Tag Archives: Rogue software

Nightmare on Spyware Street

A case in Connecticut has exposed the legal dangers of not protecting your computer against spyware, as well as our vulnerability at the hands of incompetent law-enforcement officers.

Teacher Julie Amero found herself in a nightmare after spyware on her school computer popped up pornographic images in front of students. Instead of realising this was spyware at work, the state accused her of putting them there and forcing her pupils to watch.

In June of 2007, Judge Hillary B. Strackbein tossed out Amero’s conviction on charges that she intentionally caused a stream of “pop-up” pornography on the computer in her classroom and allowed students to view it. Confronted with evidence compiled by forensic computer experts, Strackbein ordered a new trial, saying the conviction was based on “erroneous” and “false information.”

But since that dramatic reversal, local officials, police and state prosecutors were unwilling to admit that a mistake may have been made — even after computer experts from around the country demonstrated that Amero’s computer had been infected by “spyware.”

It seems the nightmare may be coming to an end, but not without a price. She’s had to admit to one misdemeanour charge and surrender her teaching licence. She’s also been hospitalized for stress and heart problems.

The lesson? This was a school computer, and it seems the school failed to install the necessary updates and protection to prevent the spyware from loading itself. That’s probably something Amero should be exploring with her lawyers.

But there’s a bigger issue. We need, as individuals, to take more reponsibility for the computers we use—to learn the basics of protecting them from attacks, and to be able to at least identify what the problem is when something like this happens. It may have taken a techie guy to clean the computer in this case (I admit spyware is really hard to get rid of) but knowing, roughly, what the problem is should be the bare minimum of our working knowledge of the computers we use.

Connecticut drops felony charges against Julie Amero, four years after her arrest – Rick Green | CT Confidential

links for 2008-09-15

Is That a Virus on Your Phone or a New Business Model?

This week’s WSJ.com column (subscription only) is about mobile viruses — or the lack of them. First off I talked about CommWarrior, the virus any of you with a Symbian phone and Bluetooth switched no will have been pinged with anywhere in the world.

CommWarrior isn’t new: It has been around since March 2005. But this isn’t much comfort if you find yourself — as a lunch companion and I did — bombarded by a dozen attempts to infect our phones before the first course had arrived. So is CommWarrior just the thin end of a long wedge? Yes, if you listen to the Internet-security industry. “I can personally assure you that mobile threats are reality, and we have to start taking our mobile security seriously,” says Eric Everson, who admittedly has a stake in talking up the threat, given that he is founder of Atlanta-based MyMobiSafe, which offers cellphone antivirus protection at $4 a month.

But the security industry has been saying this for years about viruses — usually lumped together under the catchall “malware” — and, despite lots of scare stories, I couldn’t find any compelling evidence that they are actually causing us problems beyond those I experienced in the Italian restaurant.

For reasons of space quite a bit of material had to be dropped, so I’m adding it here for anyone who’s interested. Apologies to those sources who didn’t get their voices heard.

Symantec, F-Secure Security Labs and other antivirus companies call FlexiSPY a virus (though, strictly speaking, it’s a Trojan, meaning it must be installed by the user, who thinks the program does something harmless). “In terms of damaging the user, the most serious issue at the moment is commercial spyware applications such as FlexiSPY,” says Peter Harrison, of a new U.K.-based mobile-security company, UMU Ltd.

Not surprisingly, however, Mr. Raihan isn’t happy to have his product identified and removed by cellphone antivirus software, though he says his protests have fallen on deaf ears. “We are a godsend to them,” he says of the mobile antivirus companies. “They are fear-mongering as there is not a significant problem with viruses in the mobile space.”

Technorati Tags: , , , ,

When Chatbots Go Bad

Richard Wallace of the A.L.I.C.E. AI Foundation, Inc. and creator of the Alice chatbot says his creation (sorry, can’t find a permalink) may have been lured to the dark side:

I have received a multitude of emails recently from subscribers to MSN Instant Messenger services, from people who have chatted with a clone of ALICE on their system who have suspected that this clone is downloading spyware onto their machines. The threat of malicious bots releasing viral software has appeared before, but this is the most serious incident so far. Like many clones of ALICE, this one appears to contain the basic AIML content containing my email address and references to the A. I. Foundation, which of course has nothing to with malicious software. But it directs people to complain to me.

New Scientist quotes Richard as saying that “this is insidious because compared to other bots, she does the best job of convincing people that she is a real person.” I’m not quite clear as to how this happens, but it would appear that anyone chatting with these Rogue Alices would be infected with spyware via MSN chat.

If so, is this the start of something? As chatbots get better, can we expect them to spread through every online social tool, infecting us with their sleaze and reducing our trust levels to zero.

Microsoft’s Spyware Gate

Microsoft have launched a new version of their Antispyware application, now rebuilt and renamed Windows Defender. Initial reports are favorable, including Paul Thurrott, who is good on these kind of things:

Windows Defender Beta 2 combines the best-of-breed spyware detection and removal functionality from the old Giant Antispyware product and turns it into a stellar application that all Windows users should immediately download and install. Lightweight, effective, and unobtrusive, Windows Defender is anti-spyware done right, and I still consider this to be the best anti-spyware solution on the market. Highly recommended.

Expect this program to become part of the next Windows operating system, meaning that spyware is going to be kept out of most computers by default. This is a good thing. What is less good is that it lets Microsoft decide what is and what isn’t spyware, giving them one more gate to control. Also, spare a thought for all the companies that have been selling antispyware software for the past few years; I can’t see many of them surviving past Windows Vista.

ZoneAlarm’s Sneaky Spyware Scare?

(See a more recent post on this for an update. ZoneAlarm no longer has this ‘feature’.)

I’m a big fan, and user, of ZoneAlarm firewalls. Their interface is clean, clear and I like the system tray icon which doubles as a traffic monitor. But sometimes they do things that don’t, in my view, help educate and simplify things for the ordinary user. After all, Internet security is already baffling enough.

I use the free version of ZoneAlarm firewall and usually it works fine and unobtrusively. But just now I got a popup window like this:

Za

At first glance it looks like an ordinary update reminder, which would be fine. But it’s not. It seems to suggest, to the casual user, that something bad is happening to your computer. To the more experienced user it looks like one of those naff anti-spyware ads that appear on websites with a faux Windows-dialog suggesting you’re infected with spyware. (Notice there’s no option along the lines of ‘Never remind or show me this popup again. I have enough on my plate, thanks.’)

Click on ‘update now’ and you’re taken, surprise surprise, to a ZoneAlarm promotions page. To be fair to ZoneAlarm, if you’re running IE a scan will kick in (it won’t if you’re using Opera, Netscape or Mozilla as it’s an ActiveX application). Once spyware is detected, it’s not quite clear what you’re supposed to do next. Click on a ‘Remove Spyware Now’ link and you’re faced with a pop-up link pitching a ‘featured bundle’ of ZoneAlarm Internet Security Suite and TurboBackup for $50. Click on a red button marked ‘REMOVE SPYWARE with ZoneAlarm’ and you’re taken to the same pop-up (Yes, they seem to somehow get around the builtin IE popup blocker.) As far as I can see there is no other way to remove the alleged spyware.

This is all, I believe, part of ZoneAlarm’s new product,  ZoneAlarm Anti-Spyware, which it launched recently. I just wish that ZoneAlarm, which I’ve had quarrels with before, didn’t stoop to such befuddling scare tactics to tout a new product.  

What The Hell Is Going On In There?

Despite a little too much hype for my tastes, a quite useful site for figuring out what is going on inside your PC: ProcessLibrary.com – The online resource for process information:

In the recesses of your computer, 20-30 invisible processes run silently in the background. Some hog system resources, turning your PC into a sluggish computer. Worse yet, other useless processes harbour spyware and Trojans – violating your privacy and giving hackers free reign on your computer. ProcessLibrary.com is an invaluable resource for anyone who wants to know the exact purpose of every single process

Could be useful.

Is Antivirus Software Still Up To The Job?

How often do antivirus manufacturers admit that their products are not really up to the challenge anymore?

The only folks I know who do this are those from Trend Micro. I interviewed Steve Chang, its founder, a couple of years back, and he made it clear that antivirus software can’t keep everything out. But it doesn’t always come across quite as frankly as it should. This BusinessWorld piece today makes clear, in an interview with Ah Sin Ang, Trend Micro Incorporated’s regional marketing manager for South Asia, asks the important question, (is there) yet no antivirus software than can protect us from phishing?

Ang’s reply could be more thorough, but it’s probably more honest than some of Trend Micros’ competitors: If you are aware that banks don’t send you these types of emails, you’ll be protected. That’s why Trend Micro emphasizes public education.

He also makes the valid point that ‘antivirus’ is not a particularly useful term anymore: Although anti-virus is a general term for Internet security, we like an antivirus software to clarify what that software means – does it include protection against Trojans, spyware, adware and hackers? Does it block unhealthy sites? Once you get infected, there may be a lot of pop-ups featuring pornographic and gambling sites. A good integrated software must also allow filtering. When you filter, it must also be able to filter spam and phishing.

I think the bottom line is that antivirus software is not doing what its customers think it’s doing. Most of us can’t tell the difference between a worm and a Trojan, and tend to assume that antivirus software will also protect us if we click on something in an email that takes us to an infected site. This is no longer true, if it ever was. Instead, the software gives us a false sense of security. Would we better off not having it, and instead educating ourselves about threats?

The Danger Of The Mistyped URL

F-Secure Computer Virus Information Pages: Googkle:

F-Secure staff has found a malicious website that utilizes a spelling error when typing the name of the popular search engine – ‘Google.com’. If a user opens a malicious website, his/her computer gets hijacked – a lot of different malware gets automatically downloaded and installed: trojan droppers, trojan downloaders, backdoors, a proxy trojan and a spying trojan. Also a few adware-related files are installed.

The name of the malicious website is ‘Googkle.com’. PLEASE DO NOT GO TO THIS WEBSITE! Otherwise your computer will get infected! We have reported the case to the authorities.

I guess this kind of thing is more common than we realise. It seems to be a bunch of guys with Russian names who ahve registered misspelling of the Google name (how many more are out there) as a way to install phishing and other tricks on your computer. The website is still active at the time of writing.

(Via Hotlinks)

A New Way To Foil Keyloggers?

PC Tools has released a new version of Spyware Doctor, 3.2, with what it calls “groundbreaking Keylogger Guard technology that protects users from identity thieves”. A press release says:

Existing solutions can allow keylogger threats to run undetected for weeks or months by which time the damage is already done. Spyware Doctor 3.2’s Keylogger Guard detects and removes keylogger threats in real-time before they are able to steal personal information.

It does this by looking at “behavior rather than signatures….Keylogger Guard detects the behavior immediately, blocking keyloggers from installing on the user’s system and protecting customers right away, not weeks or months too late.”

Sounds interesting, although I’m not sure it’s exactly groundbreaking. Or is it? A trial version of Spyware Doctor 3.2 can be downloaded at www.pctools.com and costs $30.