Lavasoft News - April 2007

Editorial graphic

Thank you!

We at Lavasoft want to thank all of you eager beta testers, hundreds of thousands of you, who have downloaded Ad-Aware 2007 and are testing, filing bug reports, and giving us very useful feedback. With so many of you interested in the new Ad-Aware before it's finished, we can't wait to see your reaction when the final product is commercially released. For all the details on the Beta, please read our article "Ad-Aware 2007 Beta Status Report" below.

This month you can also find out how spyware is putting a major strain on business, get details on re-introduced anti-spyware legislation, learn the history of the blog, and much more.

If you want to comment on an article you see in Lavasoft News or have ideas for future stories, get in touch at editor@lavasoft.com

News from Lavasoft

Ad-Aware Beta Status Report
An overwhelming response. That is putting it lightly. The Public Beta of Ad-Aware 2007 is in its fifth week now and has attracted hundreds of thousands of beta testers the world over.

arrow Read more

Politicians Vow to Get Anti-Spyware Bill Passed
After a couple of failed attempts at getting their anti-spyware legislation passed, two members of the U.S. House of Representatives are back with a revised bill, hoping this time will be the charm.

arrow Read more

Malware's Heavy Toll on Business
PC users feel the everyday effects of spam, phishing, and spyware. But malware also affects businesses, which have to bear the financial burden brought on by the growing threats.

arrow Read more

The Rise and Rise of the Blog
The advent of the web log has turned into a cyber-explosion, as anyone and everyone is able to publish information to the masses. Find out how the blog has developed from a few meagre web diaries to a useful online tool for millions.

arrow Read more

Viacom vs. YouTube - Adding it All Up Forbes
By now we all know about the $1 billion U.S. lawsuit Viacom has filed against Google-owned YouTube for copyright infringement. Many say the case won't ever make it to court. But if it does, it could get pretty expensive for both sides. Forbes adds it up!

arrow Read more

Security Shorts
Lavasoft News has compiled a list of "security shorts" - summaries of other online security stories making news around the world this past month.

arrow Read more

Spyware Newsbits

New Targets in Detection (April 2007)
Protect your privacy with a complete list of new targets for March 2007.

arrow Read more

At the Heart of the (Malware) Issue
To those questioning the process Lavasoft uses to detect malware, please read our recent blog entry that gets to the heart of the issue.

arrow Read more

Lavasoft Blog
If you want to go behind the walls of Lavasoft, hear what we are up to, what we are thinking and what is happening in the industry, the Lavasoft Company Blog is the place to go for regular, up-to-date information.

arrow Read more

To get all news on one, printable page, click here

Home   arrow


Ad-Aware 2007 Beta Status Report

In the few hours following the release of Ad-Aware 2007's Public Beta 1 on March 6th, more than 50 000 people had downloaded it. By the time we were ready to roll out Beta Two just four days later, 330 337 people around the world had the beta on their computers! Beta Three attracted even more downloads, in the range of 350 000. There seems to be a pattern here, a pattern we at Lavasoft quite like.

Our loyal community is obviously spreading the word about the product. Search engine Technorati, which tracks the 71.1 million blogs that are out there on the web today, shows blog traffic mentions of Ad-Aware 2007 jumped significantly each time we released new versions of the beta. See for yourself on Technorati's chart.

The testers have also been busy providing Lavasoft developers with feedback on the product. And in addition to squashing any bugs found, the development team is squeezing extra hours out of the day to go in and chat with the community in our special Beta forums created exclusively for Lavasoft beta testers.

"These forums are designed as an avenue for the testers to pose questions, report issues and provide suggestions for features in Ad-Aware 2007," said Lavasoft CEO Ann-Christine Ĺkerlund. "We cannot stress enough how important the community's feedback is to us and how directly this input affects our finished product. Thank you."

What else is new at Lavasoft?

The Lavasoft Security Center is being overhauled by our web development and research teams and when re-launched later this summer, will be much more interactive. Along with featuring a new spyware tutorial section, one of the major highlights will be an incentive program offered to those who take the time to submit so-called "nasties" to us.

Lavasoft's Security Center Director, Christopher Allansson, says he wants to reward the users who engage themselves in the research process.

"Just as the beta testing community is key to the development of the new Ad-Aware product, the international team of volunteers that files reports to research helps keep the standard of our current product so high," said Allansson. "Without our volunteers we could not keep reporting at the pace we do."

The Lavasoft website will also feature a centralized log-in system in the near future so users will no longer have to keep track of several different passwords. One log-in will grant access to the entire site, including both the Support and Security Center. Look also for our Lavasoft blogs to be available via RSS feeds.

Stay tuned.

If you are still interested in beta testing Ad-Aware 2007, it is not too late! Register today in the Lavasoft Security Center. Once you get your password, log in and download the latest version from our main Beta Page. New versions will be released on a regular basis to ensure that we are getting updates and fixes out to all of you in the beta community immediately so that you are working with the most up-to-date information.

See you in the Beta Forum!

Malware's Heavy Toll on Business

Businesses are increasingly being targeted in cyber-thieves' stealthy attacks, with the toll running the gamut from lost productivity to heavy financial burdens.

According to the United States Federal Bureau of Investigation's Computer Crime Survey, released in 2006, approximately 79 percent of all enterprise PCs in the U.S. are infected with some form of spyware at any given time.

All signs indicate that the problem will continue to escalate unless businesses practice better preventative security measures. Reports from Gartner predict that by 2008, 40 percent of organizations will be targeted by "financially-motivated cybercrime."

"The education for companies about cyber security and the types of threats out there are not being communicated effectively to executives and employees," said Ken Hamilton, president of Total Tech LLC, a technology consulting firm that helps companies use technology to secure and improve their businesses, in a Daily Transcript article.

"They do not understand what a negative impact that threat can have on the company and its employees in terms of placing assets at risk, including intellectual property, competitive information, employees' personal files and customer information."

Compromised data can result in serious repercussions for businesses, but the financial costs of attacks are just as staggering.

Large American organisations are losing an average of 2.2 percent of their annual revenue, which amounts to more than $30 million U.S., to security attacks, according to an Infonetics report on the cost of network security attacks.

Big business is not alone in feeling the heavy toll of security attacks. Small and medium-sized organizations lose about half a percent of their annual revenue to network downtime brought on by security attacks, which runs up to hundreds of thousands of U.S. dollars.

The types of security risks vary depending on the size of the business. Large organizations face denial of service attacks and server malware, while medium-sized companies are hit mostly with client malware. Small businesses are affected across the board by all three types of attacks, Infonetics reported.

And the attacks on business are so pervasive due to the varied types of threats out there.

"The entire IT infrastructure is vulnerable. The network only enables the hacker by providing the avenue of attack. Web applications are vulnerable to business process hacking. Credit agencies, export-import and financial transaction sites have all been hit by attackers who purchase limited access and then abuse the underlying business logic to steal more information than they paid for. Employees are vulnerable to social engineering attacks and bribery that could lead to stolen IP and personal data," Richard Stiennon, CMO of Fortinet, said in an interview with Moneycontrol.com.

While most organizations are working at beefing up security in this age of malware, many remain complacent. Stiennon said most of the remedial steps are taken only after a company has actually suffered an attack.

Businesses, like home users, need to be proactive in having tough security measures in place before attacks occur. Virus scanning for e-mail, protecting wireless networks with encryption, having clear policies in place for employee web use, as well as having top-notch anti-spyware software, are all critical.


Politicians Vow to Get Anti-Spyware Bill Passed

The so-called Spy Act (Securely Protect Yourself Against Cyber Trespass) overwhelmingly passed in the House in 2004 and 2005, but died in the Senate both times. The latest effort, which features a revised, more hard-hitting bill, is headed by Representatives Edolphus Towns and Mary Bono. The two politicians tabled the bill to the House Energy and Commerce subcommittee focused on consumer protection issues in mid-March.

The new Spy Act imposes strict regulations on what types of actions software is allowed to perform. It would be against the law to "take control" of a user's computer, to collect personal data through keystroke loggers, and to modify one's Internet settings. The bill would also prohibit the gathering of information about a user or his/her behavior without consent. There would, however, be certain exemptions like Web cookies.

Bono, one of the author's of the Spy Act, told CNET she "didn't really have a problem with cookies...because anyone with a slight degree of sophistication on the Internet knows how to delete the cookies. That's not hard to do."

A trade group representing online advertisers has a problem with the part of the bill prohibiting information collection without prior permission from the user. The Interactive Advertising Bureau (IAB) testified against the bill in a Congressional hearing, calling the exemption to cookies "too narrow."

"The bill could prohibit certain types of advertising technologies, including cookies or Java scripts of the future," said Mike Zaneis, IAB's VP for Public Policy.

The Federal Trade Commission, which has brought several spyware enforcement cases to court, has in the past complained of the inability to levy large fines on spyware creators. In the re-written Spy Act, the FTC could seek fines as high as $3 million U.S.

Another spyware bill, one that calls on penalties of up to five years in prison and major fines, has also been tabled in an attempt to curb spyware activities.

I-Spy, or the Internet Spyware Prevention Act, is very different from the Spy Act in that it does not define illicit software; it would make it illegal to copy computer code on a machine without authorization if it revealed personal information about a user or put the PC's security at risk.

Representatives Zoe Lofgren and Bob Goodlatte reintroduced I-Spy in March, which actually passed the House on a 395-1 vote back in May 2005, but also died in the Senate weeks later.

In a statement, Lofgren said the bill would protect Americans from Internet crime without disturbing software development.

"Spyware has become a plague for computer users, and Congress must address the mounting negative impact that it is having on our economy. Americans should not be afraid to use the Internet," said Lofgren.

The bills are now in the hands of the U.S. Senate. The question is, will this time be a charm or three strikes and they're out?

What are your thoughts on anti-spyware legislation? Will it deter future spyware authors? Weigh in at editor@lavasoft.com.


The Rise and Rise of the Blog

Blogs, or at least the basic premise of user-generated journals, have been around since the Internet's early days, but they have steadily been picking up force to become a dynamic part of the World Wide Web.

The growth and influence of user-generated content on the Internet, like blogs, videos, and social networks, is creating a shift in the balance of power from institutions to individuals, according to Time magazine, which selected the Person of the Year for 2006, "You," on this assertion.

"It's about the many wresting power from the few and helping one another for nothing and how that will not only change the world, but also change the way the world changes," Time's Lev Grossman wrote in the U.S. magazine.

That is what the millions of blogs on the net today are doing. According to blog search engine Technorati, which currently tracks 71.1 million blogs, there are over 175,000 new blogs born every day, with bloggers creating 1.6 million posts per day, or over 18 updates per second.

It is hard to imagine that in the not-so-distant past, the beginning of 1999, it was possible to read all 23 "web logs" that were known to be in existence.

Shortly after Peter Merholz coined the term "blog" by breaking down the word "web log" into the phrase "we blog" in the sidebar of his Peterme.com blog, the steady growth of blogs turned into an outright explosion when the first free build-your-own blog tools were launched.

"The Web enables people to connect with others who share their interests - whether that interest is shared by only three other people, or by 3000. Easy- to-use software has made posting to the Web as easy as sending an e-mail. As a result, millions of people have chosen to take their personal passions to the Web…" Rebecca Blood, author of "The Weblog Handbook: Practical Advice on Creating and Maintaining Your Blog," told Lavasoft News.

Today it seems that everyone – from corporations to mainstream news organizations to experts of all shapes and sizes – use blogs for hobbies or professional tools. However, they still follow the basic characteristics of the original Internet aficionado blogger, sifting through the vast flows of information on the web in order to highlight something newsworthy or bring to light an alternative perspective from the mainstream media.

Blogs can provide users with access to "pre-surfed" information, as blog editors pick out the tidbits of information that they find most interesting, and highlight those tidbits for their readers, Blood notes in her article "Weblogs: A History and Perspective."

"It certainly can be useful to have a daily digest of all the relevant news in an area, and blogs are perfect for that," Blood said.

This can be especially valuable when blogs focus on a specific issue, like security. Whether it's a mainstream IT news organization's blog or your favorite security pro's postings that you regularly browse, blogs are an effortless way to stay current on the news in the quickly changing fields of IT and cyber-security.

But there is no exception to surfing with caution when it comes to blogs.

In late February, a new variant of the Storm worm targeted blogs and forums, propagating itself through links in posts that directed users to a malicious website in order to compromise computers. Another recent attack involved hackers injecting exploit code into downloadable software for Wordpress, a popular blogging service.

As online attackers up their social engineering tricks with schemes targeting blogs and bloggers, security precautions are key.


Security Shorts


Guidelines for Anti-Spyware Makers Finalized

The Anti-Spyware Coalition, of which Lavasoft is a member, has finalized a new set of documents designed to provide vendors with guidelines in their development of anti-spyware software. The “Best Practices” documents were released in January, but readers were given one month to offer feedback. Read the documents in their entirety on ASC’s website.

Read more


China Becomes Home of the Botnet

The world’s most populated nation is also the world’s botnet epicenter. China has pushed Britain out of top spot, hosting the highest number of compromised, zombie computers. According to a new report by Symantec, China accounts for 26 percent of all bot-infected PCs; the city of Beijing alone has just over five percent.

Read more


ID Theft Rampant in NY &anp; California

Residents of New York City and Los Angeles are more likely to be victims of identity theft, according to a new study by an American fraud security firm. ID Analytics found that the states of New York, California and Nevada have the highest incidence of attempted ID theft, compared to Wyoming, Vermont and Montana, which have the lowest rates. Urban areas had higher fraud rates. Read why at Reuters.

Read more


Anti-Scam Scam Makes the Rounds

Security firms are warning of the latest phishing scam which uses new bait to lure its victims – other phishing scams. E-mails claiming to be from the Anti-Scam Department of the British Secret Intelligence Service have been “warning” computer users that they may have been victims of a scam and encourage them to reply with their personal details, offering free investigative services.

Read more


Possible Hole in IE7’s Phishing Filter

Microsoft is investigating a possible hole in Internet Explorer 7 that could aid the creators of phishing scams. An Israeli developer writes on his website that cyber crooks can actually use an error message displayed by the browser to send surfers to malicious websites disguised as trusted sites. IE 7 on both Windows Vista and XP are reportedly affected. (Microsoft had not provided a security patch at the time of publication).

Read more


Mapping out Risky Domains

One in 10 websites that end in .tk, the domain for the island of Tokelau, either spread malware or warrant a warning due to pop-ups. Security firm McAfee has mapped out where it is safe to surf the web and where it is risky. It looks like domains ending in .gov are the safest on the Net. The riskiest large country domains are Romania (.ro) and Russia (.ru); they are also the most likely to host sites that try to exploit security holes in web browsers.

Read more

 
Free Registry Booster Scan from Uniblue. The scan will remove a limited number of errors on your PC. To remove all errors, Registry Booster can be purchased for $29.95 (get System Tweaker as a bonus).
Net Stats
The world generated 161 billion gigabytes of data in 2006, according to a new study by technology research firm IDC. That is 3 million times the information in all the books EVER written. Or picture this - 12 stacks of books that each reach from the Earth to the sun. That is a good chunk of photos, videos, e-mail, web pages, instant messages, phone calls, and other digital data.
Source: IDC, AP
Polymorphism
Term of the Month
Polymorphism is a term often used today to describe 'morphing' malware. The spyware application uses a rudimentary form of polymorphism to randomize files, names and registry keys so each infected PC contains a slightly different version of the program. Read the 'computer science' definition of polymorphism at Wikipedia.
Tech Tips
If you cannot save attached files to your PC, your e-mail client may be configured to stop you from opening file attachments of a certain size or type. This is set for security reasons. If you are using Outlook Express, open the Tools menu and select Options. Click the Security tab, deselect the Do Not Allow Attachments To Be Saved Or Opened That Could Potentially Be A Virus option, and click OK. Be sure to scan the saved file for malware before opening it!
Ballot Box Poll Results
Here are the results from our latest Lavasoft.com Ballot Box poll:
How well do you read EULA's (End User License Agreements)?
I read in detail :789
I scan the text :2593
I accept without reading :5772
Go to Lavasoft.com and take our latest poll: Do you know what pharming is?
Helpful Homepage
There are countless rogue/suspect anti-spyware products and websites out there trying to fool PC users today. Lavasoft News found a great webpage listing a good number of these, including screenshots. Educate yourself at Spyware Warrior!
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com
Page footer
http://www.lavasoft.com http://www.lavasoft.com