September 19th, 2005
Spyware tricks
I just spent the last few hours downloading spyware, making videos of stealth installs, getting logs with InCtrl5, HijackThis and my firewall. Spyware tricks are becoming more devious all the time. Just recently other researchers and I have seen more installations with multiple resuscitators, increasing numbers of randomly named files, even randomly named folders. Internet Explorer security settings are being changed by spyware and hosts files are being hijacked. We’ve recently seen installations of keyloggers and spam bots along with your garden variety of adware.
One of the most egregious hijacks I’ve seen recently is by a site imitating a Windows security site. I wrote about this on my Spyware Warrior blog, a post called Super Rogues because it is selling 4 rogue anti-spyware programs, PSGuard, WorldAntiSpy, Spy Trooper, Raze Spyware. Even more recently the same site, security2k.net (link goes to whois info), is being used to hijack browsers in addition to showing fake security warnings to sell rogue anti-spyware. People are showing up in increasing numbers at spyware removal help forums, desperate to get rid of it.
For anyone happening to land here while searching for help for this hijack, you can get free help at Spyware Warrior, Spyware Info, Malware Removal and other similar forums. Unfortunately the spyware pushers manage to stay ahead of the anti-spyware programs and people seek help by the scores at forums like the above.
If the adware apologists and representatives of the adware companies wonder why some of us are "spyware zealots", it’s because we see on a daily basis the damage done to users’ computers and the agony and frustration that users feel. I know what you Linux, Mac and Firefox fans are thinking, but we won’t get into that discussion now. And yes, people are uninformed and careless but that doesn’t make it right for the spyware pushers to hijack and infect machines.
Back to my spyware sessions tonight. I saw spyware/adware from the following companies installed without consent or notice. SurfAccuracy, 180solutions, InternetOptimizer/Avenue Media, Integrated Search Technologies (IST). I saw nearly 2 dozen domains put into the Internet Explorer trusted zone by spyware, domains like searchmiracle.com, windupdates.com, slotch.com, xxxtoolbar.com to name a few. I saw my firewall stopped cold by spyware. What is spyware all about? Money — making money for the spyware pushers, their affiliates and advertisers from the misery of internet users. It’s. Just. Not. Right. To be continued.
