You won’t want to miss the scoop we have for you in this issue of LN! September is ushering in a new era at Lavasoft as we reaffirm our commitment to providing you with the tools you need to safeguard your online information. Read all about it in our article on Lavasoft’s release of three new privacy tools. Developments are ahead within the company itself, as well, as we look towards the future of malware detection, removal, and protection. Security guru Joe Wells has been welcomed to the team, and in this issue, we’re introducing him to all of you Lavasoft News readers.
As always, a continuation of our commitment to your online security is to bring you reports and advice on the latest threats you’re countering online. We have fresh security updates on two dreaded Internet hazards - learn how to beat Zlob Trojans that pose as codecs needed to download videos, and how to make sure you don’t become a victim of the spam scams taking over e-mail inboxes across the globe.
From last month’s issue of LN, we’d like to thank all of our “green-minded” PC users with an update on the Lavasoft tree planting challenge. If you want to comment on an article you see in LN or have a topic you would like us to cover, write to email@example.com.
Lavasoft Introduces New Privacy Tools
Meet Joseph Wells – the Newest Member of the Lavasoft Team
Defeating the Ever-Present Zlob
Spam Surge Inundates Inboxes
National Data Breach Notification Debate Heats Up Information Week
New Targets in Detection (August 2007)
Vista Compatible Ad-Aware 2007
Join the Lavasoft Team!
To get all news on one, printable page, click here
Lavasoft Tree Planting Challenge
In the August issue of Lavasoft News, part of our focus was how we can all do our part to make sure that the technology-centered world we live in leaves a less harmful impact on our surroundings. As part of this, we teamed up with an eco-friendly company, GreenPrint, to introduce the Lavasoft tree planting challenge.
Lavasoft Introduces New Privacy Tools
You already know that Lavasoft’s Ad-Aware anti-spyware products and Personal Firewall are effective, easy-to-use software to keep your computer secure. Now, in direct response to your demand for a greater variety of solutions to combat the array of security challenges in our digital world, Lavasoft has introduced new products that are a reflection of today’s information security threats.
With prying eyes able to access all kinds of confidential data through our computers, it is essential to have strong solutions in place. At Lavasoft, we are constantly evaluating the online environment to ensure that consumers have the means to control their computer security and privacy.
As more and more information is stored on our computers and passed back and forth from person to person, digital document and file security presents new challenges for home and corporate computer users, with fear of data breaches, identity theft, and loss of sensitive information. Lavasoft has released three new products to relieve that worry: Lavasoft Digital Lock, Lavasoft File Shredder, and Lavasoft Privacy Toolbox.
“While we will continue to protect the privacy and security of individuals with our flagship Ad-Aware anti-spyware software, the release of these three new products signals a new era at Lavasoft as we begin to provide our customers with additional security tools. Our products must continue to grow and expand in response to the demands of our customers and to today's varying security challenges,” said Jason King, the recently appointed chief executive officer at Lavasoft.
This new line of Lavasoft solutions, developed through the expertise of our partners in the computer security industry, are a natural addition to the privacy and security tools you use on a regular basis to safeguard your sensitive information. See a description of each of our new products below. Click on the product boxes to see a full features list for each product.
Lavasoft Digital Lock
Protect the private digital data on your computer with the strong encryption technology of Lavasoft Digital Lock. Your online files, both at home and at the office, are a trove of private and potentially valuable information. Theft of confidential information can result in heavy financial loss, as well as lost time. With Lavasoft’s encryption technology, securely store or send files by e-mail knowing that your private information is safely locked and will never fall into the wrong hands.
Lavasoft Digital Lock Features List
Lavasoft File Shredder
Take control of the information on your PC with Lavasoft File Shredder. Even after you think you have deleted information and files, traces still remain on your computer. When you delete a file, empty your Recycle Bin or format your hard disk, the information is not always removed from your PC; these methods only alter the structure of the drive, leaving most of the data intact and recoverable. You can shred your sensitive digital files with the same certainty as you shred sensitive papers in a paper shredder. Permanently remove unwanted files and data, at home or at the office, with Lavasoft File Shredder.
Lavasoft File Shredder Features List
Lavasoft Privacy Toolbox
Build the security you require – get both the Lavasoft File Shredder and Digital Lock in one easy-to-use application. Securely store information or remove it for good from your PC with the Lavasoft Privacy Toolbox, giving you full control of your digital documents. Get the most for your money with savings of over 30 percent compared to buying both products separately!
Lavasoft Privacy Toolbox Features List
Meet Joseph Wells – the Newest Member of the Lavasoft Team
Though I had experience in programming, reverse engineering, and even assembly language programming on other platforms beginning in 1983, my career really started in 1987. Last year, I was going through a box of old papers and found the receipt for my first DOS computer, which I purchased, and started my first research company: Wells Research Information Services. The date on that receipt is August 7, 1987. That was when I began developing security programs.
What are the most significant changes you have seen in the security industry? In terms of sophistication and prevalence, how would you describe the types of malware and spyware threats that we see today?
Back in 1987, I was into online research based on systems such as Dialog and NewsNet, but also spent a lot of time on BBS’s. It was on the local BBS that I first found out about the Dirty Dozen; a list of Trojan Horse programs, which actually numbered more than twelve. So I developed my first heuristic Trojan detector. Though viruses existed as early as 1986, it wasn’t until August of 1989 that I received and disassembled my first virus (Jerusalem.1808.A).
That was then. What about now?
As you know, I was recently interviewing with different companies.
As it turns out, by an extremely unlikely coincidence, I received an offer from Lavasoft and accepted it by e-mail on August 7, 2007. Yes. That’s right. I accepted this position of CTO with Lavasoft exactly 20 years to the day after I started my first research company!
Then, yesterday I was having a discussion with a friend who works for Kaspersky Labs. What were we discussing? The current problem with Trojan Horse programs.
I am reminded of the saying: “The more things change, the more they remain insane.”
So to answer the question, the most significant changes I have seen involve the speed, magnitude, diversity and complexity of the nature of this evolving threat.
Defeating the Ever-Present Zlob
And the war against Zlob Trojans wages on. This online enemy goes by many names (Zlob, fake codecs, Zlob codecs, Smitfraud Trojans) but whatever alias is used, the devious tactics and growing prevalence on the web are undeniable. At Lavasoft, we have a vendetta against the Zlob, and a mission to help you keep this untamed online threat off of your system.
Zlob Trojans, similar to the closely related Vundo Trojans, are malware that usually masquerade as a codec needed to play a video, and then install adware or malware on an unsuspecting user’s system.
“This is absolutely the worst infestation right now on the Internet - certainly the most widely known and seen in the security forums,” says Janie "Calamity Jane" Whitty, a Lavasoft malware removal and prevention expert and Support Forums administrator.
To avoid getting infected with this underhanded malware, all it takes is a little caution and awareness of the problem.
Once you install the program, you begin seeing loads of unwanted adware. A “nag” screen takes over your desktop in the form of a security warning or as a pop-up telling you your system is infected. The message demands that you run a scan or buy a specific “anti-spyware program” in order to fix your PC.
The popularity of downloading and watching videos online, combined with users not finding out exactly what they are downloading onto their PCs is the perfect environment to keep Zlobs alive and thriving. These fake codecs are a frequently used ploy, brought to you through various methods that rely on the vulnerability of unsuspecting computer users including websites, e-greeting cards, and instant messages. Along with that, Zlob developers spew out new Zlob Trojans daily in an attempt to avoid detection by anti-spyware and anti-virus software.
“Despite our efforts, Zlob is still winning and it remains the number one public enemy, of this malware researcher anyway. Just take a look in the forums, our forums - ANY security forums and people are still coming in droves and hoards needing help to remove this malware. It is constantly changing and jumping domains to avoid detection,” Whitty says.
“Users need to be warned about these fake codecs. My own experience with these codecs is that if people would just read the EULAs of the software they download they would see that they are getting additional (and possibly unwanted) adware and spyware in that fake codec,” according to Whitty.
Lavasoft researchers are key fighters in the war on Zlobs, constantly finding new variants and putting them into detection. Currently, the Zlob family of Trojans are among the largest families of malware in Lavasoft’s Detection Database. Ad-Aware 2007, especially the real-time protection of Ad-Aware 2007 Plus or Pro, is an important weapon in the malware fight. Other armor you should equip your system with is updated anti-virus software, a firewall, and the latest security patches from Microsoft.
Below are a few more Zlob prevention tips from the security experts at Lavasoft.
Spam Surge Inundates Inboxes
Most of us are well aware that e-mail is a method of choice for many malware attacks and scam techniques. But the e-mail scourge that none of us look forward to seeing in our inboxes has been making an onslaught like never before.
E-mail security firm Postini recently tracked the largest spam attack followed to date, a PDF spam deluge that increased the total spam count by 445 percent in a single day.
This particular scam involved a “pump and dump” ploy; recipients were sent PDF attachments, prompting them to buy stock in a small firm called Prime Time Group, Inc, setting off an artificial inflation of its stock price.
According to a recent EWeek article, the spam surge’s sudden strike and subsequent plunge was due to the work of botnets. Botnets, networks of zombie computers that are the source of many types of online threats, can be used to spread vast amounts of spam.
The volume of spam reportedly saw a 53 percent jump from the day before the attack started to the day it launched on August 7, Adam Swidler, a representative at Postini told EWeek.
“Why it stopped is a mystery, but more than likely it wound down because it was a spam run being conducted on a rented bot network,” according to Swidler’s statement in the article.
The attack, researchers say, has likely been launched by the infamous “Storm Worm” botnet. What began this past January as spam promising news reports of European storms has since been seen presenting itself as a greeting card from family members. A widespread spam attack in July used the tactic of concealing computer viruses in links to e-greeting cards.
According to the Washington Post, Postini saw about 275 million greeting card spam messages in the first 3 weeks in July. That same month, the so-called Storm Worm was said to represent about 30 percent of all spam, according to reports.
Whatever the subject, the intent remains the same: to con computer users to click malicious links or open attachments in their e-mail to carry out a scam.
The most recent spam trends have seen less of the traditional image spam, in favor of PDF, Excel, and Zip file attachments. Spammers have turned their attention in different directions in order to evade filters and make their way into your inbox, disguised as a trusted attachment. Image files are easier for spam filters to stop, while PDF files bypass many existing e-mail filters.
“PDF spam is the latest trick the spammers have come up with to evade traditional anti-spam filters,” Amir Lev, president of e-mail security provider Commtouch said in a company press release. “It took a bit of time, but some anti-spam engines eventually developed solutions to block the image-based spam that plagued inboxes last year. In response, the spammers quickly utilized their zombie infrastructure to progress into sending spam in a different format.”
While it may already feel that our inboxes are being flooded with spam and scams, by most measures, the prognosis is that junk and deceptive e-mails will only get worse.
To avoid e-mail scams and spam attacks, make sure to use a spam filter, in addition to updated anti-virus and anti-spyware software. When in doubt about an e-mail, it’s always best to stay on the cautious side: do not open e-mails from unknown senders, and verify the validity of links or attachments with the sender before viewing. Being aware of threats is always an important step to prevention – be proactive in reading reports and publications on the latest spam techniques
Long-Running Russian Phishing Scam Nabs $500,000
Australia to Battle Internet Porn
Germany’s Anti-Hacking Law Creates Debate
Study Finds Spam’s Weakness
U.K. MPs Call for Curbing the Web’s Wild West
The risk associated with using the Internet, like spam, viruses, spyware and phishing, remains high, according to Consumer Reports. In the first half of 2007, spyware infections prompted 850,000 U.S. households to replace their computers, according to a recent survey. One out of every 11 surveyed had a major, often costly problem due to spyware. The economic fallout per incident was averaged at $100 (U.S.), with damage totaling $1.7 billion.
Source: Consumer Reports, State of the Net 2007
Term of the Month
A pump and dump scam is a spam technique that uses misleading messages to create hype around targeted stock – usually “penny stocks” that sell for less than $1 U.S. per share. Spammers acquire the stock before sending their spam, and then “dump” their shares after share prices have inflated. The result: investors are fooled into losing money, while the spammers make off with a profit. Read more about recent spam trends in our “Spam Surge” article.
Every time you surf the Net, your browser keeps track of all of your online steps. With Ad-Aware 2007, we’ve given you an easy solution to remove all traces of your Internet browsing from your system, keeping spyware from documenting surf patterns and targeting you with adware and spyware. TrackSweep, one of the new privacy features in Ad-Aware 2007, gives you the option to clean your cache, cookies, history, last typed URLs, and browser tabs from Internet Explorer, Firefox, and Opera, in one clean sweep! To use TrackSweep, from the “Tools & Plug-Ins” tab in Ad-Aware 2007’s user interface, select “TrackSweep” and then choose the items you want cleaned. TrackSweep is a feature in Ad-Aware 2007 Free, Plus and Pro.
The Anti-Phishing Working Group is an organization committed to wiping out online scams by focusing on eliminating fraud and identity theft that results from phishing, pharming, and e-mail spoofing. Visit its website to report phishing attempts, pharming sites, and crimeware, or browse the informative resources section to brush up on the latest threats.