SpywareInfo Home
Spyware Weekly Newsletter > June 10, 2003

RapidBlaster Alert

RapidBlaster is an advertising parasite whose very nature demonstrates all that is wrong with online advertising today. It is installed using activex driveby methods from affiliate web sites or silently by a browser hijacker called ISTbar. It sets itself to run hidden in the background when Windows starts, then pops up pornographic ads.

As with several other advertising parasites loose on the internet today, RapidBlaster actively works to evade removal by antispyware software. Other parasites mutate their filenames and CLSID identifiers randomly as they are installed, but this is not how RapidBlaster evades removal.

The software connects to a server at 209.47.15.73 to download a list of words. Then it creates a folder and a file with names based on those words, loads the new file, and exits. It then watches to see if anyone tampers with its registry settings. As soon as you use HijackThis or another tool to remove any part of the software or its settings, it takes a word from that list to create another anonymous version of itself, and then it disappears from view. That makes it extremely difficult to remove the bugger, because its authors designed it to watch for that and to defend itself.

I mentioned in a private security forum that we need to kill it from memory before attempting removal, and Javacool Software came to the rescue with a small program that specifically targets RapidBlaster. RBKiller will identify all known variants of RapidBlaster and remove it from memory, then delete the associated startup entry from the registry. It doesn't delete the actual file or folder currently, but most likely it soon will.

Those of you helping people out with HijackThis log files on message boards and newsgroups, you are looking for an entry similar to this:
O4 - HKLM\..\Run: [explorer lptt01] "c:\program files\explorer\explorer.exe"

Notice the part in bold. Current versions of RapidBlaster include that in all startup entries, although I can't imagine why considering how that makes it stand out. A future version will probably remove that to make it harder to find. If you spot that in someone's log, it is a clear sign of a RapidBlaster infection. Have them download and run RBKiller and that will solve their problem.

http://www.spywareinfoforum.info/downloads/rbkiller/rbkiller.exe


Links:

http://www.doxdesk.com/parasite/ISTBar.html ISTbar
http://www.wilderssecurity.net/ Javacool Software
http://www.spywareinfoforum.info/~merijn/files/hijackthis.zip HijackThis

Webroot Software's Window Washer

Permlink | Top

webroot logo

This is a product that I own myself, and it is very impressive. You could spend an hour rummaging through your computer deleting your browser cache, cookies, temp files, address bar history, and even those nearly impossible to delete index.dat files. With Windows Washer, you don't have to waste all that time and energy. Window Washer makes doing these tasks quick and easy. There are several people that I consider to be experts in the area of internet privacy that use and recommend Window Washer to newbies.

What you do online is nobody's business. Take control with Window Washer. Protect your privacy, clean unwanted files and boost PC performance.

Window Washer is the original and most advanced privacy and PC cleaning tool. Webroot invented this software category more than four years ago and since then more than one million customers worldwide have installed Window Washer on their PCs!

Buy Window Washer today and save $10. Normally $29.95, Windows Washer is available to SpywareInfo readers for only $19.95! Your purchase is risk-free - satisfaction guaranteed - AND your purchase includes 1 year of technical support and product updates.

DON'T WAIT! - See what more than a million savvy Internet users already know!

Every week, SpywareInfo arranges a discount on the programs best suited to keep your private life private. This arrangement lets us pay the bills to keep SpywareInfo running without having to sell ads to the likes of DoubleClick and X-10.

We do need your help, as the discount is for your benefit. What commercial privacy software would you like to see featured here at a discount? Drop us a note and let us know.


Links:

http://www.spywareinfoforum.info/rd/webroot/ Purchase Window Washer
http://www.spywareinfoforum.info/email2.php Suggest a product

Internet Explorer Exposes Sensitive Information

Permlink | Top

Incredible. After all the time that some of us have spent wishing Ad-aware would stop targeting that "Related Sites" feature because it was neither spyware nor a component of Alexa's Toolbar, something like this comes out...

A vulnerability has been identified in Internet Explorer, which exposes sensitive information to "msn.com" and "alexa.com".

While this is a known "feature" when the "Show Related Links" option is enabled in Internet Explorer, there is a bug, so that Internet Explorer will keep transmitting the information to "msn.com" and "alexa.com" after "Show Related Links" has been disabled. This occurs whenever "Ctrl+R" is used to reload a page.

To make matters worse, it has been confirmed that this behaviour also affects SSL enabled pages. One thing is that Microsoft has chosen to make a "feature", which reveals this information to "msn.com" and "alexa.com", but the fact that information, which was supposed to be protected by SSL and sent only to one site, is sent in plain text to a third party ("msn.com" and "alexa.com") is of great concern.

The data transmitted to "msn.com" and "alexa.com" is the complete URL. In some cases this could contain sensitive information such as username, password, session id, search string, "secret paths", and more.

Read the rest of this


Links:

http://www.secunia.com/advisories/8955/ Full security advisory

Cookies - What they are and how they are used

Permlink | Top

Cookies are text files stored on your computer that web sites use to keep track of information their site requires. This can be as simple as a placeholder that indicates for you what you have already seen on that page (usually by changing the text color) or remembers your preferences. These cookies have no contact with anyone since the info they contain is meant solely for your benefit.

However, some companies use those cookies to track where you have been and what you have done. The difference depends on whether the cookie is first party or a third party cookie. Third party cookies are set not by the web site you are viewing, but rather by a site located elsewhere. This is the case with most advertising banners. Of course, there are also companies that outright abuse the technology in order to track web surfers all over the internet.

One such company is advertising giant DoubleClick. Cookies, by design, are meant to be accessible only by the site that sets them. This is to keep one web site from reading the cookies set while a person is on another site. DoubleClick exploits a loophole by running ad banners from its own servers, and using those servers to set and read cookies.

DoubleClick has ads on thousands of web sites and can read any cookie set by any of them. In this manner, DoubleClick uses these cookies to track web surfers from one web site to the next the same way a rancher brands his cattle and tracks their movement across on the plains. DoubleClick is most at fault for the misconception that cookies are spyware.

How to stop third party tracking cookies

It is a simple matter to disallow cookies from servers not located on the site that you are currently loading.

Mozilla and Netscape

In Mozilla and Netscape, go to Edit > Preferences. In the dialog go to Privacy & Security > Cookies and select "Enable cookies for the originating web site only". We are uncertain about older versions of these browsers. (example)

Internet Explorer

In Internet Explorer 6, go to Tools > Internet Options. Click the privacy tab and press the "Advanced" button. Check "Override automatic cookie handling" and "Block" under Third-party cookies. Your setting for First-party cookies is up to you, but we suggest selecting "Prompt" as well as "Always allow session cookies". Be warned, the prompts will quickly drive you nuts. See the next item. (example)

Internet Explorer 5 and lower does not have the ability to block third party cookies. An excellent tool for controlling cookies that is compatible with IE 5 and IE 6 is AnalogX's CookieWall. CookieWall will ask you just once what to do with a particular cookie. It will apply that decision every time it encounters that cookie in the future. (example)

Many people say that Internet Explorer 6's cookie handling makes the use of CookieWall unnecessary. I disagree with that opinion. There are a lot of sites run by arrogant fools who will refuse to allow you access until you agree to accept their cookies. Internet Explorer (and indeed, all browsers) will reject a cookie immediately if it is set to do that, and the web site will know it happened. Until you change the settings, you will not be able to access some sites. That is why I prefer CookieWall, because your browser accepts the cookie and the web site is satisfied. What the site doesn't realize is that CookieWall has deleted their precious cookie the instant the cookie is detected.

Opera

In the Opera browser, these settings are located in File > Preferences > Privacy Preferences. In the second drop box under Cookies, set it to Do Not Accept Third Party Cookies. (example)

Viewing and editing your cookies

Opera

Opera is an incredible browser. It has a very large number of features and it's fast as hell. One feature that is very inadequate is the built-in cookie manager. Among its other flaws, Opera's cookie manager fails to give you the ability to delete, or even to view existing cookies.

Thankfully, there is a third party program called Opera File Explorer that allows users of Opera 4.0 and later to view and maintain Opera's Cache, Cookies, Global History, and Visited Links. The program is pretty crude. It is 16-bit software that probably would be more at home on Windows 3.1 than XP, but it seems to work fine on all versions of Windows.

Internet Explorer

While CookieWall does a fine job of managing Internet Explorer cookies as they are being set, it is very awkward to use for browsing and deleting existing cookies. For that, Karen Kenworthy's Cookie Viewer does a much better job. In fact, Cookie Viewer is nearly identical to Mozilla's built-in cookie manager, with the exception that it can't block permanently the cookies you tell it to delete.

Mozilla and Netscape

Mozilla has a very sensible cookie manager built right into it. Go to Edit > Preferences. In the dialog, go to Privacy & Security > Cookies and click the "Manage stored cookies" button.

From Mozilla's cookie manager, you can scroll through every cookie present and view the contents, expiration date, the web site that set it, and much more. You can selectively delete cookies, decide whether to permanently block cookies from those sites, and even remove all cookies with one button.

Conclusion

Cookies are not spyware, but they do present a privacy problem because of the behavior of companies such as DoubleClick. Despite that behavior, cookies are more useful than they are harmful. With the tools and methods mentioned above, you can deal with cookies on your terms, not on the terms of those who would use them to violate your privacy.


Links:

http://mozilla.org/ Mozilla
http://www.netscape.com/ Netscape
http://www.microsoft.com/ie/ Internet Explorer
http://www.opera.com/ Opera browser
http://www.analogx.com/contents/download/network/cookie.htm AnalogX's CookieWall
http://users.westelcom.com/jsegur/ Opera File Explorer
http://www.karenware.com/powertools/ptcookie.asp Karen Kenworthy's Cookie Viewer

Whazit.com

Permlink | Top

Two weeks ago, I wrote about a new malware making the rounds that was hijacking browsers to whazit.com. For a while there I thought they were determined to update every time we found a way to detect and remove it. Every time I published instructions to find and remove it, it did something new. Now I believe they were just updating new software that they didn't spend enough time finishing before releasing. There have been no significant updates for a while now.

At the time, no software targeted it. Later, Ad-aware began to target it, but didn't remove everything and missed an updated version of nCase, which Whazit's software had just started to bundle. Another update to Ad-aware seems to be able to do the job properly. Full description and removal instructions will remain at http://www.spywareinfoforum.info/articles/whazit/. Try Ad-aware first, and then follow up with those instructions to be sure all of it is gone.


Links:

http://www.spywareinfoforum.info/articles/whazit/ Whazit article
http://www.lavasoft.de/support/download/ Ad-aware

Finally, some common sense!

Permlink | Top

Senator wants limits on copy protection

By Declan McCullagh
Staff Writer, CNET News.com
June 4, 2003, 9:54 AM PT

WASHINGTON--A conservative Republican senator said Wednesday that he has drafted a bill that would scale back the ability of record labels, movie studios and software companies to use anticopying technology.

The bill, authored by Sen. Sam Brownback, would regulate digital rights management systems, granting consumers the right to resell copy-protected products and requiring digital media manufacturers to prominently disclose to consumers the presence of anticopying technology in their products.

The Kansas Republican's bill requires that a copyright holder obtain a judge's approval before receiving the name of an alleged peer-to-peer pirate. That would amend the 1998 Digital Millennium Copyright Act, which a federal court concluded enables a copyright holder to force the disclosure of a suspected pirate's identity without a judge's review. This law is at issue in the recording industry's recent pursuit of the identity of a Verizon Communications subscriber.

The main thrust of the Brownback bill, however, is to slap regulations on digital rights management (DRM) technology, which has become increasingly popular tool in reducing the widespread copyright infringement on the Internet. Last month, Microsoft CEO Steve Ballmer stressed his company's support for DRM technology. Apple Computer also uses DRM to limit how customers can reuse music that's downloaded from the iTunes Music Store. Some consumer groups argue that DRM infringes on the right to make "fair use" of copyrighted works and to back up legally purchased digital files.

Read the rest of this story

This bill is very timely. Verizon has been fighting a demand by the RIAA to turn over the names of four customers of its internet access service. Tragically, Verizon has lost that fight after the U.S. Court of Appeals for the District of Columbia refused to uphold the Fourth Amendment of the Constitution. After two centuries of constitutional protection from such measures, the DMCA has given anyone the power to demand - and receive - the names of an internet service provider's customers.

Unlike the Constitution that has just been shredded in federal court, the DMCA does not require a single piece of evidence that the customer whose name they are demanding has done anything illegal. Lord help us when advertising companies and chat room pedophiles realize they can now demand the names of customers of an ISP simply by claiming copyright infringement. No proof of wrongdoing is required to demand the names and an ISP is required legally to turn the names over.

For the sake of the entire nation, I sincerely hope that Senator Brownback's bill is passed.


Links:

http://news.com.com/2100-1028-1013037.html Cnet article about Brownback's bill
http://news.com.com/2100-1025_3-1013154.html Verizon loses fight to protect subscribers' names

DogReader

Permlink | Top

If you live with one or more dogs, then definitely you will like the new project that I am doing. My best friend and SWI partner in crime, Catherine (AKA Noggie), has started her own web site for dog lovers. She writes the articles, I manage the site.

DogReader exists because we love dogs. DogReader's goal is to further our understanding of our best friends and to enhance our relationship with them. The underlying, fundamental philosophy of DogReader is that we will use understanding instead of pain to deal with our dogs.

DogReader will be an ever growing resource for people who care about dogs. We will help you to increase your understanding of your dog. We encourage you to contribute your knowledge, experience and skill to benefit others who share your love of dogs. Together, we will make DogReader into a valued resource for dog lovers everywhere.

We are hoping to make it a very valuable resource for you and your four-legged friends. We have just opened the site, so there's only a few articles up. There will be a new article every Monday through Friday. For a small fee, she will also consult with you "one on one" to help you with any particular problem you've run into while taking care of your dog.

As I said, we just opened the site. There will be more features and services added later and the number of articles will continue to grow. I am doing my best to sweet talk her into letting me install a bulletin board. We're also discussing starting a newsletter and a few other things.

The site is at http://www.dogreader.com. Go check us out, tell a few friends, and most importantly, go to tell the neighbor with the dog that never stops yapping. ;-)


Links:

http://www.dogreader.com DogReader site
http://www.dogreader.com/archives/000006.php Barking article

Recommend SpywareInfo to a friend

Permlink | Top

Do you like SpywareInfo and this newsletter? Then please tell a few friends about it! We are trying to come up with ways to increase the number of visitors to the web site and the number of subscribers of this newsletter.

Recently I signed up for RecommendIt's service, also used by Scot Finnie and Fred Langa. When you use RecommendIt's service to send a link to a friend or family member, you can also choose to enter a contest with a grand prize of $10,000.

The privacy policy of the site looks solid and I did ask around if anyone had heard anything bad about it before I signed up for it. You can use their service to recommend SpywareInfo to someone you know at http://www.recommend-it.com/l.z.e?s=881459

Of course, you don't *have* to use RecommendIt's site to send a friend a link to the site. Just sending an email will also do the trick.


Links:

http://www.scotsnewsletter.com Scot Finnie's Newsletter
http://www.langa.com/newsletter.htm The Langalist

SUBSCRIBE
TO THE
SPYWARE WEEKLY!

Email Address

Site Search
Search this web site using Google.com

Site Navigation

About SpywareInfo
Contact us
Downloads Page
Latest Virus Alerts
Links Page
Privacy Policy
Support SpywareInfo
Support Forums
The Spyware Weekly


Spyware Search

Look up spyware in Spywareguide.com's spyware database
Search powered by SpywareGuide


Support SpywareInfo with PayPal - it 's fast, free and secure!
Support SpywareInfo

news.gif
Privacy News

Member of The Harvester Project

Stop Policeware

Anti-DMCA.org

Anti-TCPA



notetab

DogReader.com

XHTML

Advertising terms of use

All material on this web site is copyrighted
© 2001- 2017
by Mike Healan. ® All rights reserved.

SpywareInfo banner designed by mockie

For my bulk mailer visitors :)