Lavasoft News - July 2007

Ad-aware 2007 - July 2007

The release of Ad-Aware 2007 has ushered in widespread acclaim for Lavasoft's all-new anti-spyware, from editorial reviews to customer feedback. What better time to bring you news on Lavasoft, the company that put anti-spyware on the map? Read our Lavasoft profile article for a look at the evolution of spyware, and how Ad-Aware has come to be one of its greatest foes.

Along with having the latest in our line of anti-spyware products, we cannot stress enough the importance of user awareness in order to stay out of spyware's way. Personal computer safety begins with you; a little caution really can go a long way in terms of protecting your privacy and security. In this issue of LN, you will find helpful tips on avoiding spyware, and specific guidelines for younger Web users. Also in this issue - you may have heard about the posse of spyware bills that have been making their way through the U.S. Congress, but this month read about how the European Union is stepping up its cyber crime effort.

Your feedback is always welcome at editor@lavasoft.com.

News from Lavasoft

Lavasoft: A Profile of "the Original Anti-Spyware Company"
Virtually everyone with a computer has now heard of spyware, but where and when did it rear its ugly head? Take a look at what prompted Lavasoft to begin its battle against this Internet menace, and how we stay ahead of the game to keep you protected from spyware's latest advancements.

Real Solutions for Battling Spyware
Day after day, we hear about the growing rate of malware and Internet crime, and the truth is that most of us have already come up close and personal with online scams. Get tips from the experts at Lavasoft on how you can be proactive in keeping your PC and private information secure.

Shaping the Next Generation of Cyber Citizens
Just like in the real world, kids need guidelines for how to navigate the Web. Find out what every adult needs to know about cyber space and young computer users, in order to keep the family PC secure and to set the groundwork for good online practices.

EU Urges Coordinated Effort Against Cyber Crime
When it comes to laws and enforcement, there is no question about it - cyber crime is not an easy area to legislate. Not only is it difficult for countries to pass pertinent and timely laws to combat ever-developing threats, once laws are created, operating across borders becomes a major a challenge. Get the news on Europe's latest efforts to get to the bottom of online crime.

Amero Case Sparks Spyware Awareness PC World
Before a classroom incident in 2004 that brought on a highly publicized trial, American substitute teacher Julie Amero was a self-described novice in the area of computer security. While Amero still faces charges even after being granted a new trial, a project in her name, The Julie Group, has set out to help others who may be falsely accused of crimes because of spyware, and to produce educational material for users, law enforcement, and prosecutors. Read the article on PC World and tell us what you think at editor@lavasoft.com.

Security Shorts
Lavasoft News has compiled a list of "security shorts" - summaries of other online security stories making news around the world this past month.

Spyware Newsbits

New Targets in Detection (June 2007)
Protect your privacy with a complete list of new targets for June 2007.

Lavasoft Blog
If you want to go behind the walls of Lavasoft, hear what we are up to, what we are thinking and what is happening in the industry, the Lavasoft Company Blog is the place to go for regular, up-to-date information.

Star Reviews
Following its worldwide commercial release, Ad-Aware 2007 is getting rave reviews through Lavasoft's worldwide download portals.

Lavasoft: A Profile of "the Original Anti-Spyware Company"

When Sweden-based Lavasoft was founded in 1999 by Nicolas Stark, the term "spyware" was new. But strange things were happening to computers - and not just pop-ups.

The word spyware was used for the first time publicly on October 16, 1995. It popped up on Usenet, a distributed Internet discussion system, in an article aimed at Microsoft's business model.

In the years that followed though, spyware often referred to "snoop equipment" such as tiny, hidden cameras. It reappeared in a news release for a personal firewall product in early 2000, marking the beginning of the modern usage of the word.

In 1999, Steve Gibson of Gibson Research detected advertising software on his computer and suspected it was actually stealing his confidential information. The so-called adware had been covertly installed and was difficult to remove, so he decided to counterattack and developed the first ever anti-spyware program, OptOut.

That's where Lavasoft picked up and Gibson left off. He went on to other projects and Lavasoft became a pioneer in the anti-spyware industry with its signature free, downloadable product Ad-Aware. Lavasoft's paid products soon followed and it is now the leading anti-spyware provider with over 250 million downloads worldwide.

Still, a study conducted in 2005 by AOL and the National Cyber Security Alliance (NCSA) found that 81 percent of home computer users lacked basic "core protection" such as updated anti-virus, firewalls and the like. Thirty-eight percent of them had no anti-spyware protection.

"The history of spyware is an unfinished one with no end in sight, which is why we must be constantly vigilant and get the word out to all users - anti-spyware protection is necessary," says Michael Helander, Director of Communications at Lavasoft.

Today, Lavasoft's signature product is still free, but has expanded to include three paid versions of Ad-Aware, providing advanced protection to individuals and businesses alike. The company itself has grown too, now with 4,000 partners in 120 countries.

How does Lavasoft stay wily enough to outsmart malware? Our in-house team of expert security analysts find and analyze spyware, assessing each piece of malware with a Threat Analysis Index (TAI) according to its behavior.

The secret also lies in working with the "enemy" in order to create positive change in the industry, and in our relationship with our international network of users.

It has been a core value of Lavasoft from the very beginning to not only "detect and destroy" malware, but to go to the root of the cause, the makers, and engage them in dialogue that may result in changes in their way of developing. With a dedication to creating positive industry change by working directly with adware and spyware vendors to make acceptable improvements to their processes, we aim for establishing long-term benefits for computer users, and not just providing a band-aid fix.

Lavasoft continues to develop for safety, thoroughness, trust and usability, with both everyday computer users and savvy IT admin in mind. Our security analysts ensure that current threats are accurately assessed, helped in part by direct submissions from our international network of spyware fighting volunteers, who submit anywhere from 100 to 200 samples a day to be analyzed.

The Lavasoft Support Forums are another avenue that maintains Lavasoft's commitment to the online security of individual computer users. Over 21,000 registered members have made a total of 41,625 posts to help computer users around the world clean up their infected computers since the forums opened in April 2006.

What is in store for the future? The spyware and malware industry shows no immediate signs of slowing down. But Lavasoft's commitment to ensuring a safe computing environment guarantees that you will have the necessary tools for protecting your privacy and security. Be assured, Lavasoft will be ready.

Real Solutions for Battling Spyware

You know the signs: sluggish computer performance, a barrage of pop-ups, altered homepage and security settings, and even theft of private information. You've got spyware. But how did it happen?

The fact is that computer users play a crucial role in their own security. Exercising caution and being aware of the dangers that lurk on the Internet are key in ensuring that users can safely navigate ever-increasing online threats.

Many exploits count on user error or curiosity; they use bait like eye-catching titles and links to draw in unsuspecting users. These attacks succeed only because people are unaware of the threat, or do not perceive it as a real danger to their security.

Belgian IT security professional Dider Stevens recently performed a "social experiment" where he ran an ad offering users the chance to infect their computers with malware, and more than 400 people clicked on the link.

While the site in the malware experiment contained no malware, similar methods are used by hackers to tempt users into visiting sites containing viruses and malware in order to infect PCs.

While malware trends continue to evolve, the rapid growth rate remains a constant.

Knowing how to steer clear of threats is essential in keeping your computer secure. What can you do to keep spyware and malware from your PC? To start with, follow the tips below.

  • Install updates to your operating system and other applications as soon as they become available. This is the first step in malware prevention, as many of the nastiest take advantage of new exploits and if not patched through the updates, you are vulnerable! Remember, if you are a Microsoft user, updates are usually issued on what is referred to as "Patch Tuesday," the second Tuesday of each month.
  • Do not open e-mail attachments or click on links in instant messages from ANYONE, including 'buddies', unless you expect it. Verify the attachment before opening and scan with updated anti-virus software first. Be especially leery of odd subject lines and suspicious links.
  • Change passwords on a regular basis. Use complex passwords of at least 10 characters, comprised of letters, symbols and numbers. Do not have your browser store passwords and log-in credentials.
  • Pay special attention to what you download and read End User License Agreements. Malware often 'piggybacks' on other 'freebies' promising ringtones, smilicons, and screensavers. If in doubt, ask the security volunteers in forums like the Lavasoft Support Forum for their opinions about how to download software safely.
  • Be aware of shared computers. Do not loan your computer or laptop to friends, but if you do, make sure they are using a 'limited access account' and not an Admin account, to limit infection in the event of an accident.
  • Make sure you have a firewall installed and run anti-virus software that is current and up-to-date. Make sure updates are set to automatic and checked daily or several times per day.
  • Run Ad-Aware 2007 Plus or Pro to prevent spyware and malware from infecting your computer in the first place, with real-time monitoring. Ad-Aware 2007 Free is an excellent product (for personal use only) on computers that are already infected and need to remove spyware and other adware pests.

Shaping the Next Generation of Cyber Citizens

Just like adults, younger Web users face a number of security challenges every time they go online. And just like adults, the more knowledge children and teens have, the better prepared they will be to handle an online threat, whether it is in the form of an online predator, or a malicious software download.

As PCs and the Internet become ordinary, daily tools for families and children of all ages, user education is an important aspect of developing safe and smart Internet users.

Children and teens are increasingly using the Internet, whether it is for education related research, gaming, or to socialize with friends. Almost 60 percent of children three and older use the Internet, according to a State of the Internet Security report by Webroot Software.

It is not difficult for parents to underestimate the tech know-how of their younger children, trivializing the importance of safe surfing habits. But the popularity and usability of sites that target the youth market, like the wildly popular Webkinz virtual toys and websites like Nickjr.com that are aimed at pre-schoolers, means that parents have to be alert to the fact that younger children are using the Internet.

What most parents do not know about their kids online safety may have nothing to do with accidentally stumbling on a porn site; it is MySpace and YouTube and P2P file sharing, also known as downloading free music, screensavers, and smiley faces for your e-mail and a host of other free goodies, that entice novice computer users into clicking banner ads and pop-ups.

Another danger zone opens when parents allow their children particularly the tween set to act as administrators on the family computer. Personal information like passwords, credit card information, family finances and other sensitive stored material is in jeopardy of being sent to spyware attackers.

In homes where children under 18 used the Internet, there was a 28 percent greater incidence rate of spyware infections in the preceding 6 months, according to the State of Internet Security report.

"More than half of all affected files come from P2P file-sharing sites," says Janie "Calamity Jane" Whitty, a Lavasoft malware removal and prevention expert. "Kids click on anything, unaware they are opening the doors to potentially disastrous infections, including the family computer."

How can you minimize the risk of online threats and prepare younger Internet users for wise Web use? Follow these guidelines:

  • Have conversations with young PC users about safe surfing. It is not just about short-term prevention to control online behavior. The focus should be on creating an open dialogue, and instilling safe computing habits. Find out where children go online and what their interests are. Teach older children and teens about online responsibility, and underscore the importance of viewing Web material with a critical eye.
  • Do not let online socializing replace real world communication. Social networking is better suited for older kids and teens. Set the example early on that while the Internet is a great tool for staying in touch, getting outside on the playground is just as important.
  • If your child does use instant messaging, e-mail, or social networking sites, block messages from anyone not on the child's pre-approved contact list. Supervise posts to personal profiles, blogs and e-mail messages to ensure that private information is not made public. Ensure that kids understand what information can and cannot be shared online.
  • Limit interactive games and websites to kid friendly sites. Use a parental blocking tool if it is necessary. It may not be a bad idea to keep the family computer in a central area, so parents can monitor Internet use and advise when necessary.
  • Have updated security software - anti-virus software, anti-spyware software and a firewall - on your PC, and teach older children and teens how to use the software and why it is important.
  • Visit helpful online sites dedicated to online safety for younger users. One example is www.mcgruff.org, a child friendly site, powered by the National Crime Prevention Council, a leader in helping people keep themselves, their families, and their communities safe from crime.

EU Urges Coordinated Effort Against Cyber Crime

The European Union is stepping up the effort against cyber crime, detailing plans to create more consequential legislation, as well as promoting cooperation between different nations and awareness among consumers.

While the European Union, as well as individual European countries, already have computer crime legislation in place, Europe has recently seen an increased push for more coordinated efforts, in an attempt to keep up with evolving online opportunities for criminals.

The European Commission has called for more meaningful, targeted legislation and law enforcement to keep pace with cyber crime. Cyber crime, according to the commission, can be outlined as fraud, publishing illegal content, or crimes unique to the Internet, like denial-of-service attacks and hacking.

In the end of May, the German Parliament approved tough new anti-hacking legislation, ruling many more categories of hacking as illegal acts that should be punishable like any other crime.

But due to the cross-border nature of cyber crime, countries cannot go it alone.

European Union nations must improve police cooperation across borders in order to tackle child pornography, online credit card fraud and identity theft on the Internet, according to the EU's top justice and interior affairs official.

As the initial step, new legislation could be introduced later this year so that all 27 of the EU nations have standard laws to criminalize identity theft, said Franco Frattini, EU Justice and Home Affairs Commissioner, according to the Associated Press.

The battle against cyber crime in Europe means working through specific obstacles. The EU has cited key problem areas such as lack of coherent EU-level policy and legislation, low consumer awareness, and increased sophistication of criminal activities.

To illustrate the scope of the problem for both consumers and businesses, in its communication on cyber crime the EU referenced that an estimated 750,000 computers are infected through botnets every year in Germany and, according to the UK Financial Service Authority, bank fraud through phasing has increased an estimated 8,000 percent in the last two years.

"Awareness raising, training and research will also be essential in attaining our goals. This policy will be effective only if a strong dialogue with industry is put in place," Frattini said. "It is essential to work closely with member states, relevant EU and international organizations and other stakeholders."

The European Commission plans to hold talks between law enforcement agencies like Europol, national police forces, and Internet companies later this year to organize cooperative efforts, said Frisco Roscam Abbing, Frattini's spokesman, according to the AP.

Due to recent attacks, support for tough security measures to battle so-called "cyber warfare" and cyber terrorism is also likely to grow within EU countries.

Following the large scale distributed denial-of-service cyber attack on Estonia's private and government websites in May, which Estonia claims came as retribution from Russian hackers after a decision to move a Soviet-era statue from a square in Tallinn brought outrage among Russian nationals, concern over the use of the Internet to launch cyber attacks or to propagate organized crime has grown in European capitals.

"We need to prepare for cyber terrorism...and address it in a rapid and much more coordinated way within the EU and NATO," according to Estonian conservative MEP Tunne Kelam, in a recent Business Week article.

The European Commission, however, is urging EU members to utilize existing judicial tools, like the Council of Europe's, a continent-wide human rights organization, 2001 Convention on cyber crime, which provides a framework for cooperation between states.

Security Shorts

Spam Fighters Hit with DDOS Siege
Spammers launched a distributed denial of service (DDOS) attack against the anti-spam groups Spamhaus, SURBL (Spam URI Realtime Blocklists), and URIBL (Realtime URI Blacklist), according to the Internet Storm Center (ISC), in an apparent attempt to knock out important weapons in the fight against spam. The ongoing attacks, carried out by using a variant of the "Storm Worm" malware, succeeded in shutting down the web servers that power the three anti-spam services. According to one ISC member, there is a bright side to the attack: spammers must be desperate if they are focusing on anti-spam groups rather than using their resources to spread more spam.

Operation Bot Roast Finds Millions of Hijacked PCs
The U.S. FBI's Operation Bot Roast has identified over one million victim computer IP addresses being used in criminal activity. The arrest of three men accused of using the army of hijacked computers for spam related crimes was also announced. The Operation Bot Roast cyber crime project is an ongoing investigation that was launched to battle the growing botnet threat and to create public awareness about Internet security.

Caution Key in Preventing Rise of IM Attacks
Instant message based attacks are steeply rising, with security company Akonix Systems reporting findings of 170 instant message threats so far this year, a 73 percent increase over the same period last year. According to Akonix, the informal nature of IM is a key factor in the success of these attacks, compared to e-mail messages where users tend to be more cautious. The most typical means of attack has been to rely on social engineering to spread malicious code, such as sending a link that appears to come from an IM contact. Mid June also found hackers to be using exploits that target Yahoo's instant messaging software, making it imperative for users to patch the program.

City's Fund Hacked by Keylogger
Carson, a city in California, USA nearly lost $450,000 U.S. to hackers who reportedly infected a city treasurer's computer with key-logging spyware. Hackers were able to steal login credentials associated with bank accounts run by the city in order to shift the large sum from the city's general fund. All but $45,000 of the stolen cash was recovered after funds were frozen following discovery of the theft. The heist reiterates the fact that malware is a threat to large enterprises as well as individual consumers, and raises new concerns about lack of computer security and IT staff in U.S. municipalities.

Be Careful What You Search For
Looking up certain terms in search engines may put computers users at an increased risk for contracting malware, according to a new study. Keywords related to technology and music are most likely to yield sites with spyware and other malicious code, according to a study by McAfee Inc.'s SiteAdvisor service. Still, overall use of search engines is getting safer. While around 4 percent of search results lead to risky sites, that figure is down from 5 percent a year ago.

 
Ad-Aware 2007 - Now Available
Stats
By the end of 2008, there will be more than one billion personal computers in use worldwide. Forrester Research Inc. predicts that the number of PCs in use will more than double by 2015. It took 27 years to reach the billion-PC mark, but it will take only five years to reach the next billion, due to advanced technology, lower prices, and emerging technology-aware populations.

Source: Forrester's "Worldwide PC Adoption Forecast to 2015"
EULA
Term of the Month
An End User License Agreement, or EULA, is a software license agreement that indicates the terms for an end user to utilize certain software. That fine-print legal jargon that makes you want to check the box next to, "Yes, I have read and accept these terms," without fully reading the text, is an official agreement between you and a software vendor.
Tech Tips
It is important to read all EULAs and privacy statements carefully before installing new software. If the EULA is hard to find or difficult to understand, reconsider installing the software. You should never install software without knowing exactly what it is. By not fully reading the EULA, you may agree to questionable activities by the software vendor, and even to installing spyware and adware on your computer. The Zlob/Smitfraud Trojan (fake codecs most notably) actually DOES include proper disclosure of what will be downloaded to your PC. Take the time to read EULAs carefully!
Helpful Homepage
WiredSafety.org is the world's largest online safety, education and help group. Adults can visit the site for information on safely navigating the World Wide Web, and there are also specialty directories designed for kids. While it originally formed to help and protect Internet users of all ages, Wiredsafety.org's work has become increasingly dedicated to children, tweens, and teens.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com
http://www.lavasoft.com