Top 10 "Most Unwanted" Spyware Named

TechWeb ^ | December 10, 2004 (2:48 PM EST) | Gregg Keizer,

[Ernest_at_the_Beach]

A security firm named the top 10 spyware threats this week, saying that the secretly-installed software poses an "insidious" threat to consumers and corporations alike.

Webroot, which makes end-user and enterprise editions of Spy Sweeper, used its relationship with Internet service provider EarthLink to tally the most prevalent spyware, then selected the worst based on its knowledge of how each works and the damage it can cause.

"We use the P-I index," said Richard Stiennon, Webroot's vice president of threat research. "P is for prevalence, I is for insidiousness."

Each of the ten spyware programs cited by Webroot was spotted at least 50,000 times in the scans that the Boulder, Colo.-based vendor does free of charge on its own Web site, or in conjunction with EarthLink.

"The people who write this stuff are gaining sophistication in their coding practices as they attempt to evade detection and removal," said Stiennon. "These ten are the most insidious programs in terms of prevalence and effect."

Some of the software in Webroot's top 10 may be familiar to users, but most is a blur of anonymous titles that don't impart their potential impact.

Among the former is Gator (also known as GAIN), long infamous because it's bundled with the popular Kazaa peer-to-peer file sharing software. Gator/GAIN, said Webroot, made the top 10 list because it spews banner ads based on your surfing habits.

Others on the list, however, are unknown to all but the most dedicated follower of spyware. They include such programs as PurityScan, which puts up pop-up ads and tricks users into installation by claiming to find and delete porn on the PC; CoolWebSearch, which can hijack searches, browser home page, and IE's settings; and Perfect Keylogger, a spy that records all visited sites, keystrokes, and mouse clicks to, for instance, divine passwords, account numbers, and other sensitive information.

The rest of the list is fleshed out with the likes of n-CASE and KeenValue (adware), TIBS Dialer (software the usurps the modem and dials toll numbers, typically porn pay-by-the-minute phone sites), Transponder and ISTbar/AUpdate (spyware posing as browser assistants), and Internet Optimizer, which hijacks Web errors and re-directs them to its own site.

"It's our goal to inform Internet users of the ramifications of having potentially unwanted programs on their systems," said Stiennon, adding that, "it's their choice to keep or remove these programs. We're just making sure they have that information so they are making knowledgeable decisions."

Webroot isn't the only ranker or rater of behind-the-scene spyware. Computer Associates, which earlier this year purchased Webroot rival PestPatrol, recently added a spyware-only section to its online alert center, where it regularly lists the top 5 threats based on the number of reports it receives from users.

It's current list puts Kazaa at the top, with GameSpy Arcade, Download Accelerators Plus, Ezula, and Adopt.Hotbar.com rounding out the five.

Spyware plagues both consumers and corporations, according to data from analysts. In a recent survey done by IDC, for instance, enterprise users labeled spyware as the fourth-biggest threat to their company's security. They're reacting to the problem by spending money on additional security, a trend that will grow dramatically in the next several years.

According to IDC, anti-spyware software revenues will reach approximately $31 million in 2004, but skyrocket by nearly 10 times to $305 million in 2008.

[sam_paine]

i'm not skeered!!!

;-)

I use ZoneAlarm and Opera and Lotus Notes via POP.

Not popular enough to be a prime target I guess cuz this little guy is about all I've ever seen.

[SalukiLawyer]

OS X dittos :-)

Now if someone would just write basic office functionality into the picture like:

I get to keep my categories from Entourage to Palm

Reliable groupware for scheduling on the small network like Time and Chaos or any number of PC programs... Macs have NOTHING decent for that

Then life would be sweet indeed.

[Space Wrangler]

I'm for capital punishment for spammers/virus writers/spyware disseminators. I am not joking, serious as a heart attack.

You and me both. Add virus writers into the mix and we'll have it licked. On those nights where I have a tough time falling asleep, I dream of being on a team a la Tom Clancy's 'Net Force' that hunts down spammers, adware purveyors and virus writers and takes them out with extreme prejudice, and very publicly! LOL!! Yes, my imagination gets the best of me on some of those sleepless nights! ;>))

[Ernest_at_the_Beach]

Well Opera or Firefox will keep you away from the ANAL ActiveX
where most badstuff comes in....

[LibertarianInExile]

Try HijackThis. It's on zdnet as a free download. It'll tell you what your computer is doing at startup. I had one of the most annoying ones pop up the other day, one of those where it looks like a regular program (innocuous name like WinClnr or something) and refuses to shut down.

I tried to shut it down manually through the task manager. No dice. So I searched for the filename, went to its folder, and changed the files' names (both the name and its .extension so the drivers would screw up :). Then I ran HijackThis (which is a little dangerous as you might accidentally disable something you need--but I ain't fubared it yet, thank goodness), and deleted startup BHOs and other related-looking stuff. Went back after a restart and deleted the renamed files and folders and that was that!

It helps to have a good idea of what regularly runs as a process and what you regularly use as a program that SHOULD be loading. The other stuff tends to stand out unless it's well disguised.

Anyway, I run that with both AdAware and Spybot if something seems funky, and it's kept my system fairly clean thus far.

[yevgenie]

Is this the point where some Mac user writes in to say "What's spyware? Adware? A virus? Never seen it.........."
Want one to give your Mac friends? It will totally screw up their machines, but then again, you can do that even without malware on a mac.

[Swordmaker]

Imagine no trojans.

Trojans are possible on Macs... they depend on users to install them. It is a "trojan horse" that, but for the user installing it, would be totally innocuous. They pretend to be (and sometime ARE) something useful... but either are totally bogus with dangerous consequences, or in the event they actually DO something useful, also carry hidden consequences.

Imagine computing for 17 years, online for 17 years, and never having had a virus, not once. Ever.

Before OSX there were 97 known viruses for the Mac. There are currently no known viruses for OSX.

Other than those two caveats, I agree with your post...

[Swordmaker]

Want one to give your Mac friends? It will totally screw up their machines, but then again, you can do that even without malware on a mac.

Another PC user, ignorant of Macs, opinion heard from...

[goldstategop]

Kazaa, Limeware and Morpheus are the worst offenders. Any FREE P2P sharing software is likely to come with tons of parasites hidden within the main package. But that's been an open secret with folks in the anti-spyware community for some years. I've kept scumware at arms' length by installing an IP firewall - Protowall and am going to look at Methlabs.org Peer Guardian 2.0 when it comes out. In addition, I have Norton Anti-Virus, Norton Internet Security firewall, Lavasoft Ad-Aware, Spybot's Search & Destroy, Javacool's Spyblaster, Ewido Security Suite anti-Trojan software and Pivx's Qwik-Fix anti-intrusion software to keep my computer parasite-free. And I've locked down Internet Explorer and Netscape browsers by banning malicious websites from being able to ever run on them. There is a Wild West on the Web and the better you protect yourself, the better you keep your computer and all the data on it for your own use, not that of strangers who don't necessarily have your best interests at heart.

[goldstategop]

Its worse than spam cause you can delete spam or filter it out but these trojans and nasties are almost impossible to remove once they get installed on your computer - especially CoolWebSearch, Lop, NCase2, and VX2. They install themselves deep in the bowels of Windows so that merely deleting the programs often does NOT work - the next time you reboot the scumware reinstalls itself. That's why an ounce of prevention is worth more than a pound of cure.

[goldstategop]

That's why Linux is immune to scumware. It doesn't have a registry and doesn't leave programs lying around. If you uninstall something from Linux, its gone for good.

[goldstategop]

You can... with a good firewall. It makes sure only programs YOU approve of can access the 'Net and blocks harmful ones from coming through. If certain attacks come from a hostile IP, you can add it to your firewall's blocklist as well as Internet Explorer's Restricted Zones applet.

[goldstategop]

Have you downloaded the most recent CWS Shredder? Your version may not have caught the most recent variant of CWS.

[goldstategop]

CWS can be removed with CWS Shredder. You can get it at http://merijn.org

[goldstategop]

If you have broadband, get a hardwall firewall as well as a software one and keep both turned on.

[baseballfanjm]

It's current list puts Kazaa at the top, with GameSpy Arcade, Download Accelerators Plus, Ezula, and Adopt.Hotbar.com rounding out the five.

Damn! How is Gamespy a threat? Many games, Medal of Honor, for example, use Gamespy Arcade by default to list servers to play multiplayer on.

[goldstategop]

Cause GameArcade installs unwanted scumware alongside itself, that's why. Many of these freeware applications come with things bundled you don't want and they install anyway.

[baseballfanjm]

Thanks for the info.

[backhoe]

Help for viruses and malware:

 

 Ad-Aware ... Spybot ... Peper Uninstaller ... HijackThis... CWShredder ... Spyware Blaster ... IE Spyad ... Free online Virus scan ... AVG AntiVirus ... LSPfix ... How to Show Hidden Files ... How to boot into Safe Mode ... How did I get infected in the first place?

---

Things you need--(all FREE)
Anti-Virus
AVG Anti-Virus version 7 (free) release available...

 Avast
Firewall
Kerio(Direct Download) Zone Alarm

 If are using zone alarm it may slow your PC. Try Outpost Firewall http://www.agnitum.com/products/outpost or Sygate Firewall http://www.sygate.com/ both have FREE and Pro versions and are heads above ZA.
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update- you must keep updated, it is the start of a secure system-
get all CRITICAL Updates

Things you want(Still Free)
 

  I use Firefox PR1 and IMHO, beats the sox off MS Explorer. Life is good with tabs. Click the link and give it a try.

Ad-Aware
Spybot S&D

SpywareBlaster
MS MVP Hosts file

Mike Lin's Homepage and get the Startup Control Panel and Startup Monitor tools.

 

The best forum for malware removal:

-SWI Forums-

[Ernest_at_the_Beach]

Mike Lin has some interesting stuff....you using any of it?

I'm closing down shortly , so will check back in the morning.