Thank you for visiting the Spyware-Net blog. As you’ve no doubt guessed, here we’ll talk about the latest happenings in the security space, provide you warnings about the latest malware tactics, and just overall talk about anything and everything spyware. And then some.
We hope you’ll visit now and then.
Jeffrey Pe Benito
Writer
FBM Software
The thing to remember when crunching the numbers for identity theft is that it isn’t strictly a cyber-crime ordeal. It’s really easy overlook that receipts in garbage bins, stolen wallets, or pilfered mail – all old school and all still highly effective- contribute to the over 50 billion dollars lost to ID theft annually. Phishing and credit card database hunting aren’t the only culprits. New technologies aren’t always the vectors.
That having been said, cyber-criminals seem to have developed a habit of finding new ways to steal your identity. The latest on that long line of worries is phishing via VOIP. An Info World article talks about how it’s being used - and why you should be concerned.
Jeffrey Pe Benito
Writer
FBM Software
It’s one thing for Direct Revenue to get sued. New York Attorney General Eliot Spitzer’s camp spared no media ammunition detailing their practices and motivations. About a month ago, when the suit was filed, internal emails between Direct Revenue’s management and the company’s exercises were made fair game. Their deliberate attempt to make their spyware stealthier, their experimenting with time intervals between showing pop-ups to see how those affect profit, their poring over how difficult the uninstallation should be – those were suddenly out of the closet, up for public scrutiny. And when Direct Revenue’s management called their own advertising tactics “hammering,” it really doesn’t leave very much to the imagination.
So again, it’s one thing for them to get sued. But Yahoo – altogether another matter. Ben Edelman has just filed a class action suit against the media giant, alleging that Yahoo’s practices included syndication fraud, among other things. An eWeek article talks about it here.
Jeffrey Pe Benito
Writer
FBM Software
So, ContextPlus has stopped distributing software. From their site, they prominently state,
Due to concerns over the practices of some of its distribution partners, ContextPlus has determined that it is no longer able to ensure the highest standards of quality and customer care and therefore is discontinuing further distribution of its software.
This is, of course, good news. But what’s particularly interesting about all this is the official reason they’re doing this - concerns over the practices of their distribution partners. This is all well and good, save for little concern that their behaviors - particularly Apropos rootkit techniques – are among the more documented ones in existence. And by the way, they mention this in the same breath as they state that there’s no uninstall available without contacting them. Nice.
Jeffrey Pe Benito
Writer
FBM Software
It happens in garbage bins and mailboxes, and in no small part, on user PCs as they surf. As last year’s databank heists have shown, it happens with big names that store millions of people’s credit card and social security numbers. Identity theft is not just happening, it’s happening on a scale larger than previously imagined.
But the thing that keeps identity theft from being a bigger threat than it already is – and remember, the costs are measured in tens of billions – is that personal data stored in databases aren’t easy to come by, even for serious thieves. Last year, 40 million credit card numbers were lost to hackers in the CardSystems fiasco. The FTC Chair had become a potential ID theft target thanks to a DSW data breach where 1.4 million numbers were lost. Those in mind, database mining still isn’t exactly commonplace - there are measures that require corporations to protect client information, although we won’t tackle HIPAA and GLBA here.
Which brings us to the 26.5 million veterans recently exposed as potential targets to identity theft. The scary thing is, their data wasn’t stolen in a company repository, in an office where there are required measures to minimize the chances of data theft. Their information was lost in an employee’s home, during a burglary. Which means that the only thing they actively carried out that made them susceptible to ID theft is complete information for the Department of Veterans Affairs. All a little bit scary.
A Reuters article talks about it here.
Jeffrey Pe Benito
Writer
FBM Software
It has been around for some time but it seems like, lately, it’s been picking up traction. Since last year, it’s become something of a common practice for malware creators to use tools that lock you out of your files – and then leave behind instructions to get your files back, effectively holding your system for ransom.
The coined term is “ransomware.” As with most things freshly coined and containing some measure of media hype, it’s probably smart to take all news regarding this with a grain of salt. Nevertheless, considering the quick pay off and the ease with which these can be launched, it’s yet another reason to keep your protection up to date.
Update: For a ransomware variant called “Archiveus,” BBC reports that the password used to unlock user drives has been cracked. The code, apparently contained within the malware itself, can be found in this article.
Jeffrey Pe Benito
Writer
FBM Software
We’ve previously written about the Veterans Affairs debacle, wherein they lost the identities of 26 million vets. Now, with new reports, it turns out that close to two million troops on active duty were also on the list - and a group of vets are suing for damages.
A CBS News article talks about it here.
Jeffrey Pe Benito
Writer
FBM Software
And now, a shameless plug from above: ZeroSpyware Free Edition is out.
If you hate discussions about these things or otherwise feel that self promotion is a craft reserved for vermin with the same number of working brain cells as tape worms, I’m probably not going to win you over with this next, somewhat predictable, statement: I think it stacks up against the best freeware out there.
This is typically the part where you see the writer drop marketing terms, and mention how many umpteen variants of malware the product detects. Or how the ones it catches are the ones that will render your PC useless for the greater part of the next millennium, whereas with other free offerings, you would be lucky if it tells you Minesweeper is running.
This isn’t the place for that. I respect many of the offerings in the market today, and I believe a considerable number of our competitors are building powerful products, innovating, and making the industry stronger in the process.
However, I also think that the landscape has changed drastically since the days Ad-Aware and Spybot first blitzed the free anti-spyware space. For the 2003 or 2004 era of spyware, their scan engines were mature, and they’ve generated considerable momentum because of that. While warranted, the inertia and press they’ve acquired were based on the landscape of the time.
In the past years, that landscape has changed drastically. Spybot, for instance, was getting killer reviews back in the day, and they’ve even topped the PC Magazine’s very respected list. In 2003. Recently, their detection’s been called closer to “decent.” Still not a bad thing to be, but a far cry from “the” choice.
Today, there is a very different landscape of security – a drastically different set of threats. GAIN is about to stop issuing pop-ups. Hacker Defender has stopped updating its software. Rootkits are on the attack. The popularity of the two are still warranted, but among a class of other working, and perhaps, more powerful, choices in the market.
ZeroSpyware Free Edition may or may not impress you any more than Spybot or Ad-Aware currently do. I don’t know. I do know that it offers a set of features that are unique to the free anti-spyware space. And it might be worth checking if there are things it can protect you from that others may miss.
If you’re interested, it’s available at Download.com, here.
By the way, it’s also available from Tucows here, and from Softpedia here.
Jeffrey Pe Benito
Writer
FBM Software
There is at least reason to be careful opening that curious PowerPoint file attached to your email. Microsoft warns users that there’s a vulnerability in PowerPoint, and it could allow Remote Code Execution, the official term for attackers having their way with your PC. The warning can be read here.
In the interest of fairness, some of the language Microsoft uses for the warning has caused considerable controversy before. The current one’s third paragraph reads,
Microsoft is concerned that new reports of a vulnerability in PowerPoint were not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities.
This kind of language, appearing in a host of Microsoft warnings, have been interpreted by some as irresponsibly hostile to security researchers, and tangential to the issue of producing solid code.
I leave it up to you to decide, but they make for interesting reads here and here.
Jeffrey Pe Benito
Writer
FBM Software
In case you missed it, AOL has released data about the web queries of 658,000 people to a spankin new research site – then got burned for it, took the data down, and apologized for the “screw-up.”
The problem with this kind of thing is that even when the data is supposed to be anonymous, the web queries can sometimes paint pretty significant pictures about the users and their web use. From Techcrunch’s Michael Arrington,
The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with “buy ecstasy” and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen. The possibilities are endless.
The Techcrunch articles here and here, and the CNet piece here.
Jeffrey Pe Benito
Writer
FBM Software
