Select Page

We’ve been doing a fair amount of work on cleaning up our research center, and now there’s a nifty new thingie on the front page of our research center — live stats of spyware being removed from CounterSpy users’ systems. 

It’s a general and approximate representation of a sample of our users but it’s interesting to play with (we did have a version floating around in the past but it was not broadly known about — except for one writer who mentioned it in his newsletter).

Spywarescan000013

You can see the live stats here.

And here’s something curious — recently we saw a number of ancient pieces of adware on the top-10 list:

  • ABetterInternet – Adware (General)
  • Bridge/WinFavorites – Adware (General)
  • Xplugin – Trojan Downloader
  • Transponder TPS108 – Browser Plug-in
  • Transponder.Pynix – Adware (General)
  • DailyToolbar – Toolbar

I’ll quote from an internal email from Eric Howes, Sunbelt’s director of malware research:

The culprit is the new rogue anti-spyware app, TitanShield AntiSpyware. Incredibly enough, this app loads a bunch of bogus spyware/adware, which is then proceeds to detect.

The bogus spyware/adware conists of both garbage dummy files named and located like the originals of the above threats as well as Registry keys that actually match the above threats.

CounterSpy is detecting both the Reg keys and, in some cases, the files (based on file name/path match) and reporting that the PCs are infected with those ancient spyware/adware programs, when in fact what’s really going on is that TitanShield loaded a bunch of bogus apps.

It’s hard to call these false positives, and the junk really should be removed. It’s just that the users’ PCs aren’t infested with the above apps but rather TitanShield AntiSpyware.

Pretty incredible, eh?

Alex Eckelberry