Lavasoft News - November 2006

Spyware Newsbits

New Targets in Detection [October 2006]

Name Description
Adware.CashBack Installs its own client along with third-party software (that has been known to include NaviSearch and BargainBuddy). Causes frequent pop-ups to appear.
Adware.Ezurl Installs a system hook that maps keyboard strokes. May cause pop-ups to spawn, and may also send personal information to remote sites.
Adware.Sooe Uses a vb script to download additional files from a remote source, then it installs these files and makes them operate in stealth. May cause pop-ups to appear.
Anonymouse Displays advertisements to the user when surfing the web. It alters the browsing results so that all traffic is being fetched through a CGI script on the page. None of the above is disclosed to the user.
AntispywareSoldier User can download this rogue anti-spyware program at http://www.antispywaresoldier.com. But it often comes bundled together with malicous downloaders on other homepages. Antispyware Soldier's spyware detection is false, and may show false positives just to swindle the user into thinking it's a trustworthy program. The uninstaller is non-functioning.
PestCapture A rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. Alert warning "pop ups" try to entice the user to buy PestCapture software. If the user restarts the computer, PestCapture automatically scans the user's harddrive and the uninstaller will not function.
PestTrap An anti-spyware application. The program states it will remove spyware and does not show any license agreement before installation. The user has to go through a paid registration before any spyware can be removed. Alert warnings try to entice the user to buy Pest Trap's software. If the user restarts the computer, Pest Trap automatically scans the user's harddrive.
SpyDefence A rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. Alert warning "pop ups" try to entice the user to buy SpyDefence software. If the user restarts the computer, SpyDefence executes and the uninstaller will not function.
SpyNoMore A rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. SpyNoMore is installed on all accounts and when the user restarts the computer it will automatically run itself during startup.
Toolbar.Scirus This program does not provide any license agreement or privacy policy at installation. It also installs to all user accounts without asking. May cause pop-up advertisements.
Win32.Trojan.Klone Installs new files and suspicious processes run in stealth for the user. License agreement and a functional uninstaller do not exist.
Win32.Trojan.MatrixHasYou A set of downloaders, mail spam bots, rootkits, fake alerts and desktop hijackers. It also downloads other malware such as Pesttrap. After clearing with Ad-Aware SE we strongly recommend you seek further help at the Lavasoft Support forum: http://www.lavasoftsupport.com/
Win32.Worm.MSNMaker A worm that spreads through MSN by sending links to all MSN contacts on the compromised computer. The links point to malicious files used to compromise more computers.
Win32.Worm.Warezov A worm that spreads through e-mail. When infecting a new computer it will scan it for e-mail addresses and then mail itself to those addresses. It may also alternate your host file to block you from accessing certain web sites.

 

TAI - Threat Assessment Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

 

Threat Analysis (TA) Index

Home  arrow

 

Spyware Stats
81% of home computers lack core protection (updated anti-virus software, a firewall and spyware protection).

38% of home computers lack any spyware protection software.
Source: National Cyber Security Alliance

Trojan horse

Term of the Month
A Trojan, or Trojan horse, as it's usually known, is a malicious program disguised as, or embedded within, legitimate software. It is derived from the classical myth of the Trojan horse. Compared to other types of malware, like viruses or worms, Trojan horse programs cannot operate autonomously. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims.
Source: en.wikipedia.org

Tech Tips
Like millions of others, you are likely being bombarded with e-mail spam. Before you report the abuse to someone's ISP or domain administration, know that the sender could actually be a victim. Worms can spoof the sender's name; sometimes even the headers can be forged. Read Mary Landesman's tips on how to look up an IP address here at about.com.

Project Eco logotype

Re-Launch of Project Eco
Whether you consider the Greek or Roman origins, the word 'Eco' means the same thing...home. It is a term that denotes where we live and the environment that surrounds us. Lavasoft is proud to present Project Eco as a testament to our strong and unwavering commitment to protecting your environment. Read more here.

Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com

Page footer