Replies

I have gotten this thing about a dozen times in the last three days, all with a different "from" name. I was scared to click on the link. If any Freepers want to see it I will forward one of the messages. Freepmail me.

Yet another reason to ditch Windows and install Linux.

From the Tech FAQ:

3. What about FIREWALLS, such as ZoneAlarm? If the remote PC uses a Firewall, what happens?
A:

Currently, Lover Spy is designed to try to evade CERTAIN kinds of Firewalls.

When Lover Spy detects certain firewalls (we can't say which ones), Lover Spy will try to trick the firewall software into thinking that it is Windows itself trying to access the internet.

These features make Lover Spy work with most computers that use a Firewall, because the software will actually trick the user into thinking it is Windows itself trying to access the internet!

Stay tuned for a future version of the software that will be fully anti-firewall.

4. Does Lover Spy use lots of system resources? Does it SLOW DOWN the PC being monitored?

A:

No, Lover Spy does NOT use massive system resources.

This is another area where Lover Spy shines. While monitorign [sic] PC activity, Lover Spy gives NO indication of its presence because of the following:

Lover Spy does NOT slow down the computer being monitored. We have gone through great pains to make Lover Spy use as minimal system resources as possible at all times.

Memory-wise, Lover Spy will use not more an average of just 15 MB of system RAM and a maximum of about 25 MB ...

In comparison, ONE copy of IEXPLORE.exe (Microsoft Internet Explorer) can EASILY take up 25+ MB of memory while running! This goes to prove just how efficient Lover Spy is.

Processor usage is always near 4% to 0%, and all the program code has been meticulously designed to pause in run-time if needed, in order to NOT slow down the PC and therefore arise suspicion!

If you want optimum performance, Lover Spy works best on Windows 2000 and XP-based computers as they are more modern and efficient operating systems, and highly evolved past Windows 95 and 98 and even Windows Me.

It's interesting that the web site is actually hosted in China.

[tjy@Nancy tjy]$ host gokgle.us
gokgle.us has address 211.162.110.196

[tjy@Nancy tjy]$ whois 211.162.110.196@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      211.162.110.0 - 211.162.110.255
netname:      GWBN-ZQ-55SHEQU
descr:        FOR GWBN ZHAOQING 55SHEQU RESIDENTIAL
              COMMUNITY BROADBAND USERS' ACCESS
country:      CN
admin-c:      JM97-AP
tech-c:       JM97-AP
mnt-by:       MAINT-CNNIC-AP
changed:      xiaohua.chen@histrong.com 20020626
status:       ALLOCATED PORTABLE
source:       APNIC

person:       Jian Meng
address:      2nd Floor, Building A
address:      #9 Donghuan Plaza, Dong Zhong Street
address:      East District, Beijing, China (100027)
country:      CN
phone:        +86-10-6418-5885
fax-no:       +86-10-64182174
e-mail:       mengjian@gwbn.net.cn
nic-hdl:      JM97-AP
mnt-by:       MAINT-CNNIC-AP
changed:      mengjian@gwbn.net.cn 20020819
source:       APNIC

Since China (and Russia BTW) are participants in Microsoft's Government Security Program, they will learn all kinds of ways to perfect the anti-firewall stealth behavior in products like this. And they won't just be marketing to suspicious lovers.

For people who think their computers are invulnerable to programs like LoverSpy because they have the latest in anti-virus program protection, Cermak says think again.

How about people who think their computers are invulnerable to LoverSpy because they use Macs or Linux?

The fact that the spam explictly recommends illegal use of the virus software makes the original distributor as liable as the end user. That's why (for example) bongs are sold as "water pipes" without any mention of The Demon Weed With Roots In Hell.