Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Analysis of Spyware

timothy posted more than 10 years ago | from the incompatable-with-my-OS dept.

Privacy 246

scubacuda writes "What actually happens when you install adware/spyware/malware? Follow the Bouncing Malware examines what's downloaded, redirected, and obfuscated. A fascinating read. (Part two was postponed in order to cover a new My Doom variant.)"

Sorry! There are no comments related to the filter you selected.

eka posti! (-1)

Anonymous Coward | more than 10 years ago | (#9908604)

432qre!

Re:eka posti! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9908755)

LOL omg u on needsahug

HAH!!! (1, Funny)

tekiegreg (674773) | more than 10 years ago | (#9908605)

Bow before me Spyware infested site, for I have Mozilla 1.7 and the latest Linux Kernel, you puny scum!!! MUAHAHAHAHAHA!!!

Admit it, many a slashdotter is feeling that way right now...

Re:HAH!!! (3, Funny)

Nogami_Saeko (466595) | more than 10 years ago | (#9908616)

So... Security through obscurity then? :P

(runs away)

N.

Re:HAH!!! (4, Funny)

Eudial (590661) | more than 10 years ago | (#9908631)

Nah, i feel more like

Mua ha ha ha ha ha ha ha! Inferior beings! I run an antiquated version of SPARC solaris, and NOTHING is compatible with SPARC solaris! Not even spyware!

Re:HAH!!! (2, Funny)

tekiegreg (674773) | more than 10 years ago | (#9908652)

ok I can one up that....my Netscape for abacus's owns your puny spyware infested site!!!!

get downstairs and take the trash outside (0)

Anonymous Coward | more than 10 years ago | (#9908667)


thanks for thinking of me and our friends who are not so computer savvy

signed:

your dad

Even Sevens (4, Interesting)

mfh (56) | more than 10 years ago | (#9908610)

> And that's were I'm going to end it for today. In the next part, I'll take a look at what happens as this chain of malware continues on it's merry way, and I'll also investigate what happens when I fire up IE the next time and visit my new home page.

Personally, I think you should examine ways to get even. Even-Stevens.

Up until this point, I've seen lots of anti-spyware put out that blocks spyware and protects your system from unjustified Reg entries etc., but it generally stops there. It's a shield when what we need is a shield and a sword.

Covenants, without the sword, are but words, and of no strength to secure a man at all -Hobbes

What I would like to see is anti-malware that bites back, hard.

We had this site going a while back that was going to test anti-trolling methods, like by taking a troll user and stuffing them in their own world. All their posts would be modded up and their view of the site was totally different than the users who were not trolls. Of course in tests it was easy enough for them to spoof their IP to get past this, but many of them didn't realize how to do it.

But for malware sites, what if we came up with a solution that would detect it and let it believe it was working, but generated the data needed to put these goofs in jail. I think the SETI distributed computing model could be slightly altered to work to this end.

Then we could get Even-Stevens.

Re:Even Sevens (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9908628)

who the fuck is Steven?

Re:Even Sevens (0)

Anonymous Coward | more than 10 years ago | (#9908643)

mostly because people don't want unecessary processes running.

Re:Even Sevens (4, Insightful)

FooAtWFU (699187) | more than 10 years ago | (#9908651)

What I would like to see is anti-malware that bites back, hard.

Well, you could feed the spyware's controllers some fudged data, but how do you think you're going to get a SETI@Home-like model to "generate the data needed to put these goofs in jail"? Please, explain how repeated computation of fast Fourier transforms will do anything to uncover the spyware's owner. :)

Suppose we managed to get your nice antispyware software to collect data on the spyware's owners. What form do you think that data will take? I'm guessing it would be little more than IP addresses. Perhaps you can convince the authorities to subpeona the ISP for the owners of those addresses, but I doubt it. Good luck.

Re:Even Sevens (3, Interesting)

Anonymous Coward | more than 10 years ago | (#9909084)

Perhaps you can convince the authorities to subpeona the ISP for the owners of those addresses, but I doubt it.

Why is it that "the authorities" are interested in subpoenaing the addresses of filesharers, but not illegal malware scammers?

Re:Even Sevens (1)

erick99 (743982) | more than 10 years ago | (#9908678)

Society will always generate malcontents and folks with antisocial personality features. These people have reasons or needs to hurt other people. A fair amount of these folks are quite bright and use their gifts to be hurtful and do damage. Trying to catch them seems futile because they will figure out a way around anything put up to stop them. They feed off the attention that they get (though a few very disturbed individuals do not). It is best, in my view, to not give them any attention at all. Just protect your computer. When you do catch one, prosecute them to the fullest possible extent of the law and then they can have some attention. When the weenies see one of their own in prison without a computer and looking none-to-happy, maybe it will be a deterrent. Or maybe not.

Cheers,

Erick

Re:Even Sevens (3, Insightful)

MindStalker (22827) | more than 10 years ago | (#9908828)

Your implying that spy and malware exist because people want attention. That may be true concerning many viruses, but spy ware is simply about money.

Re:Even Sevens (3, Insightful)

LostCluster (625375) | more than 10 years ago | (#9908783)

You're missing a key point. Spyware operators can't be put in jail because they're not breaking any laws simply by publishing spyware. Being scum is not a crime.

A virus gets onto a user's computer through security holes, but malware simply walks through the front door stating their evil intents in a clickwrap TOS that the user usually doesn't read. There's no crime in getting people to agree to something stupid in exchange for a silly little app that runs in the corner of their screen.

Re:Even Sevens (2, Informative)

nkh (750837) | more than 10 years ago | (#9908855)

I don't have Windows, but I've seen stories on /. about users infected by spywares, instead of the usual TOS clicking.

Re:Even Sevens (0)

Anonymous Coward | more than 10 years ago | (#9909005)

Technically, that would be a trojan or virus then, and not spyware. (Although, ironically, many slashdotters seem to be clueless idiots when it comes to computers, so their 'infection' may well have been user error.)

Note that some spyware lowers your IE security settings, which makes it much easier for other spyware to get in even after cleanup has occurred.

Re:Even Sevens (0)

Anonymous Coward | more than 10 years ago | (#9908880)

And yet, at the same time, it's no reason to not start breaking kneecaps.

Re:Even Sevens (1, Funny)

Anonymous Coward | more than 10 years ago | (#9909068)

Covenants, without the sword, are but words, and of no strength to secure a man at all -Hobbes

So what did Calvin say to that?

Slashdotted Already!? (1, Funny)

mungeh (663492) | more than 10 years ago | (#9908614)

...or maybe the malware guys got to them first?

TO ALL HUMAINE SOCIETIES TAKING TAX $$$ (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9908615)

Excuse my English Please, Thank You. First congratulation on all you good work with animal. We support. We would like to help your company make money, so we like to offer help so you make money.

Dog shelter kill million of dog, cost money. Dog shelter cremate dog cost money. Dog shelter need money to operate. Where it get money? Hard to get money.

Many people like to eat dog. People need to eat dog. Where do they get dog? Some people they raise dog to eat. Some steal dog, make some people angry, hurt some people. That not right.

We like make proposal to your dog shelter to sell us dog. You save money, you make money. We buy all dog, regardless of size or color. We prefer big, young, strong dog but we take all dog from your dog shelter. We cook dog in America. We can dog in America and sell some dog in America in Asian market place. Lot people in America eat dog. Most dog we ship oversea. Lot people eat dog. Many country eat dog. Korea, China eat dog, Philippines, Japan, Thailand, Cambodia eat dog. Dog is healthy for you. This way your cost of business is less. You make more money, more people happy. You get cleaner air. No burn up dog. No waste dog. People pet no disappear. Everybody happy.

Cause we understand some people no like idea to eat dog. But they make trouble for people who like eat dog. Those people called two face. Those people eat cow, rabbit and mice, squirrel and frog and every thing else, but still give us trouble. But dog is good food. Dog is good medicine, make sick people strong, make old people young, make penis hard, make sex good again. Our business getting very big. Need more dog. We are prepared to offer you ten cents per pound per dog. We pick up dog every day, so you also save on feeding dog. We like very much to speak with you and make deal. Please tell us how many dog available in your business. We have deal already to do same with dog shelter in New Jersey, Connecticut and Massachusetts. We hope to be eventually in big city cross America. You can join us now, save money and continue doing your good job. We do big business together. We have big business already with many dog breeder and many dog hospital. Dog no suffer, We have quick death for dog.

Looking to hear from you soon,

Thank you

Kim Yung Soo
President
Kea So Joo, Inc.

==This message distributed on slashdot curtosy of GNAA/ECFA

Why is this YRO and not IT? (0, Informative)

Anonymous Coward | more than 10 years ago | (#9908618)

oh yes, because IT colours suck dick.

In other news (4, Funny)

Anonymous Coward | more than 10 years ago | (#9908619)

Ive heard that MyDoom 3 has just been released too... a much darker scarier variant which seems to have originated on mars

What happens? (5, Funny)

Rosco P. Coltrane (209368) | more than 10 years ago | (#9908621)

What actually happens when you install adware/spyware/malware?

I'm not sure. Let me ask BonziBUDDY...

Re:What happens? (2, Funny)

accidental_1 (774756) | more than 10 years ago | (#9908663)

What did it say?
It told me i need viagra.

Re:What happens? (1, Funny)

Anonymous Coward | more than 10 years ago | (#9908684)

What did it say?
It told me i need viagra.


Well, it didn't tell me much, but it did reset my homepage to www.bonzi.com [bonzi.com] , just in case I needed to know more about purple gorilla manufacturers. How nice of him...

Re:What happens? (1)

accidental_1 (774756) | more than 10 years ago | (#9908730)

You didn't get the first post so "Your computer clock may be wrong. Would you like to keep it accurate?"

firefox testimonial (5, Insightful)

Anonymous Coward | more than 10 years ago | (#9908640)

I have been an IE devotee since v4.x came out. I have recently moved over to Firefox in order to stop me having to keep up with all the security problems I started to experience only inthe last couple of months.

Seriously, how hard can it be for MS to write an application as straightforward, yet secure as Firefox.

I downloaded Service pack 2 release candidate and noted a lot of security improvements and features, but in agreeance with with MS whom today released the full Service pack 2, it seems to mainly add 'bars and locks' to your 'doors and windows'. Whereas Firefox seems to be a better neighborhood to live in from the start.

Re:firefox testimonial (4, Interesting)

TheHawke (237817) | more than 10 years ago | (#9908659)

Oh Mod this parent up!
You hit the nail on the head several times with firefox's security. It does seem to have marked improvements over IE in security, blocking 'wares from going off in your system, to barring banners from starting up, ever!

Of course I maintain a hosts file that pretty much keeps them at bay.

http://www.pelicancoast.net/~nighthawke/hosts.zi p

Re:firefox testimonial (1)

selderrr (523988) | more than 10 years ago | (#9908734)

hey dude, thanks for that hosts file. Impressive collection !

Re:firefox testimonial (1)

TheHawke (237817) | more than 10 years ago | (#9908793)

You are very much welcome. There is a variety of Hosts file managers out there that do a lovely job of sorting and managing the entries in the file. It does bog down slower systems, but I consider it a fair trade to keep the goons at bay.

Re:firefox testimonial (3, Informative)

scubacuda (411898) | more than 10 years ago | (#9908806)

Check out this host file [everythingisnt.com] also.

Re:firefox testimonial (3, Funny)

TheHawke (237817) | more than 10 years ago | (#9908816)

Eeek! This guy just upstaged me! Now i'll go sulk for a week then get EVEN!

Re:firefox testimonial (1)

scubacuda (411898) | more than 10 years ago | (#9909026)

Just curious...how long did it take you to compile all of that?

Re:firefox testimonial (1)

Izago909 (637084) | more than 10 years ago | (#9908919)

And here's some more links [uiuc.edu] for security and privacy.

Re:firefox testimonial (1)

bvdbos (724595) | more than 10 years ago | (#9908977)

Impressive hosts file. But not all is evil. Where would we be without osdn... (last entry in your file) and where would osdn be without ads???

Re:firefox testimonial (5, Insightful)

Rosco P. Coltrane (209368) | more than 10 years ago | (#9908672)

Seriously, how hard can it be for MS to write an application as straightforward, yet secure as Firefox.

Perhaps lots [ca.com] of [symantec.com] people [bitdefender.com] , including Microsoft itself [theinquirer.net] , have an interest in perpetuating the myth that software is inherently insecure.

Re:firefox testimonial (1)

back_pages (600753) | more than 10 years ago | (#9908719)

Here's my homebrew mod point for you, sir. Right on the money.

Insecure software creates a whole economy for crutch-software. If software were secure, entire corporations would go bankrupt.

Re:firefox testimonial (1)

Gigantic1 (630697) | more than 10 years ago | (#9908696)

You are soooooo right!

Firefox is available at this link: http://texturizer.net/firefox/index.html

Happy surfing.

Re:firefox testimonial (0)

Anonymous Coward | more than 10 years ago | (#9909146)

Why don't we just download it from here [mozilla.org] ?

I guess you missed the memo... (1)

lucason (795664) | more than 10 years ago | (#9908721)

I'm very sorry to disapoint you, but this article ( http://www.mozilla.org/security/shell.html [mozilla.org] ) should open them peepers....

I'm afraid this isn't the first and won't be the last.

Re:I guess you missed the memo... (3, Funny)

Anonymous Coward | more than 10 years ago | (#9908757)

You know, you are absolutely right! I am going right back to IE.

After all, just this one vulnerability makes it just as insecure as IE's 1035.

New one just in: now 1036...

another: 1037...

another: 1038...

Shit! I'm not gonna keep this up all day!

Just not IE! (4, Informative)

yoshi_mon (172895) | more than 10 years ago | (#9908887)

I realize that Firefox and Mozilla get all the glory here on /. due to them being OSS but the bottom line in all of this is just that IE is the one to blame.

I've been using Opera since v5.x and have never looked back. Lately I've seen a lot of improvement in Firefox but they are still playing catchup with Opera.

For whatever reason Opera only seems to get a nod here when it should be getting a lot more but cest la vie. I personally will continue to support Opera until they sell out or whatever but I hope that they, and everyone else, realize that having a marketplace full of a few, maybe even many diffrent browsers will only help everyone in the long run.

Currently I am installing Firefox for people who just need to use anything but IE; mostly end users. For a power user however Opera is the way to go.

malware honeypot? (4, Interesting)

TheHawke (237817) | more than 10 years ago | (#9908649)

I wonder if someone can whip up a honeypot that'll reverse-engineer some of the malware out there, munge all the URLS down and give proof that someone is doing this on purpose.

Then maybe the state DA's will jump in and make a lesson of a malware producer or two. That is, if they are local. IF not, LART until their router is unplugged.

This 'ware business is seriously getting out of hand and MUST be dealt with, one way or another. IF we have to force these jokers to go overseas, fine, then we'll do so and isolate their domains at root DNS.

Re:malware honeypot? (1, Insightful)

Anonymous Coward | more than 10 years ago | (#9908694)

Wouldn't it be great to see spyware producers suffer legal consequences? Don't think it will happen, though: the political and legal system is too busy protecting the recording and movie industries at the moment.

Re:malware honeypot? (2, Interesting)

Anonymous Coward | more than 10 years ago | (#9908796)

Let's give credit where credit is due!

Did you RTFA? The spyware he mentioned all loaded automatically using exploits that are only available in IE and Windows! This is all courtesy of Microsoft!

Face it: these people would not be able to do these things without Microsoft's brain-dead approach to secure design. If you wanna sic DA's on somebody, point them at Microsoft!

Re:malware honeypot? (2, Informative)

selderrr (523988) | more than 10 years ago | (#9908815)

You mean like we want to do with spammers ?
We all now how well that worked


Face it : malware is the new spam, and it is a lot harder to detect & isolate. OSX & linux users may be safe for now since the problem is moved from mailserver to client machine, but it is only a matter of time until java malware shows up.

The ONLY solution is keeping the OS secure, the firewall tight and the user aware not to click bogus utilities. That and a network wide hosts file that redirects a lot of crap.

Re:malware honeypot? (4, Insightful)

TheHawke (237817) | more than 10 years ago | (#9908859)

I do not disagree, and let me reinforce the point. the 'wares take a direct path to customers systems from known sources, unlike virii.
If someone goofs and winds up on a site like the article mentioned, guess what, the customer just hit a malware mine.

It's not like the lovebug bit where it spread like wildfire, at random, the 'wares are more focused and actually show a purpose behind their creation: to retrieve personal information on the user behind the keyboard.

Under Federal and State regulations, this shows Willing Intent to Commit Malice, possible violations of Wiretapping Laws,and is grounds for prosecution to the fullest extent of the Law.

Re:malware honeypot? (1)

selderrr (523988) | more than 10 years ago | (#9908928)

that is under the assumption that malware spreads only via http clicks... I consider it very likely that future malware will spread trhu direct connections, P2P networks, infected downloads, ...

If the malware itself operates in a silent way (i.e. not blatantly plop ads all over your screen, but rather replace existing ads with his own crap), it can be very tricky to pinpoint a guilty party

Re:malware honeypot? (1, Insightful)

base3 (539820) | more than 10 years ago | (#9908820)

The state AGs are too busy taking campaign money from the copyright cartel and sending threating letters to "P2P companies" to worry about spyware.

-1, Flamebait? (0)

Anonymous Coward | more than 10 years ago | (#9908913)

More like, +1, truth hurts.

Mozilla Firefox - it solves most problems.... (4, Interesting)

Gigantic1 (630697) | more than 10 years ago | (#9908668)

Those poor soles running Internet Explorer (like ME until recently) don't know what they are missing by not switching to Firefox, Opera, and some of the other fine browsers out there.

Usually, I skeptical about "Freeware", but Mozilla's Firefox has been a glorious exception. Not only is it faster, more intuitive, and easier to use than IE, it is also MORE SECURE. Unlike IE, Firefox does not allow ActiveX and VBScripts to run - and this is a blessing.

Please consider giving it a try.

Happy surfing.

Re:Mozilla Firefox - it solves most problems.... (4, Funny)

Rosco P. Coltrane (209368) | more than 10 years ago | (#9908691)

Those poor soles running Internet Explorer (like ME until recently)

Jesus, it's about time you upgraded from ME, I'd say...

Re:Mozilla Firefox - it solves most problems.... (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9908881)

There's no such thing as Internet Explorer ME. You're thinking of Windows ME.

It seems you can't tell the difference between "Internet Explorer" the web browser and "Windows" the OS. I bow to your vast Stupidity, I worship you O Lord of Idiots and I'm awed at the size of your mountain of Ignorance.

Re:Mozilla Firefox - it solves most problems.... (0)

Anonymous Coward | more than 10 years ago | (#9909009)

joke

Pronunciation Key (jk)
n.

1. Something said or done to evoke laughter or amusement, especially an amusing story with a punch line.
2. A mischievous trick; a prank.
3. An amusing or ludicrous incident or situation.
4. Informal.
1. Something not to be taken seriously; a triviality: The accident was no joke.
2. An object of amusement or laughter; a laughingstock: His loud tie was the joke of the office.

Re:Mozilla Firefox - it solves most problems.... (0)

Anonymous Coward | more than 10 years ago | (#9909044)

followup joke

phrase.

1. A joke that is uttered as a followup to another joke.

2. Something that passes way over your head, apparently.

Re:Mozilla Firefox - it solves most problems.... (0)

Anonymous Coward | more than 10 years ago | (#9909122)

Yeah, for real. Upgrade to something more stable like Win98SE.

Re:Mozilla Firefox - it solves most problems.... (2, Interesting)

Gigantic1 (630697) | more than 10 years ago | (#9908710)

Nooooooo. Sorry about the confusion. "ME" referes to myself, not "Windows Millineum Edition" (Yuck)

Currently, I'm running Mozilla Firefox on Windows 2000, and I have no complaints. In fact, I'm happier about surfing the web than I've been in years!

For reference, Firefox may be downloaded at http://texturizer.net/firefox/index.html.

Happy Surfing.

Re:Mozilla Firefox - it solves most problems.... (0)

Anonymous Coward | more than 10 years ago | (#9908724)

Nooooooo. Sorry about the confusion. "ME" referes to myself, not "Windows Millineum Edition" (Yuck)

Have you ever heard the word "dense"?

Re:Mozilla Firefox - it solves most problems.... (1, Interesting)

Gigantic1 (630697) | more than 10 years ago | (#9908736)

Nooooooo. Sorry about the confusion. "ME" referes to myself, not "Windows Millineum Edition" (Yuck) Have you ever heard the word "dense"?

And for your "snit fit" concerning semantics, you mod my parent post as a "Troll". Or was it something else?

Anyways...Grow up.

Re:Mozilla Firefox - it solves most problems.... (0)

Anonymous Coward | more than 10 years ago | (#9908797)

Read the FAQ, you'll see that you can't mod and post on the same piece of news.

Re:Mozilla Firefox - it solves most problems.... (1, Informative)

Gigantic1 (630697) | more than 10 years ago | (#9908864)

Read the FAQ, you'll see that you can't mod and post on the same piece of news.
You can if you post as an Anonymous Coward.

Re:Mozilla Firefox - it solves most problems.... (0, Flamebait)

base3 (539820) | more than 10 years ago | (#9908923)

Not if you're logged in when you do it--your moderation will be undone if you post AC in a thread you moderated if you're logged in. Of course, I'm $rtbl'd, so it doesn't matter anyway.

Re:Mozilla Firefox - it solves most problems.... (0)

Anonymous Coward | more than 10 years ago | (#9908971)

-1, Dangerous Influence: warns about moderation "features"

Re:Mozilla Firefox - it solves most problems.... (0)

Anonymous Coward | more than 10 years ago | (#9908715)

It is not "Freeware", it is "Free Software", free as in Freedom, "Libre Software"

Re:Mozilla Firefox - it solves most problems.... (1)

Shaklee39 (694496) | more than 10 years ago | (#9909059)

Faster? Hah. Try telling that to everyone in the office where I work after firefox takes 10 seconds to load compared to IE in 2 seconds. It is unacceptable for them, no matter how secure it is.

Spyware Prevention (4, Insightful)

Tiberius_Fel (770739) | more than 10 years ago | (#9908670)

I've found that all the spyware can be kept down to basically zero if you do what I do (even for Windows users). I use Firefox and not IE (it's interesting to look at how many hits ad-aware gets for tracking cookies etc. with IE)... And speaking of ad-aware, I run it regularly. Honestly, spyware statistics would go way way down if people ran an anti-spyware program now and then. I find in my experience, when you run it for the first time and get 500 - 1500 "objects" found, it wakes the user up as to what sort of crap is on there, and after that they seem to be pretty good about running it themselves.

make it fun (3, Interesting)

zogger (617870) | more than 10 years ago | (#9908853)

it's weird but it's hard to get people to download and run antimalware stuff. But they WILL download and run other things, so, I got an idea, code one of those anti virus anti malware things so it works like a video game, you hunt and destroy the individual malware doodads graphically.

Re:make it fun (1)

40000 (445957) | more than 10 years ago | (#9908993)

Since many computer problems are caused by malware, wouldn't it be a good idea if a new application would not install until the crap was removed? This would work better for freeware because there isn't the problem with angry and confused customers demanding a refund when they get scary warning messages. Something like a file sharing program would be best to do this because they usually search your hard disk anyway.

And let's not forget... (4, Interesting)

Tuxedo Jack (648130) | more than 10 years ago | (#9908680)

How about the bastards who make browser hijackers? Removing CoolWebSearch's affiliates wastes so much goddamn time at my office, it's literally taking nearly three hours a week.

And don't deny it - their affiliates DDoSed SpywareInfo because it told people how to remove their bastardly malware and provided CWShredder.

I say we go after them, drain their coffers dry, and donate the funds to the Mozilla Foundation or something.

Re:And let's not forget... (1)

saskboy (600063) | more than 10 years ago | (#9908805)

Heh, the chances of anyone going after the several parties responsible for browser hijacking, and winning in a timely manner, are slim to nil with the average judge's knowledge of computers.
And then I highly doubt the money would go to something worthy. The lawers would get at least a 1/3 of a large settlement, and unless Mozilla did the suing, little money would go there.

Re:And let's not forget... (0)

Anonymous Coward | more than 10 years ago | (#9908924)

What good would giving money to Mozilla do - by your own admission, you don't use it at your office, so no matter how much money Mozilla gets, it will do you no good.

Instead of hunting down IE abusers and giving the money to Mozilla, why don't you just switch to Mozilla and be done with it?

Re:And let's not forget... (1)

AndroidCat (229562) | more than 10 years ago | (#9908948)

Once you've removed CoolWeb for the week, replace Microsoft's Java VM with a real one [sun.com] . As I recall, if you closed off everything else, that was the exploit it used. (Or turn off Javascript.)

I notice that their "affiliates" buy up loads of domains as they expire and turn them into farms directing traffic to sites to install CoolWeb or lesser relatives.

Re:And let's not forget... (1)

Mattintosh (758112) | more than 10 years ago | (#9908976)

I have that same problem at my office. I've been looking at a few solutions. I've found 2 that seem like they'd work well.

1. Norton Ghost - Since it's a single particular user's machine that keeps getting it, this would work well. He will, of course, bitch about losing his pictures every time we wipe the drive, though.

2. RIS - F12 is your friend, I've learned. At least during the boot process. Having a RIS setup would make installation quick and hopefully painless. (Yeah, right.)

There's another CoolWebSearch-like BHO out there that keeps redirecting you to t.rack.cc, which CWShredder doesn't fix. It also tends to cause the HD to thrash so much that it kills the drive. We've chewed through 3 HD's on that particular laptop in the last year. (It's a Toshiba. Maybe they just suck.)

How about fixing the user... (2, Funny)

Phil John (576633) | more than 10 years ago | (#9909106)

...since it's always the same one beat it into him with a clue-by-four.

No spyware here (2, Informative)

SteveXE (641833) | more than 10 years ago | (#9908756)

I managed to keep my pc pretty much spyware free when running IE aside from the day to day tracking cookies.

I switched to Mozilla about 2 months ago and not only do i never get spyware cookies due to its easy to use cookie blocking and plugins, but its so much better in many respects. I still have to use IE on some pages that contain video files, and i do have a few gripes but overall its much better and lets me control my internet experience on many more levels.

Spyware is just another form of a virus (4, Insightful)

onyxruby (118189) | more than 10 years ago | (#9908792)

How long will it take people to realize that spyware is just another form of a virus? I remember when people used to argue trojans weren't viruses and now people have finally come to accept them as just another form of a virus.

Look, I have worked on systems that have had hundreds of infections, from viruses and spyware. I routinely subject a drive from a machine with spyware to the same checks and controls I do with viruses. I start by removing the victim drive and putting it in a secondary control system. Only then can I properly remove the hooks installed to prevent you from really removing things.

I've seen everything from DLL hooks to putting itself into the system restore file or hidden OEM restore partitions. This way windows itself will *fix* your removal. I've seen where they try to emulate legitimate hotpacks and patches. It's pretty simple really, if a program installs surreptitiously, disguises itself, and takes steps to prevent it's removal - than it is a virus.

Re:Spyware is just another form of a virus (2, Insightful)

drinkypoo (153816) | more than 10 years ago | (#9908858)

Spyware/Adware is only as much a virus as a worm is. Guess that makes it a worm. Viruses infect other programs, worms propagate themselves as a program. There is a grey area when they hook themselves into assorted libraries, though.

Re:Spyware is just another form of a virus (3, Informative)

sploo22 (748838) | more than 10 years ago | (#9908953)

Wrong. Here are some definitions of a computer virus:

A program that can infect other programs by modifying them to include a possibly evolved copy of itself.

"A parasitic program written intentionally to enter a computer without the user's permission or knowledge. The word parasitic is used because a virus attaches to files or boot sectors and replicates itself, thus continuing to spread. Though some viruses do little but replicate, others can cause serious damage or affect program and system performance. A virus should never be assumed harmless and left on a system." -- Symantec


Get your terminology straight. If it doesn't infect other software, it is not a virus. Your argument is like saying malnutrition is a virus because it makes you sick.

Re:Spyware is just another form of a virus (2, Insightful)

WhatAmIDoingHere (742870) | more than 10 years ago | (#9909099)

Did you read the post you replied to?

He said: "I've seen everything from DLL hooks to putting itself into the system restore file or hidden OEM restore partitions."

That sounds like it's infecting software. Last I checked, Windows wasn't hardware.

Re:Spyware is just another form of a virus (3, Insightful)

Anonymous Coward | more than 10 years ago | (#9909051)

User: Wow! SuperKaazaMidgetCursor! (I agree.) (I agree.) (I agree.)

Peter Norton: SpyVirus removal complete!

User: Norton broke my SuperKaazaMidgetCursor. No more free MP3s and naked strippers on my desktop WAH! I want my money back!

[The big difference between Anti-Virus and Spyware-Removal programs, is that the former is based on program behavior, and the latter makes value judgements about what is 'good' software or 'bad' software. I don't think any developers want a situation where they have to get their programs certified as "good" by some 3rd party.]

Re:Spyware is just another form of a virus (1)

anynameleft (787817) | more than 10 years ago | (#9909140)

"if a program installs surreptitiously, disguises itself, and takes steps to prevent it's removal - than it is a virus." This was my experience with removing some kind of toolbar (believe it was that of smiley central):
Are you sure to remove MyIEToolbar? [yes][[_no_]]

MyIEToolbar contains NO SPYWARE! Are you still sure you want to uninstall? [yes][[no]]

Why do you want to uninstall MyIEToolbar?
[_] didn't like it anymore
[_] have a concurrent product
[x] has spyware
[[ok]]

You selected "has spyware"
MyIEToolbar CONTAINS NO SPYWARE! (blinks)
DON'T BE AFRAID! IT REALLY CONTAINS NO SPYWARE!
Are you SURE to unsinstall (typo intended) even though it contains NO SPYWARE!?

[yes] [[¡NO!]] (blinks)
Now what would you answer to that last question?

A lot of people don't care (5, Interesting)

. visplek . (788207) | more than 10 years ago | (#9908801)

Funny thing is that a lot of people just don't care. I remember that visual plugin for Winamp: Wild Tangent Valentine Dancer. It turned out to be spyware (and so did the rest of Wild Tangent's plugins and apps) but a lot of people just wanted to see a girl dancing on their screen. They just don't care. Not aware of the results of a spyware infested computer and blinded by some digital hottie. The result is over 3,707,559 downloads.

Re:A lot of people don't care (1)

drinkypoo (153816) | more than 10 years ago | (#9908868)

It's not that the dancer is spyware, it's that wild tangent is. In order to run it, or any other wild tangent content, you have to install the wild tangent player.

Re:A lot of people don't care (4, Funny)

Anonymous Coward | more than 10 years ago | (#9909019)

You wouldn't happen to know the URL for that dancing girl, would you?

There's a simple solution to this.. (0, Redundant)

Soldevi (776054) | more than 10 years ago | (#9908811)

Just don't use windows or IE. I don't. The extent of executable code that runs in my browser is javascript. I have privoxy [privoxy.org] configured to specifically block every ad site using tracking cookies as well.

Re:There's a simple solution to this.. (3, Funny)

nyseal (523659) | more than 10 years ago | (#9909119)

"Just don't use Windows or IE"......now THERE'S something new for slashdot. Sheesh

pollution (3, Interesting)

wobblie (191824) | more than 10 years ago | (#9908812)

the only effective way to combat this is to pollute/crapflood their databases, in a massive sustained effort. A DDos they they are just begging for.

Just how that's done is another matter; but how long will it be before some enterprising young soul comes up with a daemon that generates false information and does nothing but pollute spyware databases? If it can be done with SETI, it can be done here ... the caveat is that the machine would have to be "infected" to do this ...

Re:pollution (1)

scubacuda (411898) | more than 10 years ago | (#9908922)

the caveat is that the machine would have to be "infected" to do this ...

Run it all in VMware.

This would actually be a cool project to do for Defcon. If anyone is interested in something like that, e-mail me: scubacuda#iname-c0m

BRING ON THE DDOS!! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9908849)

The only thing I could give have a crap about in this article would be information to clue in *how* to DDoS these low lives.

The majority of the net needs to be brought up to bring combined resources to thrash their databases and cripple any server remotely associated with them.

Harsh, fuck yeah. Got another idea that would be nearly as effective?

I want an integrated tool! (3, Interesting)

gone.fishing (213219) | more than 10 years ago | (#9908938)

I hate spyware. It is much worse than most of the viruses I've dealt with. As a support technician in a large corporation I deal with it every single day. Some days, all day.

I'd love to see a tool that would deal with all security threats to the desktop. A single tool that would protect against viruses, malware and would act as a smart desktop firewall. We already use an anti-span service but I think the tool should do that too. In the workplace it should be centrally controlled and updated automatically. It should report on attemts and allow the networking folks to use this data to stop stuff at the corporate firewall.

While I am dreaming, I think I'd even like to tool to provide a transparent, managable method of deploying service packs and patches to the desktop (although that is I admit probably better seperately with software deployment tools).

I suppose the server boys would probably need a tool to keep those back-room boxes squeeky clean too. Maybe a special server version of the same software could be slapped on those bad-boys.

I understand why companies are reluctant to share data but in the case of "common security threats" I think that an exception should be made and an automated but monitorable system of threat identification and reporting should be built into the software so as soon as a new threat is identified it can be made available to everyone using the software.

Then we can all cooperativly figure out who is doing this and we can publish that information somewere (like slashdot?) and we can provide them with a little justice!

Re:I want an integrated tool! (0)

Anonymous Coward | more than 10 years ago | (#9909032)

I'd love to see a tool that would deal with all security threats to the desktop. A single tool that would protect against viruses, malware and would act as a smart desktop firewall. We already use an anti-span service but I think the tool should do that too. In the workplace it should be centrally controlled and updated automatically. It should report on attemts and allow the networking folks to use this data to stop stuff at the corporate firewall.


While I am dreaming, I think I'd even like to tool to provide a transparent, managable method of deploying service packs and patches to the desktop (although that is I admit probably better seperately with software deployment tools).

I suppose the server boys would probably need a tool to keep those back-room boxes squeeky clean too. Maybe a special server version of the same software could be slapped on those bad-boys.


As 500 /.ers are currently pointing out, it's called Linux.

Re:I want an integrated tool! (1)

scubacuda (411898) | more than 10 years ago | (#9909039)

If only it were *that* easy....

Re:I want an integrated tool! (0)

Anonymous Coward | more than 10 years ago | (#9909050)

I think the integrated tool you're looking for is called "properly configured Linux". (Or BSD.) Note the qualifier; I'm not advocating security by smugness like people who have never done a proper security audit of their Linux boxes.

Re:I want an integrated tool! (2, Insightful)

blowdart (31458) | more than 10 years ago | (#9909088)

You support a large corporate network that allows their users installation rights (face it, most spyware doesn't install unless you have rights to install BHOs, ActiveX controls or other rights)? You work in a large corporation who runs a windows network and doesn't know how to push patches out over AD, or the nicer 3rd party products out there that do it?

What's your ticker symbol, because I don't ever want to buy stock in a company that can't run a network properly.

Startup Cop (3, Informative)

blackmonday (607916) | more than 10 years ago | (#9909034)

There's a really nice tool on the net called startupcop that was made by the ZDNet people, released, then dropped. You can still find it on google as "startcop.zip". It's a nice program that shows you what starts in Windows when you boot. My friend had about 60 different adware/spyware programs on his machine. I was able to remove most of them except for this pesky TV something adware which would not uninstall. And something else, there's some other kind of app that won't let adaware or spybot run. Its a giant pain in the ass, my friends PC is unusable, eve with Mozilla, and he ahs a $50 a month broadband bill. The sons of bitches who make these programs need to be put in jail. There, now i feel better.

firewall (1)

zarpa11 (799099) | more than 10 years ago | (#9909086)

I have BlackIce PC protection for my firewall, and it has a feature to block unknown programs from running. A pretty good defense against spyware (and viruses for that matter), eh?

Thats so evil (1)

xmorg (718633) | more than 10 years ago | (#9909127)

That is so evil. I feel so sorry for Windows internet explorer users.

OT: MyDoom & Yahoo (1)

betonme (752948) | more than 10 years ago | (#9909130)

I noticed that it Yahoo Mail was really slow this morning. Where they getting flooded by infected windows machines?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?