are the "kind you'd most likely encounter in real life". However, they have no way of knowing this. There is no substitute for real-world conditions."
To rate anti-spyware software capabilities, CR used the public suite of Spycar scripts, whose own website states the product uses "tools designed to mimic spyware-like behavior, but in a benign form."
"It's not a serious testing tool," said Alex Eckelberry, chief executive of Sunbelt Software, whose product CounterSpy rated seventh on the list. "It (Spycar) is specifically designed to test how well anti-spyware programs block unknown applications, not (how they) scan and remove."
Consumer Reports defended its testing methods to Eckelberry in a letter, "We chose this approach because we felt it best captured the flexibility of the software."
Lavasoft did contact CR for a comment, but nothing had been received at publication time.
Lavasoft Questions PC World's "Spyware Fighters"
Dear PC World:
First off, we fully understand why you chose to review Lavasoft's Ad-Aware SE Personal in your August 25th article, "Spyware Fighters."
You're right: it is popular software! In fact, Ad-Aware SE is trusted by more than 200 million computer users worldwide.
But, what we don't quite comprehend is why your article ranked all of the reviewed anti-spyware software, both paid and free, together in the same group.
Not all software is created equally, but it's not like we have to remind you of that. Users, of course, can expect enhanced capabilities to be available in software that they pay for, when compared with freeware.
In keeping with our mission, we're proud of the fact that we're able to provide free anti-spyware software to our consumers. And we know that even our free software tests in the same top range as some software that you have to pay for.
In the performance rating listed in your own article, Ad-Aware SE detected 5% more adware and spyware than the product ranked ahead of it, CounterSpy. Not only that, but Ad-Aware SE disinfected 10% more adware, and 25% more spyware than CounterSpy. It also did the best job, out of all of the software reviewed, of detecting malware samples.
In the full review, Ad-Aware SE Personal was called a "crippled program", because it doesn't have real time scanning. We don't market our Ad-Aware SE Personal freeware as having real-time scanning, and never have. If you want a fair competition, why not test our paid product, Ad-Aware SE Plus, which, by the way, has real-time scanning?
Sorry PC World, we just don't understand.
Ranking and Price List, according to "Spyware Fighters":
*Ad-Aware SE Plus, which offers real-time protection, is available for $26.95.
New Targets in Detection [September 2006]
TAI - Threat Assessment Index