Month: April 2005

Ben Edelman has posted a bunch of new pages on on sleazy intallation methods.

Intro page

Summary page

And .. the misleading installation of the week

Alex Eckelberry

Suzi at SpywareWarrior.com is one of the top spyware fighters out there.

She posted a fascinating blog entry today. She disucsses 180’s acquisition of CDT and has video showing a current stealth install of 180Solutions software as well as a whole bunch of other stuff.

Worth reading.

Alex Eckelberry

Web bugs are little graphic “bugs” that are usually used in email. Some newsletter publishers use these to track who opens up their newsletters. Spammers also use them to see if they have a “live body”.

Web bugs get activated if you view an email, even in Outlook’s preview pane. That’s why Outlook 2003 has the ability to not download graphics (which is why newsletters and such can come through looking all broken-up).

Now this blog entry from beSpecific mentions an article by lwn.net that Acrobat 7 can be used for these bugs. It’s all from a company called Remote Approach.

According to Remote Approach, opening up a PDF file enabled with Remote Approach gives the following information: IP Address, domain type (com, edu, gov, etc.) and other stuff like what kind of browser you use, your local time, what service provider you use, etc.

Note that this type of data collection is not unusual on the web (every time you got a website, the website operator can collect this type of data). It’s not getting your name, address, credit card number, etc. However, it’s the first I’ve heard of it for PDF documents.

Alex Eckelberry

Interesting article here.

They can buy whom they want. The problem is that stealth installs are still occurring and we can’t see why this can’t be fixed.

A distributor installs an older version which installs without the user’s knowledge. Then the update to the new “certified spyware free” version doesn’t tell the user that they got a 180Solutions program. This is the infamous “CBC Force Prompt” issue we have written extensively on.

So what is CDT? Check their websites out:

Loudcash and Searchbarcash

Nice music.

Alex Eckelberry

Remember that Dept. of Homeland Security privacy review board — the one that Claria exec Reed Freeman was appointed to? News.com has this interesting article.

Appointed to the chair: a die-hard champion of the Total Information Awareness program, Paul Rosenzweig. TIA, you’ll recall, was the most massive data mining project in history.

Best quote of the article:

“I don’t really regard Paul as a privacy advocate,” said Lee Tien, a lawyer with the Electronic Frontier Foundation in San Francisco. “I think he’s much more focused on whatever homeland security mission there is. He tends to view privacy as something to be circumvented.”

This is all just too weird.

Alex

Good stuff. Looks like CNET has publicly announced the policy and provided criteria for determining whether an application is regarded as “adware.”

And here is the type of letter they’re sending people:

Dear Publisher,

Since the launch of CNET Download.com more than eight years ago, we have worked hard to promote a trusted, safe, and secure downloading experience for both our end users and our publishers. With that in mind, we screen thousands of software submissions each month for elements we think might interfere with an end user’s satisfaction. Beginning April 18, this will include enforcement of a no-adware policy.

Your product has been identified by our production team as currently containing some form of adware. For it to remain live on our network of sites after April 18, we ask that you remove the adware component and resubmit the updated version through Upload.com. All files containing some form of adware will be removed by April 22. If you plan to resubmit an updated file but cannot complete the development process by then, you can always submit the update at a later date and still retain the product’s original download counts.

For more information about this new policy, please click here.

The Upload.com Team

Alex Eckelberry

Fascinating stuff here that reveals a bit about affiliate payments and adware. Looks like it all started with Wayne Porter’s blog/interview with an affiliate marketing guy on this subject.

And then there’s this bombshell…

Alex Eckelberry

Check out this class action lawsuit. Front page of Courtbriefs.com. See the whole shabang here.

Alex Eckelberry

4/12/05 Update. Subscriber Charles Arthur makes this good point: “I think though it’s not the Nigerian scam. It’s phishers looking for middle people. Money goes from bank account of person in US to person who signed up for this thing. They forward it to “company” in other country. They are phishing middlemen. Usually unwitting.”

We’re (hopefully) all familiar with the infamous “Nigerian” scams (also called 411 or 419 scams, after the section of the Nigerian penal code that deals with these type of fraud schemes).

However, this email was received today, and it carries a new twist. It looks legitimate–it’s not some Nigerian official who is trying to get his money out of Nigeria. Instead, it’s an email that looks like a reasonable commercial venture trying to get an agent in the US. There’s even a VCF card attached to the email (nothing in the VCF but a name).

Of course, these types of scams rely on someone “posting some money” or some such nonsense.

As always, caveat emptor.

Dear Sir/Madam,

I represent Grambest [a scam name–Grambest is not a real company] International Import and Export Company based in the UK. My company exports cocoa, rubber and timber for world trade.
We are searching for representatives who can help us establish a medium of getting to our customers in Europe and America as well as making payments through you as our payment officer. Most of our customer pay out in cheques and we do not have an account in your country that will clear this money. It is upon this note that we seek your assistance to stand in as our representative in your country.

Note that, as our representative, you will receive 10% of whatever amount you clear for the company and the balance will be paid to us.

If you are interested in this business transaction, forward to us the information below:

(1)Your full names
(2)Contact address
(3)Phone/fax numbers.

All further correspondences should be emailed to
(grambest@outgun.com/william-mark@excite.com)

Thank you for your time.

Very Respectfully,

Mr. William Mark
President,
Grambest Import/Export co.
Goods for Import/Export
Freight Fwdg. Svcs.

—————Xheader info—————
Microsoft Mail Internet Headers Version 2.0
Received: from tfdsmtp1.mail.isp ([213.4.129.48]) by exchange.sunbelt-software.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 4 Apr 2005 02:18:50 -0400
Received: from teleline.es ([10.20.4.99]) by tfdsmtp1.mail.isp (Netscape Messaging Server 4.15 tfdsmtp1 Mar 14 2002 21:29:48) with ESMTP id IEES7602.57M; Mon, 4 Apr 2005 08:18:42 +0200
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181
From: “LUCAS_DAM”
To:
Reply-To:
Message-ID: <471e90e3.90e3471e@teleline.es>
Date: Mon, 04 Apr 2005 07:18:41 +0100
X-Mailer: Netscape Webmail
MIME-Version: 1.0
Content-language: es
Subject: Representative
X-Accept-Language: es
Content-Type: multipart/mixed;
boundary=”–6a71dfa160313ed”
Return-Path:
X-OriginalArrivalTime: 04 Apr 2005 06:18:51.0137 (UTC) FILETIME=[2B5D7F10:01C538DE]
—————

To those of you following the whole “is 180 Solutions making products that deserve the adware/spwyare moniker?” debate, Wayne Porter just posted some interesting stuff on his blog. Mr. Porter, who runs a company that makes a competitor to our CounterSpy, does an excellent job here with 180Solutions. Read the Preface and then the response from 180.

Our team (along with rest of the antispyware community) will be examining 180’s responses to Wayne…).

4/4 Update: Suzi at SpywareWarrior blogs on this issue.

Alex Eckelberry

There’s press on this subject (expect more, too), and most recently this article by eWeek.

I got a question today from a potential enterprise account on this. We’ve covered this subject in this blog here and here.

Alex Eckelberry

Gartner got themselves a load of free press about the potential for spyware on Macs. There’s still articles hitting the wires on this subject!

I blogged on this subject a few days back.

In my opinion, this is a complete non issue. There is very little (if any) spyware on Macs, and it’s painfully obvious that as Mac’s grow in popularity, there will be spyware.

But the sky is not falling on the Mac.

The biggest thing people forget is that spyware is a one-two punch game. A) you need to make the spyware and B) you need distribution for the spyware.

So spyware developers joyously creating Mac spyware in the basement of some Russian brothel will still be stuck with the problem of actually getting it on the machines of users. It’s not easy. You need all kinds of trickery and legerdemain marketing to get people to download this stuff. Free song lyrics! A better search experience! Free screensavers! Use our P2P program!

You get the picture.

Right now, if you don’t want spyware, either practice safe computing (a lengthy separate discussion) or buy a Mac. And as someone commented in my other blog entry, you actually can get right-click mouse functionality with OS/X (a personal peeve of mine). Hmm…..

Alex Eckelberry