Saturday, November 19, 2005

Viruses: Old and Busted. Homepage Hijackers: the New Hotness

This is my note to Brian Livingston who is behind the WONDERFUL newsletter, WindowsSecrets (go to https://windowssecrets.com/info/ to subscribe, it is very good, Spocko approved!) I have been a subscriber to this and some of Woody's newsletters for years, they always have great practical advice and insights on what works and what doesn't.

Hi Brian:

Love your work, bought your book (on Windows 2000) and I think your newsletters are right on target. I read them more closely than a lot of trade pubs. I also came to the conclusion that CounterspyPro was the way to go based on reading reviews. I have the Linksys wireless router on your baseline list (which is good as a wi-fi firewall but actually sucks as a wi-fi product based on my experience. Weak coverage and it also has an uneven signal. However I think part of my problem is that I bought it when it was a brand new standard, one of the first “G” wireless routers out there. I was so unhappy with it that instead of trying to get it to connect with my computer down the hall I strung Ethernet over my roof!) I’ve since updated the firmware, but since I have a wired connection I don’t bother to see if the signal is better.

SPYWARE AND HIJACKERS—ANTI-Makers can’t keep up
But the real reason I wrote is wondering about spyware, malware, stealware and the ability of the various software makers to keep up.

Based on my readings, anti-spyware makers only get about 80 percent of the spyware. You have to use 2 or 3 other products to catch everything. This is TERRIBLE! I just struggled for hours getting one piece of spyware off an old computer (link to my blog entry about my epic battle). I had to use 3 products to kill it. It was a browser hijacker program. After I removed it I came home and found a DIFFERENT browser Hijacker on one of MY computers that was RUNNING Counterspy pro in active mode. What this means is that the people who are making spyware and hijackers are changing their methods faster than the folks at Sunbelt-software can keep up. This was a problem in the early days of the virus world too, but right now it appears that the anti-spyware makers don’t have the infrastructure and staff to keep up. I wrote Sunbelt and asked them what they could do to help me get rid of this hijacker or if they could recommend another program to get rid of it. I haven’t heard back from them. (FYI the hijacker was Search Inqwire and I believe it was using a new Java exploit!)

Viruses: Old and Busted. Homepage Hijackers: the New Hotness
You wrote about Panda trying to actively stop virus’. That is swell, but I’m thinking today, hijackers and malware/spyware have become the bigger problem. The deal about spyware and hijacker programs is that people are paying MONEY to make these. They are not being made by two kids in a basement in Tacoma. They are companies that have assets and that can be sued and put out of business. Maybe they are in other countries. I read that 180Search Assistant, in an attempt to rehabilitate themselves, have gone out and sued the people who were their “affiliates” who used their product to hijacker browsers with out permission in order to get money from 180Search Assistant. The makers of 180Search Assistant are not really a “spyware” maker now they claim. (HA!) It is all a PR stunt, but the point is that we might get the names of these people from around the world because of that lawsuit and then shut them down. We could do this WITH the cooperation of the people who are trying to “go legit”. Personally I think it is a lame excuse for them to say, “We TOLD THEM not to use our product to install spyware in a sneaky way, but they didn’t listen and we couldn’t stop them!” For a while my blog was one of the top search results for the term “180 Search Assistant” so I heard lots of stories about how much pain these people caused.

Anyway, my request is, please address the issue of how we admin type folks and underground computer mechanics can “keep up” when it is clear that the old school anti-Viral makers can’t address the new real problems and the new guard of anti-spyware makers don’t have the skill to even deal with threats from 20% of the established spyware, not to mention the rapidly changing threats.

Thank you!
Mr. Spocko
(Last name unpronounceable to humans)
Star Fleet Academy
SF, CA, Earth
Sector 0,0,1

P.S. To all my readers in the CIA cybercrimes group and the NSA (you know who you are), I know that these spyware/hijacker people may seem below your notice, but the skills they exhibit are just the kind of thing that will draw the attention of the REAL bad guys. They can then hire them and use their spyware/malware/hijacker skills for real nefarious purposes. THAT is why they might be a good target to cultivate/know or shut down. Just a suggestion, and the jerks from 180Solutions did all the spadework and found them for you!

0 Comments:

Post a Comment

<< Home