Posted on 10/07/2004 7:09:26 PM PDT by Tunehead54
New Trojan Kills Adware
Program isn't entirely benevolent: it also downloads files to infected PCs.
Paul Roberts, IDG News Service
Thursday, October 07, 2004
A new Trojan horse program that attacks and removes troublesome advertising software, known as "adware," is circulating on the Internet, according to antivirus company Symantec.
The program, called Downloader.Lunii, was discovered earlier this week. When run, it attempts to kill off computer processes and delete files used by common adware programs like Powerscan and BargainBuddy. However, Lunii is not entirely benevolent. Like other Trojan horse programs, it also modifies the configuration of Microsoft Windows machines and attempts to download files from a remote location, Symantec warns.
Trojan horse programs are a part of a growing problem related to surreptitious monitoring and remote access programs on the Internet, which are often referred to as spyware. The programs can be unwittingly installed by users who open e-mail file attachments, or click on links in e-mail messages or on Web sites that download and install the programs on the user's computer.
Running in the Background
Unlike viruses and worms, Trojan horse programs do not try spread from machine to machine after they are installed. Instead, the programs run quietly in the background of the systems they infect, providing remote attackers with access to compromised machines.
Lunii works by halting Windows processes that adware programs use to communicate and by removing known adware programs from systems it infects. The Trojan program also modifies a Windows file called the "hosts" file, inserting its own list of bogus Web sites, which may block access to certain Web pages, Symantec says.
Lunii was rated a low threat by Symantec, which has released an antivirus signature to detect the Trojan.
Spyware's Spread
The proliferation of spyware programs in the last year has been linked to the growth of organized criminal groups that pursue illicit gain through identity theft, extortion, and other online scams, often using spyware programs to steal data or hijack compromised machines to use in online denial of service attacks.
The problem has attracted the attention of U.S. lawmakers. The U.S. House of Representatives voted 399-1 this week to pass a bill dubbed the SPY ACT (Securely Protect Yourself Against Cyber Trespass), which makes it illegal to download programs onto other users' computers without their permission, hijack someone's computer or modify its configuration settings.
Symantec recommended that its customers update their virus definitions to detect Lunii and provided instructions for removing malicious programs once they are installed.
Some of them can be ridiculously difficult to remove. I personally don't know why some attorney hasn't sued the advertisers that use these marketing "techniques". Hint, hint. :-)
Wonder who voted against it?
Simplest way to keep adware off.
http://www.mvps.org/winhelp2002/hosts.htm
Keep a bogus Hosts file. If you can't hit their sites then they can't hit you.
Unfortunately, if Palladium comes to fruition, any spyware whose vendor who can get 'keys' to get into the system could be nearly impossible to remove and impossible to even detect without supplemental hardware (hopefully people would still be able to buy and construct ethernet chips so as to be able to build a port watcher).
I'm always fascinated with what people cook up.
ping
But why send it out by stealthy means? If it's benevolent, then why not just make it available for download from a website?
And this SPY ACT (Some Phony Yesmen Acting Competent in Technology) is nothing but window dressing. A vote of 399 to 1???
Any bill that receives a nigh-unanimous vote can be nothing but a toothless piece of feel-good legislation - a sort of "we are not amused" declaration. The various honourable Representatives of the Several States vote for things like that in the hopes of making it look like they're actually doing somehting about the problem.
Helping daughter study for test - EVERYONE note the hosts post - See #3 (hee hee) - Thanks Bogey! ;-)
Don't know why everything is rhyming ... back to studying.
Ron Paul (R-TX)
bump
What's "Palladium"?
Thanks! very good link page for spyware/adware info, links, etc. :-)
As far as the law - I haven't seen it but making it a federal crime is (IMHO) a good idea - this crap is not limited by state boudaries and I've got enough problems keeping my PCs running smoothly without outsiders screwing things up! ;-)
bump for your Computer interest!
I would classify it as spyware.
The basic concept behind palladium is to provide a means for a processor to run encrypted code, thus preventing either reverse-engineering attacks or virtual-device attacks against "digital-rights management" software.
Unfortunately, from what I understand, Palladium will have a couple of really nasty side-effects:
Palladium is the police state solution to terrorism.
Too much freedom given up.
Drag it to the trash. What am I missing?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.