Thought I would do a wrap-up of today?s spyware and adware stories, combine all of these slack jaws in one post of kicking their ass goodness. Ben Edelman posted his findings on Zango today, and surprise, surprise, Zango is still not compliant with the FTC requirements of the settlement. But who really thought they would be, I mean, the business model is eventually going to go away, if merchants who advertise through spyware or adware would actually start to care about their customers, and affiliates who actually force this stuff on users computers would get cut off by Google and other search engines, like normal webmasters do all the time, the money would dry up and they would blow away.
Ben and Eric Howes did all the testing this month, so this is not old stuff, this is stuff they found in about ten hours of work, something any merchant or official could find by just surfing some of these sites. Things like not having proper disclosure, or showing the disclosure after installation, or no disclosure whatsoever, legacy programs without the proper installation or un-installation tools, deceptive practices leading to installs and unlabeled advertising, all of which violate the terms of the settlement with the FTC.
More broadly, we believe intensive ongoing monitoring will be required to assure that Zango actually complies with the settlement. We have spent 3+ years following Zango’s repeated promises of “reform,” and we have first-hand experience with the wide variety of techniques Zango and its partners have used to place software onto users’ PCs. Testing these methods requires more than black-letter contracts and agreements; it requires hands-on testing of actual infected PCs and the scores of diverse infection mechanisms Zango’s partners devise. To assure that Zango actually complies with the agreement, we think the FTC will need to allocate its investigatory resources accordingly. We’ve spent approximately roughly 10 hours on the investigations leading to the results above, and we’ve uncovered these examples as well as various others. With dozens or hundreds of hours, we think we could find many more surviving Zango installations in violation of the proposed settlement’s requirements. We think the FTC ought to find these installations, or require that Zango do so, and then ought to see that the associated files are entirely removed from the web. Source: Ben Edleman
Zango doesn’t care, I believe everything they do is just to delay the inevitable and to soak up more money while they still can, if the fines imposed in the future are anything like this last one, then they will have plenty of money left to retire on I am sure, or to start some other shady means of making money. Nothing they say comes true, as far as I have seen, in their reply to the settlement they have said they have been compliant since January 1, 2006, which, as you can see from this article is not true at all. The FTC needs to take a look for themselves, it’s out there and is sure easy to find.
Speaking of the FTC, they announced last week that a U.S. district court has shut down a Web operation that is accused of secretly loading spyware and other malevolent software onto millions of computers after promising users free screen savers and video files. Now where have we heard of this before?
The FTC accused ERG Ventures and an affiliate with tricking consumers into downloading a piece of spyware called Media Motor, which installs itself and downloads other malware.
The malware was difficult for consumers to remove, the FTC said. The malware installed by Media Motor:
- Changed consumers’ home pages
- Added difficult-to-remove toolbars that display disruptive pop-up ads in consumers’ Internet browsers
- Tracked Internet activity
- Generated disruptive pop-up ads that were occasionally sexually explicit
- Added advertising icons to consumers’ Windows desktop
- Degraded computer performance
- Disabled antispyware and antivirus software
Source: PC World
the complaint names ERG Ventures, doing business as ERG Ventures LLC2, Media Motor, Joysticksavers.com, and PrivateinPublic.com, and its principal operators, Elliott S. Cameron, Robert A. Davidson II, and Gary E. Hill, as well as Taylor. They ask that anyone who has had any experience with them to email them at email@example.com.
So, looks like it’s going to be another good day for the good guys.
Zango, formerly 180Solutions, and the poster child for denying obvious stuff, have agreed to settle Federal Trade Commission charges that they used unfair and deceptive methods to download adware and obstruct consumers from removing it, in violation of federal law. The settlement bars future drive by installs, and most any other way of forcing this crap on users computers. they must actually provide a way to uninstall the crapware, and requires them to give up $3 million in “ill-gotten gains”, which is straight from the FTC site. I wonder if they actually figured out how much they made in “ill-gotten gains” and why it was only a $3 million dollar fine, they have always been shady, all one has to do is search for their names on Google to see it, and I remember reading they used to have a counter that counted how much money they made that day, so why just $3 million?
Here are some quotes from the agreement,
According to the FTC, Zango often used third parties to install adware on consumers? computers. The adware, including programs named Zango Search Assistant, 180Search Assistant, Seekmo, and n-CASE, monitors consumers? Internet use in order to display targeted pop-up ads. It has been installed on U.S. consumers? computers more than 70 million times and has displayed more than 6.9 billion pop-up ads. The FTC alleges that Zango?s distributors ? third-party affiliates who often contracted with numerous sub-affiliates ? frequently offered consumers free content and software, such as screensavers, peer-to-peer file sharing software, games, and utilities, without disclosing that downloading them would result in installation of the adware. In other instances, Zango?s third-party distributors exploited security vulnerabilities in Web browsers to install the adware via ?drive-by? downloads. As a result, millions of consumers received pop-up ads without knowing why, and had their Internet use monitored without their knowledge.
In addition, the agency alleges that Zango deliberately made it difficult to identify, locate, and remove the adware once it was installed. For example, Zango failed to label its pop-up ads to identify their origin, named its adware files with names resembling those of core systems software, provided uninstall tools that failed to uninstall the adware, gave confusing labels to those uninstall tools, and installed code on consumers? computers that would enable the adware to be reinstalled secretly when consumers attempted to remove it.
The settlement bars Zango from using its adware to communicate with consumers? computers ? either by monitoring consumers? Web surfing activities or delivering pop-up ads ?
without verifying that consumers consented to installation of the adware. It bars Zango, directly or through others, from exploiting security vulnerabilities to download software, and requires that it give clear and prominent disclosures and obtain consumers? express consent before downloading software onto consumers? computers. It requires that Zango identify its ads and establish, implement, and maintain user-friendly mechanisms consumers can use to complain, stop its pop-ups, and uninstall its adware. It also requires that Zango monitor its third-party distributors to assure that its affiliates and their sub-affiliates comply with the FTC order. Finally, Zango will give up $3 million in ill-gotten gains to settle the charges. The settlement contains standard record keeping provisions to allow the FTC to monitor compliance. Source: FTC
I wonder how this will work out. As Hoyt is fond of saying, NOT TOO GOOD! This is more of a moral victory than anything, and it does include a PDF, here, which defines express consent, and it excludes burying the information that the user is getting additional software with their download in the user agreement.
OneCare is a automatically self-updating PC care service that?s always on, helping provide persistent protection against viruses, hackers, and other threats, and helping keep your PC tuned up and your important documents backed up.
Seeing quite a few searches on the site for a W32.Kmeth removal tool. X-Cleaner will remove the Kmeth worm. It is one of the best spyware removal tools on the internet, it is updated constantly, and, if for some reason it won’t clean your computer, they will walk you threw removing it manually. The guys who make this software are also the guys who find lots of these malicious programs, so they know exactly what they do and how to remove them. Use Coupon Code: TPS-4NS3-DR and save $7.49 off the normal price of $29.95, for a final price of only $22.46!
Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.
Remember to Use Coupon Code: TPS-4NS3-DR and get it for only $22.46!
For removal, X-Cleaner.
A new worm is crawling through AIM – using a sophisticated network of “chain” installs, the bad guys can start the process of infection with any of the files and still hit you with the rest. Or they can target you with a certain selection of files depending on what they want you to do as part of their Botnet. Its like a 10-hit Tekken combo, one that you are on the receiving end. Start with an innocent message like, “hey would it be ok if i upload this picture of you to my blog?”, which, upon clicking, starts you off be plabing you in their botnet where they can pretty much do whatever they want to with you.
They can get you many different ways, but here are three they detailed on their blog, all which start with the downloading of the image18.com file (disguised as a jpeg). Running the file results in csts.exe being created in your system32 Folder:
1) Running the file results in csts.exe being created in your system32 Folder. At this point, you may well be part of a Botnet (though not in all cases) and the infection has the potential to call down new files onto your PC, which are randomly selected from the numerous files waiting in “storage” that have been spread around the Net.
2) The infection has the potential to call numerous other files, such as files with fixed, unchanging names and randomly named executables which are constantly being updated. Depending on what files you end up with, the infection may create an unwanted service named RPCDB, opens up smtp port 25 (mail) and attempts to connect to a file upload site. In addition, some files attempt to exploit ADS (alternate data streams).
3) The infection has the potential to call numerous other files, such as d227_seven2.exe and randomly named executables which are constantly being updated. Depending on what files you end up with, the infection may create an unwanted service named RPCDB, opens up smtp port 25 (mail) and attempts to connect to a file upload site. In addition, some files attempt to exploit ADS (alternate data streams). You will also potentially end up with a Rootkit on your PC as a result of this particular scenario.
At this point, the infected PC is a Botnet drone and can be commanded to send new infection messages via AIM such as:
“hey is it alright if i put this picture of you on my egallery album? “, which will download the image22.com file (again, disguised as a jpeg).
At this point, the cycle begins again and they can look to infect fresh victims with this exploit.
X-Cleaner will remove w32.pipeline from your computer.
I also blogged about this at Realtechnews.com.
Trying to make sure I have pages for what people search for on this site, another term that has been searched for frequently of late is free spyware removal. So here are a bunch of links to the best free spyware removal programs. You can’t really be protected without using multiple programs, so I recommend you do all of these at one time or another, if you are having trouble with something, then I recommend doing them all.
Ewido Anti Spyware Ewido Security Suite supplements existing safety systems and becomes a complete solution, because only a complete safety system is effective. We offer protection in real time against more than 67,000 threats and our malware database is updated daily. Used to be Ewido anti-malware, this program removes a lot of stuff the other programs can’t. I had some malware for a couple weeks once until I found this program. Run it first.
Spybot Search and Destroy Spybot – Search & Destroy can detect and remove a multitude of adware files and modules from your computer. Spybot also can clean program and Web-usage tracks from your system, which is especially useful if you share your computer.
Lavasoft Adaware With the ability to scan your RAM, Registry, hard drives, and external storage devices for known data-mining, advertising, and tracking components, Ad-Aware SE easily can clean your system, allowing you to maintain a higher degree of privacy while you surf the Web.
Spywareguide Online Scan Free scan, can’t remove the really complicated stuff, but it’s quick and free. Definitely worth a shot.
Sunbelt has released the list of ten most insidious spyware apps, something they do every month, as a sales promotion tool, the company publishes a list of active and commonly found spyware. The results are based on the monthly scans performed by Sunbelt’s antispyware product CounterSpy.
DesktopScam will display false warnings that the computer is infected and uses a fake Windows update globe to trick the user into thinking that Microsoft Windows is reporting a spyware infection.
Zango.SearchAssistant opens new browser windows showing Web sites based on the previous websites you visit. The adware will run in the background on a computer and will periodically direct users to other sponsors’ Web sites, allowing users to compare prices between Web sites.
Go here for the rest. I included the number 1 above and I also included Zango, since they seem to think they are some kind of normal software app and that they have never installed without permission.
Microsoft has been working on a new project to help Internet Explorer block malicious code that’s hidden on webpages, one that will show a harmless version of the webpage instead. It’s called Browsershield and its just one of many security related products coming from Microsoft. From Neowin,
The BrowserShield project, the brainchild of Helen Wang, a project leader in Microsoft Research’s Systems & Networking Research Group, and an outgrowth of the company’s Shield initiative to block network worms could one day even become Microsoft’s answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005.
“This can provide another layer of security, even on unpatched browsers,” Wang said in an interview with eWEEK. “If a patch isn’t available, a BrowserShield-enabled tool bar can be used to clean pages hosting malicious content.” BrowserShield, described by Wang as a tool for deleting embedded scripts before a Web page is displayed on a browser, can inspect and clean both static and dynamic content. Dynamic content has become a popular vector for Web-borne malware attacks of late, security experts have said.
We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser,” Wang said. “We’re inserting our layer of code at run-time to make the Web page safe for the end user.” If the prototype is eventually folded into a Microsoft product, it could also protect against drive-by attacks that target flaws in IE, which is used by approximately 90 percent of Web surfers worldwide. BrowserShield is one of many security-related projects coming out of Microsoft Research.
This sounds pretty cool, until it starts messing up my webpages. Anything that can block some of this crap these losers put out there on the web, is fine with me. More info from Microsoft Research.
“This transformation logic,” Wang says, “can be injected at a firewall, as a browser extension, or by Web publishers.”
Dunagan provides an enthusiastic elaboration.
“That’s something that we both think is really, really nice about this,” he says. “It’s something where ISA can help protect all the people within a corporation, or it can be something where MSN Search makes it so that any of the cached Web pages that you can see on their site cannot contain these exploits; they can help protect everybody who is going to MSN Search to look at these things. There are two different value propositions, and they appeal to many people.”
Some search engines have been trumpeting something called “safe search,” which amounts to a blacklist of known malicious sites.
“BrowserShield can enable a much more powerful way of doing this safe search,” Wang states. “Basically, even for a malicious site that is not already blacklisted, BrowserShield can help prevent it from doing known bad things, such as exploiting a vulnerability of a browser.”
The technology, similarly, can deliver security-enhanced browsing.
“Say there’s a zero-day browser exploit,” Wang says. “At a particular time, a patch might not be available. But in the meantime, we can allow users to browse through a BrowserShield-enabled toolbar. Users would then be able to type URLs into the toolbar rather than in the usual address bar. This allows all Web sites to be sanitized by the BrowserShield toolbar and enables a safe browsing experience.”
Are screensavers really a problem? Asks a siteadvisor blog entry, and according to their results, they are, big time.
We counted 318 children?s television programs currently airing on English language networks in the United States. We decided to search for screensavers for each of these shows to see how risky it is to put a Rugrat, a Powerpuff Girl or a Flintstone on a desktop.
Each of the three aforementioned programs all returned 50% or more risky sites on Google’s first page of search results. And that’s just the tip of the iceberg. A staggering 85% of all kids TV show screensavers searches returned at least one dangerous site on the first page. 20% of all shows returned search results where half or more of the sites were risky. A child or parent who searches for a Gilmore Girl or Kenny the Shark screensaver and clicks randomly on the results has a 60% chance of landing at a risky site.
The Power Rangers were number one with 81.8% of sites in the results leading to sites with red links and yellow links.
Some adults may take the time to learn about these programs. But children are especially vulnerable to blindly clicking yes at each prompt & then the family PC is infected with adware and worse.
And thats how lots of adware gets on pcs at home, kids don;t know any better and blindly click yes to prompts that pop up, just because they want whatever they were searching for.
This article references an article that I wrote at Realtechnews.com called Warner Bros Partners with 180Solutions, that I followed up at Revenews.com called More on WarnerBros and 180Solutions. One of these years, we may be able to get rid of adware and spyware, if more merchants, like WarnerBros, will end their relationship with them.
Vonage spends huge amounts on advertising — more than $20 million per month. Unfortunately, among this spending is widespread and substantial spyware-delivered advertising. He goes into great detail, showing the money flow, from company to company with 12 great examples.