Malware


Malware & Privacy21 Nov 2005 02:16 pm

Check out my column for this month at eSecurity Planet. Here’s a sample:

It’s important to remember that plenty of good companies make mistakes. But in my book, what sets a good company apart from a bad one is how they react when their mistakes are discovered.

When interviewed on the radio, the president of Sony BMG’s Global Digital Business, Thomas Hesse, said, “Most people, I think, don’t even know what a rootkit is, so why should they care about it?”

Note to Mr. Hesse: “Who cares?” is seldom a good response.

I’m betting that Mr. Hesse didn’t know what a rootkit was before this issue arose, and from the tone of his comments, you can be sure he still doesn’t understand the consequences of it. Unfortunately for him, the gross tonnage of what he doesn’t understand about how his company screwed up only now is coming to light.

Enjoy!

Malware20 Sep 2005 02:34 pm

I am an avid user of Instant Messaging (IM), using it to keep in touch with business colleagues, friends, and family around the world.

Because I have friends scattered among the three major services — AOL Instant Messenger (AIM), MSN Messenger, and Yahoo! Messenger — I have accounts on all three. But AOL’s history of intrusive and annoying advertising practices has ensured that I won’t touch the AIM client software.

My grudge against the AIM software began a few years ago while I was in the middle of several months of radio interviews promoting one of my books, Fighting Spam for Dummies. (Speaking of intrusive advertising, you can pick up my book at your favorite online retailer!)

One particular morning, I had arisen around 3 a.m. PST to do a morning drive-time interview on a major East Coast market radio station. Shuffling to my desk in my bunny slippers and bathrobe, I fired up my computer so I would have my notes handy during the interview, and then I made the call into the radio station.

The interview started well, but just a few moments into it, my computer began to loudly play what sounded like a commercial for an action movie. The sounds of martial arts music and exploding bad guys were being blared over my phone to thousands of the radio station’s listeners, drowning out my own voice.

Panicking, I quickly tried to stop whatever was playing on my computer, but I couldn’t find it! In my haste to make the noise stop, I wound up unplugging my computer. That stopped the racket, but the damage was already done: The radio host thought I was nuts, I was flustered and struggling to pick up where I’d left off, and the 90-second segment was almost over.

In the aftermath, it took me quite a while but I managed to track down the source of the disaster: AIM.

To read more, go to my article AIM: Getting More than You Bargained For at eSecurityPlanet.com.

Law & Malware03 Aug 2005 07:40 pm

CNet reports that America Online’s Advertising.com subsidiary has reached a settlement with the Federal Trade Commission on charges that the company had distributed an anti-spyware program that actually contained adware bundled with it, and that the company had failed to adequately notify consumers about the hypocrisy.

According to the report:

Advertising.com, also known as Teknosurf.com, promoted its SpyBlast program as a way to protect users’ computers from “hackers,” the FTC charged. But those who downloaded the product also installed a separate program that monitored their online behavior and served them pop-up ads.

As is usually the case with these sorts of settlements, the company admitted no wrongdoing, but promised not to do it again. The company will also submit to FTC oversight of its behavior, which could subject them to substantial fines if the company is caught engaging in deceptive or unfair practices in future.

You can read the FTC’s press release here, and the settlement agreement here.

Malware & Spam18 Jul 2005 02:41 pm

Pulling together two of my recent blog postings, my monthly article for eSecurity Planet discusses recent moves by Microsoft that raise some significant questions about their efforts to promote trustworthiness and authentication in computing.

Malware11 Jul 2005 12:34 pm

As Microsoft continues to make doe-eyes towards the malware impresarios at Claria, the PR flacks are practicing their Tae-Bo moves in contorting themselves to explain why MS’s anti-spyware utility no longer recommends removal of Claria’s garbage.

According to a CNet article today, MS has issued a public statement to explain why it’s given Claria’s malware the kid-gloves treatment. According to the statement:

We also decided that adjustments should be made to the classification of Claria software in order to be fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors.

So there you have it… you can count on Microsoft’s anti-spyware utility to recommend that you “ignore” unwanted software by any vendor whose reputation is as bad as Claria’s.

As Microsoft puts it:

Microsoft is committed to helping protect our customers from spyware and other unwanted software by providing guidance and technology solutions. We firmly believe that people should have complete control over what runs on their computers.

Except when they’re interested in buying the company whose software has seized control of your computer, apparently.

Malware & Sillycon Valley Biz11 Jul 2005 06:43 am

A fascinating new survey conducted by the fine folks at the Pew Internet and American Life Project, and released late last week, found that 91 percent of Internet users have changed their online habits to avoid spyware.

This is quite a triumph for malware makers… You can’t get 91 percent of average people to come in out of the rain, so pissing off 91 percent of the public so much that they seek to avoid you is a real accomplishment!

There were a lot of other noteworthy findings. For example, 81 percent of users avoid opening e-mail attachments without knowing for sure that they are safe; 48 percent stopped visiting Web sites they considered to be potential sources of spyware; 25 percent don’t use music-swapping networks anymore; and 18 percent have switched Internet browsers.

The Pew report also showed that about 68% of users (approximately 93 million) have had computer trouble in the past year consistent with problems caused by spyware and viruses, although 60% of those who had problems were not sure where the problem originated. Some 25% of Internet users have seen new programs on their computers that they did not install or new icons on their desktop that seemed to come out of nowhere. One in five Internet users (18%) reported that their homepage had been inexplicably changed.

While covering on the Pew survey, the St. Petersburg Times interviewed Claria’s Chief Privacy Officer Reed Freeman, asking him about the all-too-frequently obscure privacy disclosures that are the stock-in-trade of malware companies. To his great credit, my old friend Reed recognized that it’s up to the malware companies to be more transparent in their practices:

“Consumers shouldn’t have to go hunt for disclosure of that nature,” said Reed Freeman, chief privacy officer of Claria. “Adware companies that are interested in broad consumer acceptance ought to be putting their disclosures in the download process as they are getting the product so they can make an informed decision about what they’re getting.”

I couldn’t help but chuckle at this quote, given that the subject of Claria’s crappy disclosures was a substantial bone of contention during my deposition in the dozen consolidated lawsuits against Claria. I’m so gratified to see that they’ve taken my criticisms to heart! :-D

Malware & Sillycon Valley Biz07 Jul 2005 12:37 pm

Anyone who owns cats knows the joy of waking up in the morning, stumbling towards the kitchen, and stepping barefooted in a cold, squishy pile of cat barf. As I read one of this morning’s news items in Good Morning Silicon Valley, I shuddered in exactly the same way that I do when feeling half-digested kibble ooze between my toes.

The GMSV posting in question discussed the fact that, on the heels of rumors that Microsoft is interested in buying malware company Claria, this week’s update of Microsoft’s anti-spyware utility downgrades the risk posed by Claria’s malware.

According to a posting by Eric Howes on Broadband Reports:

Several sources have now confirmed that Microsoft downgraded its detections of Claria’s adware products in the latest update (#5731) to Microsoft AntiSpyware released today. Where Microsoft AntiSpyware used to detect Claria’s products and present users with a “Recommended Action” of “Quarantine,” following today’s update Microsoft AntiSpyware now presents users with a “Recommended Action” of “Ignore” (see attached screenshot). Users can still change the action to “Quarantine” or “Remove.”

Click for larger image.

(Screenshot credit: Eric Howes @ Spywarewarrior)

This isn’t the first time an anti-spyware utility has downgraded the threat posed by Claria’s crap. But are the downgrades a sign that Claria is improving its practices? Hardly.

As I’ve noted before, Claria has managed to bully, threaten, or cajole, several anti-virus and anti-spyware companies into changing its default settings for dealing with a Claria-ware infestation.

My recommendation? Do as GMSV’s headline suggests: “Antispyware untrustworthy? Recommended Action: Ignore.” Always read your anti-spyware reports carefully and override any softpedaling it offers for known threats.

Law & Malware30 Jun 2005 04:18 pm

In near completion of their slide into the Dark Side, the Electronic Frontier Foundation has offered its congratulations to the malware makers WhenU on a recent court decision that will permit WhenU to generate pop-up ads over the websites of trademark holders.

The case involved 1-800-Contacts, who sued WhenU to stop them from generating pop-up ads for competitors when users attempted to visit the 1-800-Contacts website. The EFF had offered an amicus brief that raised some good points about the current state of trademark law, but ultimately failed to miss the larger point of WhenU’s unfair and deceptive practices.

According to the EFF’s Fred von Lohmann:

“A trademark owner is not entitled to control your desktop just because you happen to be visiting its website. […] This decision is good news for consumers who want the freedom to install tools that help them customize their web-surfing.”

Forget that WhenU’s software, like other malware companies’ products, often winds up on consumers’ computers without their knowledge or permission. Forget that when somebody wants to do business with 1-800-Contacts, the unasked-for, unwanted pop-up ad interferes with that business transaction. Forget that 1-800-Contacts has invested heavily in building a brand name that companies like WhenU, and the clients whose ads they deliver, are attempting to unfairly leverage.

The EFF would have you believe that the WhenU case is about a corporation — whose website you are trying to visit of your own free will — trying to somehow seize control of your desktop and prohibit you from using all your favorite Firefox plugins. This spin on the dispute is not merely deeply disingenuous, it’s downright intellectually dishonest.

Far from permitting consumers to exercise more control over their desktops, and be presented with more choices, malware companies themselves are seizing control of peoples’ computers and displaying what the malware company wants them to see, often without ever having asked them if they wanted such an interruption.

Malware companies don’t aid in competition, they interfere with it, using technological trickery to slip in between a consumer and the site they actually wanted to visit. As I wrote in my testimony before the Federal Trade Commission at their 2004 Spyware Workshop:

I believe that the practices of spyware-based advertising companies generally act to turn upside-down the notion of fair competition in a free market, allowing unauthorized parties to free-ride on the investments of others. The result is to, in effect, allow those advertisers who utilize spyware-based pop-up ads to supplement their advertising budgets with the investments made by those whose brands are targeted by the pop-up software.

Through an unfair technological circumvention of the normal advertising process, these advertisers are given the ability to deliver their advertising based not on their own efforts and investment in brand identity and advertising presences, but rather upon the efforts, popularity, brand recognition, and investments of others.

As a result, it is my opinion that the inevitable result of permitting one category of companies to usurp the brands and goodwill of another will cause businesses to reduce their investments in promoting and advertising their Web sites, resulting in less competitive information being presented to consumers.

I used to admire the EFF, back when they worked on actual issues of freedom and liberty. But lately they seem more concerned with trying to find the needle of civil liberties in haystacks of wrong-doing. When real freedoms are being threatened, they’re busy defending bad guys whose behavior actually harms people.

Whether it’s their work defending Grokster (“no, of course our name wasn’t trying to appeal to users of Napster”) or defending WhenU (“consumers love our software, even though 98 percent who install it can’t uninstall it fast enough”), they seem to have lost their way.

Malware & Sillycon Valley Biz30 Jun 2005 12:41 pm

According to CNet’s Stefanie Olsen, Microsoft is reportedly in discussions to buy Claria, the notorious firm responsible for many of the unwanted pop-up ads and malware infections that are battled by consumers the world over.

According to BitsofNews.com, this move “underscores just how eager Microsoft is to catch up with Google, the search and advertising giant.” Eager?!?! How about desperate? Picking up Claria for its advertising network is like buying a nuclear test site because the lack of anything standing affords a great view of the mountains. Just ignore the 3-headed rabbits populating the poisoned ground and you’ll be fine.

There are plenty of other ad networks out there, most of which got to be successful without engaging in deceptive, unfair, and tortious activities.

Claria is a long-standing pariah among consumers, and its advertising reach is directly tied to its years of distributing malware and encouraging abusers to taking advantage of security holes in Microsoft’s operating system to install the software surreptitiously and without permission. Claria claims to be migrating its business model to one focused on more legitimate forms of business. But like the Gotti family and their garbage hauling business, it’s going to take them some time to stop living off their “other” gigs.

To get an idea about how brazen Claria is these days, you really need to check in with Ben Edelman, who is doing yeoman’s work tracking the malware industry. His analysis of Ezone.com gives you an excellent example of how Claria takes advantage of inexperienced users to get their malware installed on the computers of unwitting consumers.

Dan Gillmor has also done an excellent job of encapsulating the Valley’s thoughts on Claria in his posting this morning. As he notes, neither company would be enhanced by a union. Although, as I will explain, I think it may actually be a better match than you might think.

When I served as an expert witness for a group of a dozen companies suing Claria, I learned a lot about their business practices. Unfortunately, I can’t really talk about any of the juicy details that I learned. Suffice to say, there was ample evidence in the record to make it worth Claria’s while to settle those suits — which they did last year.

Over the last several years, I’ve also had the opportunity to work fairly closely with executives at Microsoft on a number of issues related to privacy, security, and spam. While I have known a few really wonderful people who have passed through the doors at Microsoft, I’ve also found that in far too many instances, seeing a lengthy stint at Microsoft on someones bio is an all-too-reliable warning sign of someone you shouldn’t turn your back on.

Too many of my experiences with those who have risen to executive positions at the Redmond giant, and those alumni who have since moved on to build their own ventures, have been marked by bald-faced dishonesty and an utter vacuum when it comes to issues of ethics and honor. And the infection doesn’t stop there. I’ve learned that when Microsoft inserts its tentacles into various “independent” organizations, it has had remarkable success in driving out anyone with principles and stacking the organization with bought-and-paid-for apologists.

Yes, yes, I freely admit that I’ve got a chip on my shoulder when it comes to the ways in which I’ve been screwed by Microsoft over the years. But I’ve also learned that there are two kinds of people in this community: those who have been screwed by Microsoft, and those who keep begging for it as long as the money keeps flowing.

The irony is that, putting together what I know about Claria with what I’ve I came away from my experiences with Microsoft, I think Claria would be an excellent fit for the Redmond culture.

Malware16 Jun 2005 09:26 pm

BitTorrent, the cool new thing in intellectual property theft, appears to be suffering from an infestation of malware. According to a CNet News article, the anti-malware maker Sunbelt Software has discovered that music and video files retrieved through BitTorrent’s decentralized file sharing system, were in fact infected with multiple types of malware.

In one case, an episode of the Fox TV show “Family Guy” was bundled with several pieces of known adware, according to Boyd. “Under that kind of load, a midrange PC can easily go under,” Boyd said. Both spyware and adware are known to hurt PC performance because they use PC resources to run.

So if you’re a BitTorrent user, be on the look-out. Personally, I think that if you get infected from willfully using a product like Kazaa, Morpheus, or now BitTorrent, it’s really just a case of “lying with dogs, arising with fleas,” and you’re getting what you deserve. But your mileage may vary. :-P

Next Page »