SpywareInfo Home
April 9, 2003

The line between "spyware" and "trojan" blurs

Advertising parasites continue to become more and more invasive as various lowlife script kiddies come up with new ways to generate income by hijacking your computer. If you have any doubt of that, look up xupiter or lop.com on google.

Without a doubt, those are the two most infamous of all advertising parasites, mainly because their techniques are so clever and because they both go to such great lengths to resist detection and removal. However, as difficult as it is to imagine, there are worse things out there.

A new trojan dubbed LinkReplacer by Andrew Clover started making the rounds a couple of weeks ago. LinkReplacer consists of a BHO which adds a script to the top of every page viewed in an infected copy of Internet Explorer. This script reads your cookies and sends them to a server located at wcft.net. This enables the attacker to steal passwords and other account information; any information stored in your cookies.

The attacker could also remotely instruct your browser to download and execute any software they choose. In practice, this is used to install updates to itself automatically. In theory, it could be used to download and install any number of keyloggers, trojans, or other surveillance software.

Another recent arrival to the parasite scene is Clientman. I honestly don't know what it does, but Clientman came to my attention after it was added to the detection database of Spybot S&D. This program defeats the protection of older versions of ZoneAlarm firewall. When it tries to contact its maker's server, it will set off firewall alerts. If the firewall is ZoneAlarm, Clientman will automatically "press" the "allow" button, after "checking" the box which makes the decision permanent. Newer versions of ZoneAlarm have protection against this sort of exploit, but it is an optional setting which is not enabled by default.

Both Spybot S&D and Ad-aware target these two parasites.

Featured Software

Permlink | Top

Acronis True Image

Acronis True Image
Author: Acronis
Platform: Windows 9x, ME, NT 4.0, 2K, XP
File Systems: FAT16/32, NTFS, Linux Ext2, Ext3, ReiserFS, and Linux SWAP
License: $44.99
Download

Every week, I bring you a discount on expensive software that lets you keep your private business private and your computer running smoothly. The commissions let me pay for hosting this bandwidth hog of a web site without bringing in 3rd party advertisers (and their tracking cookies). If there is a program you'd love to have, but the price tag is too much, let us know and we might feature it here.

This week I am featuring Acronic True Image 6.0. Acronis True Image 6.0 is your ultimate data insurance policy. It takes an exact image of your hard disk drive or separate partitions for complete backup, and allows you to restore all of their contents, including operating systems, programs, personal data and settings. In the event of fatal software or hardware failure, Acronis True Image protects your data, even when ordinary file backup software does not work.

Acronis True Image works entirely in Windows, so you can keep working on your Windows-based programs while your disk image is being created. And since you’re working in Windows, you can save your image to a networked drive, a USB 2.0 or FireWire drive, even a writable DVD. It’s Windows XP-like user interface is easy to use for everyday PCs and experienced users alike.

I don't buy much software, especially if it costs more than $20 or so. A few weeks ago I found myself without much of a choice.

Somehow I found myself infected with a trojan for the second time in as many weeks. I have yet to figure out where either of them came from. I don't surf around unprotected and I don't open email attachments. Let that be an example for those who think they don't need anti-virus or anti-trojan protection. If it can happen to me, it can most certainly happen to anyone.

Since this is a fairly new computer, I decided it was time to move my copies of Partition Magic and Drive Image from the old computer over to this one so that I could start making regular backups of my hard drive. I have long-since had my copies of both of these programs. I test a lot of spyware and browser hijackers, and having a back up copy of my hard drive is not optional, it's a requirement.

P Magic and DI have always worked perfectly and without complaint for me on 98se, ME, and XP Pro. So imagine my surprise when both programs refused to install on my new computer (which came preinstalled with Windows 2000 server). Then imagine my disgust when I learned that neither program will run on 2000 server, by design, because Powerquest sells far more expensive software ($250.00 each) for servers. I am now the proud owner of $150 worth of software that refuses to install. Nice going Powerquest. thumbs down.gif

After looking around a bit for a replacement, I came across a very detailed review of Acronis True Image (which I can't find now unfortunately). I downloaded the trial version and liked it right off the bat.

First and foremost, you can burn an image of your partition from within Windows and without stopping what you're doing to boot into DOS. You just tell True Image what to do and then go about your business. That more than anything else sold me on it. I hated having to reboot my computer just to back it up when I was using Drive Image.

True Image is extremely easy to use. All it takes is a few mouse clicks to burn an image. To restore, you reboot, point out your image file, and then wait the 15 minutes or so (depending on the speed of your computer) for it to restore your hard drive to it's previous state. It couldn't be any easier.

True Image burns directly to your CD burner, automatically breaking the image file into pieces just small enough to fit onto the CD. I now have 2 CDs with an image of my C: partition in a stable, tweaked, cleaned-up state just in case something causes me to have to completely wipe out my system and reinstall. It even lets you write your image file to the same partition you're currently backing up. That's good news for anyone stuck with only one partition and no way to create another.

I liked this program so much that I decided to feature it here, even though it's not strictly a privacy or anti-spyware program. We contacted Acronis and worked out a discount and they provided a couple of free copies for testing purposes. Everyone that has tried this program loves it. Not one person that I've discussed it with disliked it, and that in itself is remarkable.

There are a couple of caveats. There is no scheduling and it can't run automated or from scripts the way that Drive Image can. One person couldn't get it to burn to his Iomega burner. Beyond that, I have discovered no problems with this software. It's solid, stable, easy, and fast.

Having an image of my hard drive has saved me numerous times. I've tested everything from Gator to Webhancer to Xupiter to lop.com and had no ill effects afterward because I had an backup to restore from. There are two times that I can remember when I have had to boot to the emergency boot disk and restore an image because of bad driver updates that almost completely destroyed Windows. The only thing I lost was the hour or so it took to create the image, download the drivers and install them, and then to restore my image when the drivers were bad. A good imaging program is the ultimate insurance policy for your computer, especially if it stores valuable data.

Another plus for True Image is that it is relatively inexpensive. Drive Image is $70. The version that would be needed to run on a server is over $250. Acronis True Image is better than either of them in my opinion, and it's only $44.99. Plus, if you are one of my readers, there is an additional 20% off if you buy it now.

Purchase Acronis True Image

I didn't make that call

Permlink | Top

Has this ever happened to you? You open your phone bill and find enormous charges for phone calls you never made to small island nations that you've never heard of. You ask your spouse if they made the phone calls, and they say no. You ask your children if they made the calls, and they proclaim their innocence. Certain that the charges are a mistake, you call the phone company to ask them to remove the charges. However, the phone company insists that the calls were made from your home, and they even have logs to prove it. huh??

It was not a member of your family or a guest that ran up those charges. Nor has anyone broken into your home to make phone calls. More than likely the culprit is your own personal computer. More specifically, it could have been a piece of software known as a "dialer."

A dialer program is just what it sounds like, software which uses your computer's modem to dial a telephone number. In recent months, there has been a massive upsurge of people discovering dialers installed on their computer without their knowledge. The dialers call up telephone numbers in little-known countries which cost a varying amount of money per minute. In nearly all cases, the people stuck with the bill have no idea what is going on.

Cashing in
One company whose name you might find on your telephone bill after a dialer infection is Alyon Technologies, a telemarketing company located in The United States. There are roughly 800 complaints about Alyon at badbusinessbureau.com.

Alyon is under investigation by the Federal Trade Commission as well as 20 different state Attorneys-General for false, unsolicited billings and fraud. I've been providing some assistance to the Florida Attorney-General's office in their investigation of Alyon Tech.

If you fall victim to one of these dialers, it is strongly recommended that you not pay the long distance bill, regardless of threats of disconnected service. Dispute the charges, in writing, with your long distance carrier. Warn them that any interference with your telephone service will result in a complaint with your local utilities commission. If you are located in The United States, also file a complaint with the FCC and your state Attorney-General's office about the charges and the companies trying to collect them. More information

Don't expect your telephone company to be very sympathetic to the fact that you are being scammed. Some companies are honorable and will work with you to identify false charges and write them off. Unfortunately, many others are all too happy to rake in the profits from this unethical practice. AT&T, for instance, is currently being sued for being a willing participant in these scams.

Bell Canada is going so far as to actually break its own terms of use by threatening people with disconnection of long distance and local service for refusal to pay the fraudulent charges. How much money Bell Canada is making from the victims of these dialers is not currently known, but the company's practices are being investigated by various consumer watchdog groups.

Bell Canada disagrees that what they are doing violates the agreement. Section 22.2 (d) of the terms of service states that Bell can not disconnect service if customers are making partial payments to cover undisputed charges, as long as "Bell does not have reasonable grounds for believing the purpose of that dispute is to evade (or) delay payment." However, Bell Canada has started using some questionable billing methods that make it impossible to pay local charges before paying off long distance charges. As a result, hundreds of people who dispute their long distance charges are being threatened with the disconnection of local service.

Check your security settings
The number one way to become infected with one of these dialers is through unsafe ActiveX security settings. When Internet Explorer loads a page put together by a distributor of one of these dialers, an ActiveX script is loaded which downloads and runs the program. If you have any doubt that this can happen, go to http://www.spywareinfoforum.info/browsertest/ using Internet Explorer and see for yourself (this is perfectly safe. This is not a real dialer).

Once it has executed on the computer, the dialer can be set to load at startup. Once loaded into memory, it can wait for the computer to be idle for a certain amount of time. When it decides that the computer has been idle long enough that everyone is either asleep or at work, it will activate the phone line and dial the expensive long distance number. Some dialers don't even wait for the computer to sit idle. They will just terminate the connection to your ISP and redial.

Protect yourself
Make absolutely certain that you do not have unsigned or unsafe ActiveX enabled in your security settings. If the programmer can't sign his own code or have it certified as safe, do you really want it running on your computer?

There is also a program produced by an Australian company which will completely lock down your computer dial-up networking system. stopITnow! is a program which examines Windows Dial up Networking entries and prevents unacceptable numbers from being dialed. It disallows Direct Access dialing, preventing unwanted dialers from accessing the modem. It prevents Windows Phone dialer connections for restricted phone numbers. It also checks the Windows Dial up Networking Dialog to prevent unauthorised users from dialing restricted numbers.

stopITnow!'s maker says that it works with telephone systems in the United States, Canada, Europe, Australia; 60 different countries altogether.If you have children or guests who use the computer often, this is protection you should think about having. Considering the damage to your computer, the time lost fixing it, and the potential financial losses that can be caused by a dialer infection, stopITnow! is very cheap insurance.

stopITnow! normally costs $14.25, but the company was kind enough to knock 20% off for SpywareInfo readers for a limited time. See http://www.stopITnow.com.au/protection/spywareinfo.htm for more information.

Speak out
A while back I started a thread at the message boards asking people to post about their experience with a dialer. Dozens of people have posted there and the thread itself has been viewed thousands of times. If you have ever been the victim of a dialer, I'd like to hear about it. Lawmakers are starting to take notice of this scam, and this is the place I'd like them to start looking. http://www.spywareinfoforum.info/rd/dialers/

Gator and Overture teaming up

Permlink | Top

http://news.com.com/2100-1024-995616.html

Overture Services has signed a three-year deal with Gator to display its sponsored search listings on pages that pop under those of rival and partner Web sites.

As previously reported [by CNET], the pay-for-performance search company has been testing a partnership with Gator's online advertising and information network (GAIN) for several months. In the last week, the company committed to a lengthy deal to distribute sponsored listings from its advertising network onto Gator's new paid search product, Search Scout.

Financial terms of the deal were not disclosed.

Like previous products from Gator, Search Scout allows advertisers to reach members of the Gator network when they are visiting competitors' sites--a feature that has already drawn lawsuits in the context of banner and pop-up advertising. Search Scout, launched in December, triggers a pop-under window when a Gator customer searches on a site such as Google or Yahoo. The window lists search results tied to keywords purchased through competing search services.

Oh joy. Just what we need. More popunders.

Internet Security Alliance

Permlink | Top

A couple of months ago, the Internet Security Alliance released a new security guide aimed at protecting home and individual users.

"We're all linked together through this marvelous invention called the Internet ... with very powerful personal computers," ...."If that computer is not adequately protected from intrusions, that computer can literally be turned into a weapons system."

The nine recommendations are divided into seven basic actions and two advanced actions. The seven basic actions are the following:

  • Install and use antivirus programs.
  • Keep your system patched.
  • Use care when reading e-mail with attachments.
  • Install and use a firewall program.
  • Make backups of important files and folders.
  • Use strong passwords.
  • Use care when downloading and installing programs.
  • The two more advanced actions:
  • Install and use a hardware firewall.
  • Install and use and file encryption program and access controls.
  • Entire guide.....available in PDF format
I have nothing to hide

Permlink | Top

From last week's issue...

Something I hear constantly from people when I'm discussing privacy and spyware is the phrase "I have nothing to hide". How I counter that depends on who says it and what prompted it. In all cases, it infuriates me when someone says that. It's a cop out. It's lazy. It's ignorant. It's apathetic. More importantly, it's dangerous. You cannot live in a free society and have an attitude like that, because all too soon the society will cease being free.

How do you tend to deal with someone who says something like that to you?

Several people posted making good points and the debate is still ongoing. How would you counter the statement "I have nothing to hide"?

New message board software installed

Permlink | Top

Finally... Finally... Finally!

I have been waiting and waiting and waiting for a converter script to convert my old YaBBSE bulletin board to Invision Power Board. To put it as nicely as possible, I HATE YABBSE!!! I have been waiting for a converter for ages now and I have finally converted the message boards to IPB.

The new board is awesome. It is fast, it is fast, and it is fast!!! Did I mention that it's fast??

I have spent the last three or four days configuring (playing with) it. I have also installed two new skins that registered members can use, Star Trek LCARS (because I'm a dork) by Scattershot and GreyNTubey by Halfcut. I have also loaded it down with new smileys (some of which I've used in this issue).

If you had registered at the old forums, when you sign into the new forums you will need to click "My Controls" and reset your email address. For some unknown reason, the converter didn't convert email addresses. That also means that if you have forgotten your password or it doesn't work, you will need to email me instead of using the "forgot your password?" feature. In fact, please don't use the "forgot your password?" feature at all if you haven't given it your email address yet. Otherwise I won't be able to reset your password.

You will also need to update your bookmarks. The new board is different software and is in a different location. The new board is located at http://www.spywareinfoforum.info/forums/. Stop by and check it out.

The chatroom is no more

Permlink | Top

Many of you may have stopped by the chat room at some point in the past. Well, there is no longer a chat room. I have grown disgusted with the IRC network where it was located, so I decided to leave. There is still a channel #spyware on wyldryde, but it is now owned and operated by Coyote of TomCoyote.org and has nothing to do with me now. I won't be going back or starting another chat room elsewhere.

Final Ramblings

Permlink | Top

Last week, I asked for your opinion of whether or not to feature products even if they were not related in some manner to privacy or spyware. Good lord did that ever get a response. My own opinion was that I should stick more or less to privacy-related stuff, while my dear friend and partner-in-crime Catherine (who also owns this site) was trying to convince me to expand to other things.

Well, she's been smirking at me all week, because dozens of you wrote in to say that you liked the idea (I still suspect that about half of you are related to her). There were only three or four people who agreed with me. She has been teasing me about it mercilessly for days now. But, she's my best friend, so I let her get away with it.

Starting next week (maybe), I'll start a new section called "Editor's Choice" in which anything and everything might be featured. Backup software, clipboard extensions, time sync programs, etc. It might be free stuff, or it might be horribly expensive (in which case I'll sick Catherine on them to scam... I mean "negotiate" a discount for any of you interested in it).

This section will be clearly separate from the normal "Featured Software" section, which will remain focused on privacy/spyware/security related software. While the original point of the newsletter was to make money so I can pay for the web site, I absolutely do not want it to end up being just another newsletter with nothing but software reviews. Unlike the early days, there are really only one or two products being pushed each issue now because the commissions from the "featured" section are more than enough. Unsurprisingly, that was also Catherine's idea.


Last week I said that I was going to set the email address used by the newsletter to an autoresponder. I haven't done that, as it hit me just as I was about to do it that I would never get my bounces if I did that. I need to get those bounce messages so that I'll know which email addresses have suddenly stopped working.

If you reply to the newsletter, I am begging you, please delete the content of the newsletter before sending it. Or better yet, use the email form on the site.

SUBSCRIBE
TO THE
SPYWARE WEEKLY!

Email Address

Site Search
Search this web site using Google.com

Site Navigation

About SpywareInfo
Contact us
Downloads Page
Latest Virus Alerts
Links Page
Privacy Policy
Support SpywareInfo
Support Forums
The Spyware Weekly


Spyware Search

Look up spyware in Spywareguide.com's spyware database
Search powered by SpywareGuide


Support SpywareInfo with PayPal - it 's fast, free and secure!
Support SpywareInfo

news.gif
Privacy News

Member of The Harvester Project

Stop Policeware

Anti-DMCA.org

Anti-TCPA



notetab

DogReader.com

XHTML

Advertising terms of use

All material on this web site is copyrighted
© 2001- 2017
by Mike Healan. ® All rights reserved.

SpywareInfo banner designed by mockie

For my bulk mailer visitors :)