Lavasoft News - November 2006

Editorial graphic Ever get the feeling that all the news you read is bad news? Even Lavasoft News can be a little overwhelming at times because we write stories about how widespread online crime has become and tell you about all the latest threats, but keep in mind we are always just trying to educate you, the user, about spyware. This month, we have some lighter, feature stories for your enjoyment. Read about a Canadian university teaching the inner workings of spyware, find out about a few good cyber citizens taking a bite out of online crime, get the background information on our new-and-improved Lavasoft website, and more.

Some of you have expressed interest in a larger font size for the newsletter. The mail out version will have the same size as always, but you can increase the text size in our online version here.

Tell us what you think at

News from Lavasoft

Controversy Surrounds Upcoming Vista Release
Microsoft has answered calls from the security industry, promising to make changes to its upcoming, controversial Vista operating system.

In mid-October, Microsoft decided it would give security software makers access to the kernel, the central core of its 64-bit versions of Windows Vista, and make it possible for them to disable certain parts of the Security Center when a third-party security console is installed.

The move came after security firms like McAfee and Symantec took their complaints to the media. McAfee went as far as publishing a full-page ad in the Financial Times slamming Microsoft for locking out third-party security firms from its built-in security system for Vista, and accusing the software giant of creating an unfair advantage for its own products.

Anti-trust concerns were also brought forth by the European Commission, who became involved in the debate after fining Microsoft 497 million Euros back in 2004 for anti-competitive behavior.

Microsoft says its PatchGuard technology was designed to prevent kernel attacks on Vista, and until recently, the company insisted any access from third-parties to the kernel would hurt the stability and security of Windows.

Microsoft changed its tune on October 13th issuing the following statement, "We have committed to create a new set of APIs that will enable third-party security products to access the Windows kernel in a secure manner."

The software giant is also providing security vendors with a way to disable alerts sent out by the Windows Security Center if their third-party protective software is installed.

"Microsoft's decision here is definitely a step in the right direction." says Lavasoft CEO Ann-Christine Åkerlund. "Customers need to be able to choose what security solution is best for them personally."

Vista is the much-anticipated, long-awaited successor to Windows XP. It is scheduled for release to big business in November and the general public in January.


Spyware School at Canadian University
When the University of Calgary introduced its virus/malware course in the fall of 2003, news of it spread like spam.

Many in the security industry questioned why the Computer Science department would encourage its students to design and write viruses. They wondered if these future IT professionals would use their knowledge to do more harm than good.

Professor John Aycock has always stressed that hands-on learning is the best way to teach and does not see a threat to the security industry.

"Just the opposite: this is a huge benefit to the security industry," he tells Lavasoft News. "Imagine hiring people out of university who have a deep understanding of threats and how to counter them. The savings on training alone would be considerable."

After teaching the malware/virus course for a couple of years, Aycock realized there was plenty of material to add a full course on spam and spyware, both major problems for computer users today. In the fall of 2005, students began learning how to write spyware and the tools to send and propagate spam. The course was the first of its kind in the world.

The research conducted anticipates, rather than follows, the next move of spyware and spam writers. Students test computer programs that mimic or anticipate potential threats in an effort to better understand their inner workings and mount a defense. All this is done in a secure environment.

Restrictions for entry into these courses are tight. Along with meeting certain ethical requirements, a subcommittee reviews the academic record of each applicant. All students must also sign an agreement that any misuse of the information in the course can lead to course failure and even criminal prosecution.

There may always be critics, but Aycock likes to focus on the positive. "Regardless of opinion about the courses, I'd say that we've become a part of the anti-virus landscape after this many years. The reaction from anti-spam companies has definitely been more positive from the outset," he says.

Security providers like Lavasoft, the makers of Ad-Aware SE anti-spyware, think it is a brilliant way to teach.

"The hands-on approach is the only way to teach in this business," says Christopher Allansson, Manager, Lavasoft Security Center. "I would definitely hire a graduate of this program knowing that he or she knows the inner workings of spyware, both how to implement it and reverse it. A person like that would be invaluable to us."

The first graduates of the program hit the job market last spring and so far, the reaction has been positive. Some students are working in the security and defense industry, while others are doing graduate research in security.

The U of C Computer Science department shows no signs of slowing down. A research chair in security has been hired, an undergraduate concentration in information security has been added and more faculty and computer security courses are in the works.

Read more about the school and the department here.


Creating Safe Space on Social Networking Sites
Social networking sites are known as hangouts for online teenage gossip. But as these sites develop in number and variety, they are growing increasingly popular among computer users of all ages, and are prime targets for online crime.

According to a recent study by CA and the National Cyber Security Alliance (NCSA), nearly half of those using social networking sites are adults, half of them over the age of 35.

A quick search shows the vast array of choices available: from Decayenne (a community for young adults of "high social standing") to Vampire (a community for the "gothic-industrial culture") to Eons (the "first site to target the 50-100 age group").

One of the most popular websites on the Internet, MySpace, reportedly weighs in with over 100 million accounts, and 230,000 new registrations per day.

With those statistics, it is no wonder that all the major online vendors (Yahoo, Google, Microsoft, MSN, and AOL) are pursuing online social networks.

Still, the security threats produced from these sites have been raising red flags across the board.

"As social networking use continues to increase in popularity, it is imperative that people take steps to safeguard their information at home and at work," said David Luft, CA senior vice president of Product Development, in a recent SecurityProNews article.

As far as children and teenagers are concerned, this means educating them to be aware of the dangers that may be lurking online. Legislative action is also beginning to take shape.

If enacted into law, the Deleting Online Predators Act would prohibit U.S. schools and libraries that receive federal funds from providing access to commercial social networking sites and chat rooms.

Preventative measures that adults can take include being cautious about the personal information that they make accessible, being careful of what they download, and using security software.

According to an August report from the web security company ScanSafe, up to one out of every 600 profile pages on social networking sites host some form of malware.

Internet companies have begun using tighter privacy controls in order to allow people to keep communicating online, without fear of giving out personal information.

Six Apart, producer of the social networking and blogging site, LiveJournal, has a new web publishing system, Vox, which allows users to control who has access to their messages and pictures.

"Obscurity isn't enough," said Mena Trott, co-founder of Six Apart, in a recent Reuters article. "You need to have the features to say, 'I only want these (specific) people to see this'."


Netting Phishers at the Grassroots Level
Not all good deeds go unnoticed.

We are taking notice of a few Americans being good cybercitizens. They are trying to put a dent in fraudulent e-mail scams, called phishing, that attempt to steal your personal data.

Yes, there are working groups like trying to net the problem, but they are more geared toward business. Some are doing it at the grassroots level.

Steven Peisner spends a few hours a day calling victims of these scams and reading out their stolen information, like credit card account details and Social Security numbers. He pours through cybercrooks' forums looking for the names of victims whose personal information is for sale online. As phishing continues to escalate, warning victims over the phone is the safest way.

"We need to take control of the situation," Peisner tells USA Today. "The police have their hands full with these types of cases. It's up to consumers like me to take action."

Peisner does not profit from his advice to consumers but does sell his company's services to businesses via his website,

Over the past four years, former insurance claims supervisor Betty Ostergren has found 18,000 Social Security numbers posted on public government websites.

Another woman in the United States, Janice Forster, started up her own website called which educates consumers about online ID theft. She has mailed hundreds of letters to phishing victims alerting them to their personal information online.

A University of Washington graduate also launched a website in the hopes of catching some phish. David Ulevitch's is a self-described anti-phishing community where anyone can submit examples, track them and share information about them.

Ulevitch says his site is a form of community policing. "We've had people compare it to a neighborhood watch, something like that," he tells the St.Louis Post-Dispatch.

Security vendor Symantec detected more than 150,000 unique phishing messages in the first half of 2006. That was an 81% increase from the second half of 2005.

Attacks are becoming much more sophisticated as well. It is often the customers of AOL, eBay, PayPal and other high-profile companies that are targeted. Messages that used to address customers as "Dear valued (company name) member" now feature personalized name and address information. Law enforcement officials say one scam tricks customers with bogus phone numbers that require the victim to call a number to verify data; however the number is actually recording data with the intent to steal it. Often times, the stolen information winds up on cybercrime forums.

Computer users will keep on falling for phishing scams hook, line and sinker, but thanks to the good intentions of a few cybercitizens some of the victims may be off the hook before they are reeled in.


Launch of
We hope by now you have had the opportunity to visit the new-and-improved Lavasoft website, which is a reflection of both Lavasoft's mission and your individual requests. If not, make sure you visit today!

As always, we strive to create anti-spyware solutions that are simple enough for new users to understand, with the advanced capabilities that computer experts desire. The straightforward, comprehensive language we use in the new website is also based on this idea.

After receiving over 20,000 responses from our online web survey earlier this year, we have responded directly to your wishes. The tone of the new Lavasoft website is lighter and brighter. It is effortless to navigate through, well-organized, and easy to understand.

Make sure you take a look at the Product Comparison Chart, which allows you to easily identify the product features that best fit your individual needs.

Under Support, you will find the Support Center, previously known as the Customer Center, where customers can log in to quickly find everything they need, from detailed FAQs to product resources.

If you are new to malware threats or wish to brush up on your knowledge, the Spyware Education Center is a convenient way to access statistics, a glossary of key terms, and protection tips.

The Security Center, formerly Lavasoft Research, also has a new name, but still provides you with continuous solutions to the latest tough malware and spyware threats. Project Eco, with its five malware removal tools, is a testament to our security analysts rapid response to supply you the means to combat the latest hard-hitting security threats. You might also want to take a peak at our straightforward Threat Analysis Index (TAI), previously Threat Assessment Chart (TAC), to learn how we analyze threats to your security.

Launching a new website to include all of the information that millions of users rely on is no small task. With several brand new browser releases, we are paying special attention to how that affects website users. We are interested in hearing from any users that are having problems accessing information; please send an e-mail to

Be assured that we are optimizing our website at every opportunity.

"We are extremely pleased with the design of our new website, and the response from our customers has been very positive," said Michael Helander, Director of Communications and Public Relations at Lavasoft. "The focus now is on identifying and developing new features and information that we will distribute to our global network of users through the website, continuing our mission to provide privacy protection and a secure cyber environment for the over 200 million individuals that use Lavasoft software."

If you would like to be the first to receive the latest news and updates from Lavasoft, make sure to visit our Mailing Lists page, where you will find a convenient way to sign up to receive the latest Lavasoft News newsletter, press releases, Definition File updates, or product releases.


Spyware Shorts

Brokerage Firm Spyware Scams
Internet crime has spread to online brokerage accounts, with cyber crooks installing spyware on home and public computers to hijack accounts, according to the U.S. Securities and Exchange Commission (SEC). The SEC is working to investigate hackers and educate online investors on this growing threat that has the potential to affect roughly 25 percent of U.S. retail stock trades through around 10 million online accounts.

Read more

The Year of the Bug
Only three-quarters of the way through 2006, it has already proven itself to be a record year for security bugs, with a projected total of 7,500, up from last year's 5,195. Researchers maintain that the rise is due to software becoming more complex, while skills and tools to detect flaws are improving. On the bright side, there are fewer security vulnerabilities classified as high risk this year.

Read more

McSpyware Scare
McDonalds Japan was forced to recall spyware-infected MP3 players that were given to customers as part of a joint promo with Coca-Cola. The Trojan found on the free players was designed to transmit web passwords and other personal information to hackers, once the MP3 player was connected to a PC. McDonalds has apologized for the infection that may have affected up to 10,000 people, set up a helpline to sort out recall issues, and issued a statement explaining how to cleanse infected computers.

Read more

Microsoft's Customer Privacy Guidelines
Microsoft has released an internal document detailing how it protects customers' privacy, such as with their new phishing filter for Internet Explorer. The document also lays out recommendations for software developers as to how they can develop similar practices when building applications that deal with personal information. Microsoft has faced criticism in the past over a project that planned to store sensitive customer information and over an anti-piracy feature that had characteristics of spyware.

Read more

Spyware Newsbits

New Targets in Detection [October 2006]

Name Description
Adware.CashBack Installs its own client along with third-party software (that has been known to include NaviSearch and BargainBuddy). Causes frequent pop-ups to appear.
Adware.Ezurl Installs a system hook that maps keyboard strokes. May cause pop-ups to spawn, and may also send personal information to remote sites.
Adware.Sooe Uses a vb script to download additional files from a remote source, then it installs these files and makes them operate in stealth. May cause pop-ups to appear.
Anonymouse Displays advertisements to the user when surfing the web. It alters the browsing results so that all traffic is being fetched through a CGI script on the page. None of the above is disclosed to the user.
AntispywareSoldier User can download this rogue anti-spyware program at But it often comes bundled together with malicous downloaders on other homepages. Antispyware Soldier's spyware detection is false, and may show false positives just to swindle the user into thinking it's a trustworthy program. The uninstaller is non-functioning.
PestCapture A rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. Alert warning "pop ups" try to entice the user to buy PestCapture software. If the user restarts the computer, PestCapture automatically scans the user's harddrive and the uninstaller will not function.
PestTrap An anti-spyware application. The program states it will remove spyware and does not show any license agreement before installation. The user has to go through a paid registration before any spyware can be removed. Alert warnings try to entice the user to buy Pest Trap's software. If the user restarts the computer, Pest Trap automatically scans the user's harddrive.
SpyDefence A rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. Alert warning "pop ups" try to entice the user to buy SpyDefence software. If the user restarts the computer, SpyDefence executes and the uninstaller will not function.
SpyNoMore A rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. SpyNoMore is installed on all accounts and when the user restarts the computer it will automatically run itself during startup.
Toolbar.Scirus This program does not provide any license agreement or privacy policy at installation. It also installs to all user accounts without asking. May cause pop-up advertisements.
Win32.Trojan.Klone Installs new files and suspicious processes run in stealth for the user. License agreement and a functional uninstaller do not exist.
Win32.Trojan.MatrixHasYou A set of downloaders, mail spam bots, rootkits, fake alerts and desktop hijackers. It also downloads other malware such as Pesttrap. After clearing with Ad-Aware SE we strongly recommend you seek further help at the Lavasoft Support forum:
Win32.Worm.MSNMaker A worm that spreads through MSN by sending links to all MSN contacts on the compromised computer. The links point to malicious files used to compromise more computers.
Win32.Worm.Warezov A worm that spreads through e-mail. When infecting a new computer it will scan it for e-mail addresses and then mail itself to those addresses. It may also alternate your host file to block you from accessing certain web sites.


TAI - Threat Assessment Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Research site here.


Threat Analysis (TA) Index

Home  arrow

Home  arrow


Spyware Stats
81% of home computers lack core protection (updated anti-virus software, a firewall and spyware protection).

38% of home computers lack any spyware protection software.
Source: National Cyber Security Alliance

Trojan horse

Term of the Month
A Trojan, or Trojan horse, as it's usually known, is a malicious program disguised as, or embedded within, legitimate software. It is derived from the classical myth of the Trojan horse. Compared to other types of malware, like viruses or worms, Trojan horse programs cannot operate autonomously. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims.

Tech Tips
Like millions of others, you are likely being bombarded with e-mail spam. Before you report the abuse to someone's ISP or domain administration, know that the sender could actually be a victim. Worms can spoof the sender's name; sometimes even the headers can be forged. Read Mary Landesman's tips on how to look up an IP address here at

Project Eco logotype

Re-Launch of Project Eco
Whether you consider the Greek or Roman origins, the word 'Eco' means the same thing...home. It is a term that denotes where we live and the environment that surrounds us. Lavasoft is proud to present Project Eco as a testament to our strong and unwavering commitment to protecting your environment. Read more here.

Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg

Page footer