Lavasoft News - December S2006

Editorial graphic Welcome to December – a hectic month often filled with stress when it should be a time to reflect, spend quality time with loved ones, and just be jolly. 'Tis the season, right? Well, at Lavasoft we have reason to be jolly this holiday season as a new era awaits us. The arrival of Ad-Aware 2007 is just around the corner. Until then, Lavasoft News will keep you entertained and educated with news on holiday shopping scams (and how to avoid them), the push for anti-spyware legislation and the year’s top security vulnerabilities.

Happy Holidays from all of us at Lavasoft News!

Tell us what you think at

News from Lavasoft

'Tis the Season to...Get Scammed
The holiday season marks the perfect occasion for cyber criminals the world over to prey on online shoppers looking for gifts for their loved ones.

arrow  Read more

Call for Consensus Anti-Spyware Legislation
The rise of spyware, malware, and other Internet maladies is strengthening the fight to protect our privacy and personal information. However, current regulations may not be enough to deter cyber criminals or bring about real change for computer users.

arrow  Read more

Zero-Day Attacks Top Year’s Threat List
The surge in zero-day attacks and exploits of Microsoft Office are the two key threat trends for 2006, according to the trusted SANS Institute’s annual report on Internet security.

arrow  Read more

Passwords: One Piece of the Privacy Puzzle
Most computer users know about anti-virus,anti-spyware, anti-spam and firewall software to protect their online information. But how often do we overlook one of the most basic forms of cyber security - passwords?

arrow  Read more

Spyware Shorts
Lavasoft News has compiled a list of "spyware shorts" - summaries of other spyware stories making news around the world this past month.

arrow  Read more


Spyware Newsbits

New Targets in Detection (November 2006)
Protect your privacy with a complete list of new targets for November 2006.

arrow  Read more

Lavasoft Takes on Codec Challenge
Lavasoft has released a special edition of the Definition File database that contains over 5,000 codec variants. Read our Press Release here for more details.

arrow  Read more

Another Award for Ad-Aware SE
Softpedia Award Logo

SoftPedia has awarded Ad-Aware SE Personal 1.06 with 5 stars and the SoftPedia Pick Award. See the entire product review here.


’Tis the Season to…Get Scammed

Like millions of others, Dawn Karlsson in Gothenburg, Sweden, regularly makes online purchases with her credit card, but this holiday season she will be stepping foot in the stores instead.

Karlsson’s credit card details were stolen, she thinks, via a so-called "safe" retail website. An investigation is ongoing to find out how thousands of Swedish kronor were racked up on her card in Spain.

"I have lost total faith in online purchases and will not be giving my card number out to anyone online again," Karlsson told Lavasoft News.

With an updated system, especially anti-spyware software and a firewall, shoppers like Karlsson are much better prepared to tackle the season's malware challenges. Still, shoppers everywhere are being urged to be extra vigilant this month as cyber criminals gear up to launch organized, large-scale attacks. And it is a big group for these hackers to sink their teeth into.

Consumer Reports predicts that a record 50 per cent of all shoppers will use the web for at least one purchase this holiday season. More than 100 million Americans alone are expected to get their gifts online in 2006.

"Identity fraud picks up during the holidays because that's when the credit-card companies have to turn off their monitoring software that flags suspicious transactions," said Todd Davis, an IT-theft prevention expert at LifeLock Inc. "There are still some triggers the software will catch, but the companies cut it way back - otherwise the system would crash, because there are so many transactions during the holidays."

The holiday shopping season provides the perfect scenario for hackers to use spyware, keyloggers and phishing techniques to steal passwords and private information from shoppers. Fake websites that impersonate real companies or offer fake products and services are a popular choice to lure victims this year.

Here is how to avoid being a victim:

  1. Be prepared. Make sure your PC is free from any viruses or spyware before you make an online transaction, and as you’ll see in this month’s Tech Tips, it is wise to have the latest security updates from Microsoft (assuming you have a Windows machine).

  2. Do your research. The smartest shoppers will stick to mainstream retailers or well-established e-tailers, but you can always look up unfamiliar sites at the Better Business Bureau (,, or to check the company’s ratings.

  3. Know your options. Your regular credit card is not the only method of payment available out there. There are credit “gift” cards that can be bought at many banks and retail outlets in which you specify the amount you want on it, use it once and then throw it away. Paypal is also an option, but there are many phishing scams out there right now using fake Paypal pages, so be careful.

  4. Security is key. Look for signs that your online purchases are secure. When providing your payment details, the URL should change from http to shttp or https, indicating the information is being encrypted. Your browser might also indicate a key turning or padlock closing, which means the site is secure.

  5. Use your common sense.

Safe shopping!


Call for Consensus Anti-Spyware Legislation

The news that Zango, Inc., one of the world’s largest distributors of adware, settled the U.S. Federal Trade Commission’s (FTC) charges that the company violated federal law by using unfair and deceptive methods to download adware, was a clear victory in the fight against spyware. But the results of the settlement show the limitations of current legislation in deterring spyware vendors, and the challenges that lie ahead in protecting consumers’ privacy.

Just days after the announcement, FTC Commissioner Jon Leibowitz urged the U.S. Congress to give the agency expanded authority to impose civil fines on distributors of hidden spyware.

"The civil penalty authority Congress granted us in the (anti-spam law) gave our anti-spam efforts real teeth. Sadly, in spyware cases, we don't yet have that authority," Leibowitz said. "Right now, all we can get is disgorgement of profits, but we can’t fine the malefactors at all. What kind of deterrence is that?"

Doubt is also being cast on Zango’s adherence to the settlement. Spyware researcher Ben Edelman told Lavasoft News that Zango has not reformed its ways.

"If Zango were to comply with these requirements, in full, users would far better be able to understand what Zango does, and to decide whether or not they want it. Unfortunately, Zango is not in compliance with this settlement. Installations remain, some of them surprisingly widespread that do not do what the settlement requires," Edelman said.

The consumer advocacy group Center for Democracy and Technology (CDT), who in January filed a complaint with the FTC against Zango for deceptively distributing adware to millions of people, hailed the win as a benchmark in the fight against spyware.

"This is a landmark settlement, and one that sends an important message to companies that have built their businesses on the backs of Internet users without any concern for what those users want," said Ari Schwartz, Deputy Director of the CDT, in a press release.

As part of the settlement’s terms, future downloads of Zango’s adware without consumers’ consent are banned; it is required to provide a way for consumers to remove the adware, and must give up $3 million in ill-gotten gains.

The CDT believes the precedents established in this case could vastly improve the Internet experience for millions of users. But it is uncertain if precedent alone is enough to bring about change.

"If Congress really wants to enhance consumer protection in the next decade, it needs to come up with a consensus anti-spyware law that gives us the authority to penalize the purveyors of spyware who cause so much consumer harm," Leibowitz said in his speech.

Under current U.S. law, the FTC can go to court and ask that a company be made to give up ill-gotten profits, but cannot impose additional, civil fines.

Increased anti-spyware legislation has been initiated in the past few years without making a final passage through Congress. Critics have voiced concerns that such laws would define spyware too broadly, perhaps outlawing legitimate software downloads.

"I've never been much concerned about overbroad anti-spyware legislation, because the bills I've looked at just haven't had the problems their critics have claimed. Some advertising companies seek blanket authority to do what they wish to users' computers, but that's just not appropriate, and some of the proposed legislation rightly would not allow that," Edelman told Lavasoft News.

Edelman shares Leibowitz’s view to do more, but takes a different approach. He says he would begin by seeking further disgorgement from spyware vendors. "The FTC is entitled to full disgorgement of Zango's profits attributable to its past and ongoing prohibited business practices."

Edelman says Zango’s profits far outweigh the $3 million dollar settlement the company is due to pay back.


Zero-Day Attacks Top Year’s Threat List

Zero-day attacks (see definition under “Term of the Month”) have evolved from an abstract phenomenon to a regular occurrence in everyday applications.

The SANS (SysAdmin, Audit, Network, Security) Institute’s list, formerly called the Top 20 Security Vulnerabilities, was renamed the Top 20 Internet Attack Targets this year to better explain the nature of threats now faced.

The report states that vulnerabilities in Microsoft Office have tripled from a year earlier, with 45 serious or critical exploits found in the suites. "And about 20 percent of those were zero-day vulnerabilities. The striking thing is that users can get compromised by simply viewing malicious Office files," said Amol Sarwate, a collaborator with SANS on its list. "Hackers have shifted their targets to common users, and away from servers administered by sophisticated users."

Some of the usual suspects like Internet Explorer browser, Microsoft Windows and web applications make SANS’ list this year, but new technologies are posing big risks as well.

Voice-over-Internet Protocol, or VoIP, is something researchers are keeping a close eye on. Attackers can actually intercept and sell company meeting minutes, add misleading messages or create massive outages in the traditional phone network.

"VoIP systems are a front door into a program that runs entire phone systems. Attackers can exploit VoIP to change what you hear and can cause huge outages,” says Allan Paller, research director at the SANS Institute.

The organization says that along with exploiting security vulnerabilities for the purpose of information theft, Internet criminals are honing in on military and other public systems in the U.S., U.K., and Canada with increased spear-phishing attacks, e-mails designed to look credible.

These kinds of attacks also explain why “human error” also made it onto the top 20 for the first time ever. Users continue to open these messages and click on links that expose their computers to criminals around the world.

Paller warns that cell phones and appliances like digital printers will be the next technological targets.

Read the entire SANS Institute list here.


Passwords: One Piece of the Privacy Puzzle

In our technology-centered world, passwords are used to secure everything from bank accounts to cell phones, not to mention computers. Developing strong passwords is a necessary way to protect private cyber information, but exactly how to do this is up for debate.

Should we create strong, complicated passwords that we can’t remember, but need to write down - whether it’s stored on paper or electronically - widening the security risk of them being accessed by another party? Or should we use passwords that are simple enough that we can commit them to memory, but increasing the risk that they can be more easily cracked?

There is no exact science for creating strong passwords. Conventional wisdom from security professionals can help to set a few basic guidelines.

The pros advise that you should never simply use words that are found in a dictionary. Instead, mix characters and numbers in a way that is memorable to you.

When selecting numbers, do not choose ones that may be personally identifiable to you; your birthday, Social Security number and phone number are off limits.

Always use different passwords for accounts that involve monetary transactions. The only thing worse than having one account cracked into, would be to have all of your accounts cracked into. It is also a good idea to change your passwords regularly.

It is not easy to follow these rules, and try to commit passwords to memory. The rampant use of little yellow Post-it notes, cluttering all of our desktops or jammed into our wallets is a telling sign of this.

Keeping passwords secure at the office is not any simpler, and may have larger implications.

According to a recent study by Nucleus Research and Knowledge Storm, one in three workers undermines company security by writing down computer passwords.

Technological shortcuts lie in more advanced methods like biometrics, smartcards, and even password management software, which are all available options, especially for companies looking to ease security risks.


Spyware Shorts


'Spyware' Tops Search Charts

The term ‘spyware’ has trumped web search favorites like ‘poker’ and ‘Pamela Anderson’. Web portal Lycos reports that ‘spyware’ took top spot in search requests in late November, jumping 105 percent from a week earlier. ‘Spyware’ generated more than 80 percent more search activity than ‘Pamela Anderson’ in the number two slot.

arrow  Read more

US Top Spam-Sending Nation

The United States spit out more than one-fifth of the world’s spam in the third quarter of 2006. A security firm says the increase can be due to the emergence of more than 300 strains of the mass-spammed Stratio worm. After the U.S., which accounts for 21.6 percent of relayed spam, come China, France, South Korea and Spain. The security firm also says most unsolicited e-mails are now sent from zombie PCs.

arrow  Read more

UK has Highest Spyware Rate in EU

A recent survey shows that Britain has the highest spyware infection rate within the EU at 89%. A follow-up survey of UK respondents showed that males between the ages of 18 to 29 have the highest risk of having their PC infected with spyware due to risky online behavior, like opening instant messages, downloading files, and visiting adult entertainment sites.

arrow  Read more

Wikipedia Targeted

A booby-trapped page of German Wikipedia that offered a patch for a new version of an old malicious worm, Windows Blaster, was found to infect computer users with a new Windows virus instead of fixing the problem. The malicious hackers then sent out a German-language spam e-mail, made to look like it came from Wikipedia, directing people to visit the page. Wikipedia quickly responded, and deleted the article.

arrow  Read more

End of Spyware Op

A U.S. district court has ordered ERG Ventures, and one of its affiliates, to stop distributing what the Federal Trade Commission (FTC) calls deceptive and unfair software downloads. The operation will also likely be ordered to give up any ill-gotten gains from the program that was installed on millions of computers. The FTC charged the operation with tricking consumers into downloading free software like screensavers and videos, bundled with spyware and malware from a program called Media Motor.

arrow  Read more


Spyware Newsbits

Name Description
AntispywareSoldier The user can download this rogue anti-spyware program at But it often comes bundled together with malicous downloaders on other homepages. AntispywareSoldier’s spyware detection is false, and may show false positives just to swindle the user into thinking it’s a trustworthy program. The uninstaller is non-functioning.
AntiVermins AntiVermins is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. If the user restarts the computer, AntiVermins automatically scans the user's harddrive and the software runs on all user accounts.
DeluxeCommunications DeluxeCommunications is formerly known as SurfSideKick. It will install itself as a Browser Helper Object. DeluxeCommunications tracks surfing habits and may also cause system instabilities.
PestCapture PestCapture is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it’s a good program that removes viruses. Alert warning "pop ups" try to entice the user to buy PestCapture software. If the user restarts the computer, PestCapture automatically scans the user’s harddrive and the uninstaller will not function.
SpyDefence SpyDefence is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it’s a good program that removes viruses. Alert warning "pop ups" try to entice the user to buy SpyDefence software. If the user restarts the computer, SpyDefence executes and the uninstaller will not function.
SpyHeal SpyHeal is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. If the user restarts the computer, SpyHeal automatically scans the user's harddrive.
SpyNoMore SpyNoMore is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it’s a good program that removes viruses. SpyNoMore is installed on all accounts and when the user restarts the computer it will automatically run itself during startup.
SysProtect SysProtect is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses, but the software uses false positive detections to trick the user into buying the commercial version. If the user restarts the computer, SysProtect automatically scans the user's harddrive.
Webalize Toolbar Webalize Toolbar distinguishes itself from other toolbars. It contains a technical report which stores information about the user’s surfing habits. The surfing report is stored in a .txt document. Webalize Toolbar installation does not include any license agreement or privacy policies.
Win32.Backdoor.PcClient Win32.Backdoor.PcClient contacts a HTTP domain to receive backdoor commands. The malware creates a TCP stream towards the host computer and synchronizes with a suspicious HTTP domain. All users with a HTTP connection will be in the danger zone if they have executed this type of malware.
Win32.Trojan.Klone Installs new files and suspicious processes run in stealth for the user. License agreement and a functional uninstaller do not exist.
Win32.Trojan.MatrixHasYou Win32.Trojan.MatrixHasYou is a set of downloaders, mail spam bots, rootkits, fake alerts and desktop hijackers. It also downloads other malware such as Pesttrap. After clearing with Ad-Aware SE we strongly recommend you seek further help in the Lavasoft Support forums:
Win32.Worm.Warezov Win32.Worm.Warezov is a worm that spreads through e-mail. When infecting a new computer it will scan it for e-mail addresses and then mail itself to those addresses. It may also alternate your host file to block you from accessing certain web sites.


TAI - Threat Assessment Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.


Threat Analysis (TA) Index

Quick Buy: Ad-Aware SE Plus, Professional & Enterprise *offer ends 31/12/2006
In the spirit of giving this holiday season Lavasoft is giving you 15% off all Ad-Aware SE products – Plus, Professional and Enterprise – the entire month of December. Take advantage of this merry deal and keep yourself and your loved ones spyware free!

* Please enter the following coupon code to retain your rebate: zz46tv12x8c

Holiday Shopping Stats
American consumers will spend more than $32 billion in holiday Internet purchases this year.
Source: Jupiter Research

As many as 12 million people could fall prey to ID theft in some form – 40% of them between mid-Nov. and Jan.1.
Source: LifeLock Inc.

Trojan horse

Term of the Month
A zero-day attack is a virus or other exploit that takes advantage of a newly discovered hole in a program before the developer has made the fix available, or sometimes even before they are aware the hole exists. "Zero-day" is the day you open the virus-infected e-mail or get hit by a drive-by download because the anti-virus or anti-spyware software you keep up-to-date knew nothing of the attacks.
Read more at Wikipedia here.

Tech Tips
Attention Windows Users: If Microsoft Windows is your main operating system, be sure to visit Microsoft Security Updates and stay on top of all of the security patches that Microsoft releases on a monthly basis. Ongoing Microsoft vulnerabilities underscore the need to:

1) Regularly update your operating system with the latest patches, and

2) Maintain active virus, hacker, spyware and other identity theft protection.

Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg

Page footer