The Penguin Ping.
Wanna be Penguified? Just holla!
Got root?
Posted on 09/29/2003 5:34:01 AM PDT by truthandlife
Unsolicited e-mails with the subject line, "What does your Lover do on the Internet?" have been circulating recently, offering an $89 software program called LoverSpy. Computer experts warn the spyware program is for real and poses a serious threat to Internet security.
"Spy on Anyone by sending them an E-Greeting Card!" reads the spam.
However, unlike the many weight loss and organ enlargement ads or requests for assistance from the widows of deposed foreign dictators, this latest cyber mass mailing may actually be telling the truth.
"It actually does what's advertised," said Mike Cermak the owner of TechSupportGuy.com in an interview with CNSNews.com. TechSupportGuy.com is an Internet forum dedicated to addressing technical issues with computers.
"It does work, and from the couple [of] people I know who have had it, it works quite well," Cermak added.
The recipient of a LoverSpy E-Greeting Card would subsequently become vulnerable to having all of his or her computer activity - the visiting of websites, the opening of e-mails, the typing of passwords - monitored by the person who sent the E-greeting, and in real time, the software maker claims.
LoverSpy's website boasts that users of the software can monitor "every single Chat conversation [the targeted computer user has] on the Internet. In fact, every keystroke they type into the computer is recorded and sent to you in an organized report - every single web site they visit, whether using AOL, Internet Explorer, or Netscape."
CNSNews.com downloaded and tried the demo product, and it appeared to work as advertised. But several efforts to contact LoverSpy for comment were not successful. The website address of LoverSpy has been traced to a website in Moscow, according to the e-mail content filtering company, Clearswift, based in England.
According to Clearswift's Sept. 25 statement, a "careful analysis indicates that [LoverSpy] is, in fact, a repackaged version of well-known spyware named emailPI from a Washington, D.C.,-based company."
"Commercial spyware, such as this, is fast emerging as one of the more pernicious, generally undefended threats facing organizations. Anti-virus software offers little or no defense," the Clearswift statement added.
'A phenomenal concept'
Computer experts agree that the privacy threat posed by spy-ware programs like LoverSpy should not be underestimated.
"As paranoid as people already are about their privacy on the Internet, having the possibility of something like this should be quite a phenomenal concept," Cermak said.
Cermak said there is other spy-type software available, but LoverSpy may be the only one that remotely attaches itself to a person's computer via an E-Greeting Card.
"As far as I know, they are the only program that does that, which is a very unique way of doing it. Most of [the other spy programs] have to be installed just like any other program right on the computer itself, so you have to have physical access to the computer," Cermak explained.
Cermak believes LoverSpy's program should be classified as a virus.
"The only difference between this and a normal virus is the creator. It is really just selling the virus off to a third party," Cermak said.
"It's almost like a couple of Trojan horses and viruses that are already out there except [LoverSpy is] trying to put a half-legal front on it," Cermak added.
For people who think their computers are invulnerable to programs like LoverSpy because they have the latest in anti-virus program protection, Cermak says think again.
The overwhelming majority of home computers do not have any protection against programs like LoverSpy, according to Cermak. Installing a software firewall on your computer like those offered by Norton Internet Security or www.zonelabs.com is the best defense, Cermak said.
The producers of LoverSpy will also have access to any computer running the company's spyware program, according to Cermak.
"If you read through [LoverSpy's] legal agreement, they specifically say there that at any time, they are allowed to look through the files," Cermak said.
While noting he is no lawyer, Cermak speculated that the software could get users into legal trouble.
"If you are sending [spyware] to your friend and putting it on their computer without their knowledge, I would certainly think that would be a legal problem," Cermak said.
'Computer Fraud and Abuse Act'
An Internet legal scholar is also warning potential customers of software like LoverSpy.
"Installing spy software on a person's computer without that person's authorization implicates a number of legal causes of action, including trespass to chattels, intrusion upon seclusion, publication of private facts and violation of the federal Computer Fraud and Abuse Act and its various state counterparts," said cyberspace law expert Professor Tom W. Bell of the Chapman University School of Law in an interview with CNSNews.com.
Bell cautions that prospective computer spies don't need to have a legal degree to determine whether their use of spy software is illegal.
"The law in this area tracks common sense quite closely; if your gut tells you that someone has acted in the wrong, the law will probably agree," Bell explained.
Computer espionage is not unlike other types of spying, according to Bell.
"Sneaking spyware onto someone else's computer not only gives rise to the same legal claims that apply generically to spying on someone, but also gives rise to legal claims based on statutory language peculiar to computer use," Bell said.
"Add up all the causes of action, and a defendant accused of computer spying could face an injunction, civil damages, fines and even criminal sanctions," Bell warned.
As espionage programs like LoverSpy proliferate on the Internet, computer users will have more options available to protect their privacy, according to Cermak.
"This is just getting big now, and as soon as it starts spreading around and more people get it, there is going to be a lot of programs popping up to check for it," Cermak said.
I know you have... ;-)
From the Tech FAQ:
3. What about FIREWALLS, such as ZoneAlarm? If the remote PC uses a Firewall, what happens?
A:
Currently, Lover Spy is designed to try to evade CERTAIN kinds of Firewalls.
When Lover Spy detects certain firewalls (we can't say which ones), Lover Spy will try to trick the firewall software into thinking that it is Windows itself trying to access the internet.
These features make Lover Spy work with most computers that use a Firewall, because the software will actually trick the user into thinking it is Windows itself trying to access the internet!
Stay tuned for a future version of the software that will be fully anti-firewall.
4. Does Lover Spy use lots of system resources? Does it SLOW DOWN the PC being monitored?
A:
No, Lover Spy does NOT use massive system resources.
This is another area where Lover Spy shines. While monitorign [sic] PC activity, Lover Spy gives NO indication of its presence because of the following:
Lover Spy does NOT slow down the computer being monitored. We have gone through great pains to make Lover Spy use as minimal system resources as possible at all times.
Memory-wise, Lover Spy will use not more an average of just 15 MB of system RAM and a maximum of about 25 MB ...
In comparison, ONE copy of IEXPLORE.exe (Microsoft Internet Explorer) can EASILY take up 25+ MB of memory while running! This goes to prove just how efficient Lover Spy is.
Processor usage is always near 4% to 0%, and all the program code has been meticulously designed to pause in run-time if needed, in order to NOT slow down the PC and therefore arise suspicion!
If you want optimum performance, Lover Spy works best on Windows 2000 and XP-based computers as they are more modern and efficient operating systems, and highly evolved past Windows 95 and 98 and even Windows Me.
It's interesting that the web site is actually hosted in China.
[tjy@Nancy tjy]$ host gokgle.us
gokgle.us has address 211.162.110.196
[tjy@Nancy tjy]$ whois 211.162.110.196@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 211.162.110.0 - 211.162.110.255
netname: GWBN-ZQ-55SHEQU
descr: FOR GWBN ZHAOQING 55SHEQU RESIDENTIAL
COMMUNITY BROADBAND USERS' ACCESS
country: CN
admin-c: JM97-AP
tech-c: JM97-AP
mnt-by: MAINT-CNNIC-AP
changed: xiaohua.chen@histrong.com 20020626
status: ALLOCATED PORTABLE
source: APNIC
person: Jian Meng
address: 2nd Floor, Building A
address: #9 Donghuan Plaza, Dong Zhong Street
address: East District, Beijing, China (100027)
country: CN
phone: +86-10-6418-5885
fax-no: +86-10-64182174
e-mail: mengjian@gwbn.net.cn
nic-hdl: JM97-AP
mnt-by: MAINT-CNNIC-AP
changed: mengjian@gwbn.net.cn 20020819
source: APNIC
Since China (and Russia BTW) are participants in Microsoft's Government Security Program, they will learn all kinds of ways to perfect the anti-firewall stealth behavior in products like this. And they won't just be marketing to suspicious lovers.
How about people who think their computers are invulnerable to LoverSpy because they use Macs or Linux?
Wanna be Penguified? Just holla!
Got root?
Fortunately those "ugly" graphics come to me, and not the under age user. Unfortunately, the graphics flash faster than I can hit delete. And "sender" continues to vary email names in sending.
On another note? Some of my political enemies, in past, found ways to sign me up for these hidious "spam" emails.
Linux and Mac users are immune from this spyware because they have no ex-lovers (or lovers)... ;-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.