On CBS MoneyWatch: The perfect car for a teenager
BNET Business Network:
BNET
TechRepublic
ZDNet

December 20th, 2005

Top 10 tricks causing spyware epidemic

Posted by Suzi Turner @ 8:16 am

Categories: General

Tags:

Spyware tricks have become increasingly devious, making spyware and adware stick to machines longer, more difficult to remove and sometimes impossible to see with ordinary methods. In the spyware tricks series I wrote about seeing installations with multiple resuscitators, increasing numbers of randomly named files, even randomly named folders. Internet Explorer security settings are being changed by spyware and hosts files are being hijacked. We’ve recently seen installations of keyloggers and spam bots along with your garden variety of adware. Now add rootkits to that list.  Let’s look back at the top 10 tricks of 2005…

10. Spyware spread through Windows Media files as described by Ben Edelman, Eric Howes and Ed Bott in January.  The Windows Media Player flaw that allowed the exploit involved DRM and has since been patched by Microsoft.

9.  Adware companies hide their dirty work using rootkit technology, examples Enternet Media’s Elitetoolbar and ContextPlus’ Apropos and PeopleonPage.

8.  Internet Explorer infected through Firefox as documented by Paperghost, aka Chris Boyd. This story stirred up quite a bit of controversy.  The real culprit was a Java-based malware installer, which did, in fact, infect the machine while browsing with Firefox.

7.  Direct Revenue unleashed Aurora, see Got Aurora? Nail.exe? for details and more here about the massive impact of the Aurora software, including a file named nail.exe, which kept spyware help forums and HijackThis experts busy for months and generated an unprecedented number of comments including threats of violence against Direct Revenue on my Spyware Warrior blog.

6.  Spam bots, keyloggers, kiddie porn connect with major adware companies – 180solutions, Direct Revenue, SurfSidekick, BullsEye Network and ShopAtHomeSelect installed in conjunction with a spam zombie and rogue anti-spyware program, all of which started from a child porn site and were installed through an exploit as illustrated at SunbeltBLOG and Spyware Warrior.

5.  Spazbox domain installs massive spyware/adware – using IRC as documented by Paperghost and Spyware Warrior (complete with video), dissected by Wayne Porter here and again here.

4.  Anti-spyware spread by spyware and trojans, details here about super rogues PSGuard, Razespyware, SpySheriff, Spy Trooper, WorldAntiSpy and more recently SpyAxe here.

3.  Direct Revenue adware distributed through BitTorrent, (or more aurora and nail.exe) exposed by Paperghost and told by eWeek.

2.  AIM worm carries backdoor, rootkit and adware, found to be powered by world wide bot net with ties to the Middle East.  See write up from CNET, Paperghost’s analysis and FaceTime’s press release.

And now, drum roll please, the top spyware trick of 2005

1.  Sony BMG infects users with DRM rootkit originally reported by Mark Russinovich at SysInternals. The fallout of this debacle continues with artists revolting and plenty of legal action against Sony BMG in the works.

  • Talkback
  • Most Recent of 33 Talkback(s)
RE: Top 10 tricks causing spyware epidemic
http://www.analogstereo.com/ferrari_250_owners_manual.htm... (Read the rest)
Posted by: hhh_forums Posted on: 05/04/08 You are currently: a Guest | | Terms of Use
What a year!  paperghost | 12/20/05
nasty spyware  ggagnon@... | 12/21/05
No mention of WinFixer??  meersr | 12/21/05
good point  Suzi_z | 12/21/05
Outstanding article.  Cayble | 12/21/05
Outstanding Article  michaelleo@... | 12/21/05
Yes, true enough...  Cayble | 12/21/05
Best Article ever written!!!  bpick_z | 12/21/05
Another fanatic  golowenow | 12/21/05
Message has been deleted.  piperdown | 12/22/05
? What are you on about?  Cayble | 12/21/05
? What are *you* on about ?  code_flogger | 12/21/05
Here we go. Lets Rock.  Cayble | 12/21/05
Not defending anyone here, but...  horusfalcon | 12/22/05
Your right. Sorry...  Cayble | 12/23/05
The Blue "E" is Evil  piperdown | 12/22/05
piperdown...  Betelgeuse58 | 12/22/05
WHAT main post???  piperdown | 12/22/05
OK Sorry - found the post. BUT btljooz you're still wrong happy  piperdown | 12/22/05
Well most would agree with piperdown  IceTheNet@... | 12/22/05
Let's rehash this AGAIN...  aquias2000@... | 12/22/05
The Blue "E" is Evil? Your kidding right?  Cayble | 12/22/05
No, "you're" kidding.  D-cat | 12/22/05
Message has been deleted.  piperdown | 12/23/05
..................................................  Cayble | 12/23/05
Sony @ #1???  Betelgeuse58 | 12/22/05
Oh noes!  paperghost | 12/23/05
Of course PG...  aquias2000@... | 12/26/05
Mac user who also owns a PC  cartoonasaurus | 12/28/05
You CAN run Windows and not get infected  Suzi_z | 12/28/05
You CAN run Windows and not get infected  tracy anne | 01/02/06
spyware and windows  aptdoc@... | 12/28/05
RE: Top 10 tricks causing spyware epidemic  hhh_forums | 05/04/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here