[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[PSUBS-MAILIST] Fwd: Spyware Weekly Newsletter > July 9, 2003]
- Subject: [PSUBS-MAILIST] Fwd: Spyware Weekly Newsletter > July 9, 2003]
- From: Coalbunny <coalbunny@vcn.com>
- Date: Wed, 09 Jul 2003 21:40:45 -0600
> Spyware Weekly Newsletter :· July 9, 2003
>
>
> The Spyware Weekly Newsletter is distributed every Tuesday more than
> 7,000 subscribers and read online by tens of thousands of visitors.
> Click here to subscribe. To unsubscribe from this newsletter, click
> the link provided at the bottom of the newsletter. Please read our
> Terms of Use for quoting guidelines. This edition of the Spyware
> Weekly Newsletter is archived permanently at
> http://www.spywareinfo.net/july9,2003.
> -----------------------------------------------------------------------
>
> Paypal Scam Alert!
>
>
> Permlink | Top
>
> Do you have a Paypal account? If so, then you need to be aware that,
> once again, someone is trying to steal your password.
>
> These scams are usually easy to spot because Paypal always logs you
> into your account using a secure page (https:// means secure). In this
> case, however, the con artist has registered a certificate for use on
> a secure connection. He has also disguised his web address to make it
> appear as if it led to Paypal's web site.
>
> Occasionally you may have come across a page on a web site that asks
> you to log in using a network password (example). You type in your
> user name and password and click OK to gain entry. There is a way to
> avoid having to enter your user name and password. You add your user
> name and password to the beginning of the internet address.
> http://my_name:my_password@www.example.com/passwd_protected/ is a good
> example of this.
>
> The scammer's email gives you a link to
> ki54ft.worldispnetwork.com/i.cgi, but it includes a user name and
> password for a password protected directory, and the user name happens
> to be www.paypal.com. This is the same cute trick used recently by a
> browser hijacker to fool people into thinking they were loading
> msn.com.
>
> At the web page linked in the email, there is a login form. If the
> victim fills in their password, they give this scammer their Paypal
> password, and his script combines that with their email address. After
> submitting the form, the cgi script redirects the user to the real
> Paypal login page. This is done in hopes that the victim doesn't
> notice anything suspicious. The victim may not realize that anything
> is wrong until they get the email receipt of the scammer cleaning out
> their account.
>
> Please, pass this warning along. Too many people fall victim to these
> scams, and this one is very convincing.
>
> Credit to message board member APlusWebMaster for spotting this.
>
>
> Links:
>
>
> http://isc.sans.org/diary.html?date=2003-07-07 :: Internet Storm
> Center
> http://www.spywareinfo.com/images/misc/auth.png :: Screenshot of
> password prompt
> -----------------------------------------------------------------------
>
> Aluria's Spyware Eliminator
>
>
> Permlink | Top
> Program: Spyware Eliminator
>
> Author: Aluria software
> Platform: Windows 98, ME, NT 4.0, 2K, XP
> License: $59.98 $29.99
> Download
>
> Aluria's Spyware Eliminator is an excellent program. It cleans out
> computer usage history that someone snooping around on your computer
> might use to piece together your computing activity. It detects and
> removes advertising spyware, porn dialers, and browser hijackers.
>
> Unlike the free spyware detectors that are so popular, it also detects
> and removes most surveillance spyware and keyloggers such as
> Spectorsoft's e-blaster and Spector Pro. Commercial surveillance
> spyware is expensive stuff, and the developers of free spyware
> detectors simply can't afford to buy it for testing.
>
> Spyware Eliminator has just been updated to version 3.0, and it sports
> a lot of new features.
>
> Spyware Eliminator now protects against ActiveX drive by
> installations. ActiveX installers are one of the most common sources
> of parasite infections. If you download something that bundles with
> and installs spyware, Spyware Eliminator will alert you instantly that
> it has been installed. No waiting for the next scan. It also
> blacklists IP addresses and web sites known to be malicious.
>
> If you are an advanced user, the scanning options are far more
> flexible than they were previously. You can even set it to scan your
> system on a schedule you set. If you are newbie and can barely work
> with your computer, it has easy-to-understand wizards to help you use
> it.
>
> Aluria's developers also receive the mailing list I send out when a
> new or updated spyware program is discovered and it is always kept
> up-to-date. When false positives or bugs are reported, they have
> always updated to fix the problem. This is a program that definitely
> has my recommendation, and with a thirty dollar reduction in price, it
> is a huge bargain!
>
> Click here for more information about the new Aluria Spyware
> Eliminator
>
>
> Link:
>
>
> http://www.spywareinfo.com/rd/aluria/ :: Aluria Information Page
> -----------------------------------------------------------------------
>
> CWS Hijacker
>
>
> Permlink | Top
>
> A new malware is being distributed that hijacks Internet Explorer
> start and search settings to one of several different web sites,
> including coolwwwsearch.com, coolwebsearch.com, youfindall.net,
> ok-search.com, and white-pages.ws. All of these web sites appear to
> have an affiliate relationship with coolwebsearch.com in which
> coolwebsearch pays them for every visitor they refer. There could be
> other domains involved in the future.
>
> This hijack is similar to the datanotary.com hijack discovered last
> month. As with that older hijack, the CWS hijack sets Internet
> Explorer to use a custom style sheet containing javascript that opens
> a pop up window. In fact, we believe the malware involved with CWSis
> an updated version of the same malware involved with datanotary.
>
> The start and search settings are changed to an address in which the
> letters are converted into an unreadable mess of numbers and % symbols
> to hide the domain name from the user. It also makes it difficult to
> blacklist the domain. Internet Explorer is able to translate the
> symbols and load the hijacker's web site.
>
> An executable file named bootconf.exe is copied to the
> \windows\system32\ folder and set to load at startup. Even if you fix
> the hijack, this file will reinstall it the next time it is loaded.
>
> Finally, the malware lists the hijacker's web site in Internet
> Explorer's trusted security zone. Domains listed in the trusted
> security zone have no restrictions on what they can do. This allows
> that web site to have virtually unlimited access to the infected
> computer's file system.
>
> We believe the source of the infections might be activex drive by
> installers located on pornographic web sites, or possibly trojan
> programs pretending to be illegal serial number generators.
> Unfortunately, this is just speculation for now.
>
> Full removal instructions are located at
> http://www.spywareinfo.com/articles/cws/
>
>
> Links:
>
>
> http://www.spywareinfo.com/articles/cws/ :: Full version of this
> article
> http://www.spywareinfo.com/articles/datanotary/ :: Datanotary article
> at SWI
> -----------------------------------------------------------------------
>
> Public Database of Government Officials
>
>
> Permlink | Top
>
> Remember TIA, known formerly as Total Information Awareness and now as
> Terrorist Information Awareness? TIA is a new project by the United
> States Department of Defense. TIA's purpose is to amass a colossal
> database of information about American citizens and visitors to the
> country.
>
> The stated goal of this project is to help protect America from
> terrorists. However, many fear that TIA will be abused by the US
> government to monitor US citizens who have nothing to do with
> terrorism or any other crime. This fear is exacerbated by the fact
> that the head of the project is Admiral John Poindexter, a man known
> for his contemptuous disregard for privacy rights and citizen
> oversight of government. Poindexter was once convicted of committing
> purgery before the US congress (a federal crime in the United States),
> although the conviction was later overturned.
>
> Massachusetts Institute of Technology's Media Lab has opened its own
> database, a database of information on government employees. The
> database, located at http://opengov.media.mit.edu, will be updated
> constantly with information and documents submitted by the visitors of
> the web site. The idea is to build a community of citizen watchdogs
> keeping an ever watchful eye on the same people keeping an eye on
> them.
>
> Personally, I like it. I like it a lot. I don't want to deny the
> government the ability to monitor suspected terrorists. On the other
> hand, I don't want the government abusing its tools by monitoring
> citizens who have nothing to do with terrorism.
>
> I have noticed two trends ever since the Al Quaeda attacks of 9-11.
> One trend shows itself in the laws that have been passed since that
> horrible day, laws that give the government ever greater powers of
> surveillance and authority. The other trend is that certain key
> officials in positions of great power are obstructing the citizen
> oversight of government activities that is required by law. In my
> view, it is the latter trend that is more dangerous.
>
> Like it or not, the US government and its agents have the ability to
> track nearly every detail of any person's life in which they take an
> interest. That in itself is not dangerous to our liberty. The danger
> lies in a government that feels that it is not accountable to those it
> governs and does not feel compelled to report its activities to them.
>
> I don't fear the FBI tapping my telephone. What I fear is the FBI
> tapping my telephone, and not being required to tell anyone they're
> doing it.
>
>
> Links:
>
>
> http://www.spywareinfo.com/articles/gia/ :: This article
> http://opengov.media.mit.edu :: Government Information Awareness web
> site
> -----------------------------------------------------------------------
>
> ZoneAlarm "flaw" is a bunch of hooey
>
>
> Permlink | Top
>
> If you pay any attention to news about software or PC security, you've
> no doubt heard of a severe flaw discovered recently in the popular
> ZoneAlarm personal firewall. You may have heard that Zone Labs
> initially refused to fix this flaw in the free version of their
> software, saying that users would need to upgrade to the expensive Pro
> version to fix this issue. You may also have heard that Zone Labs has
> back pedaled and decided to address the issue after all.
>
> Here is something that you may not have heard. Most of that is not
> true. Zone Labs is not telling people to upgrade to the pro version to
> fix this flaw. In fact, there is no flaw to be fixed.
>
> This all started when someone posted a hypothetical password theft
> exploit to Bugtraq. In his hypothetical exploit, the person speaks of
> a rogue application running and stealing the user's passwords or
> credit card information. This application sends a command to Windows
> to start the user's web browser and load an internet address. In the
> poster's example, the rogue application sends the information that it
> had stolen as part of the request to the server. The person claimed
> that this constituted a bug in the core design of ZoneAlarm that
> allows software to bypass it and access the internet.
>
> In fact, all the person had found was a feature of Windows that is
> commonly known and well documented. If a program gives the Windows
> shell a command, and the command starts with http://, Windows
> determines correctly that the program wants the user's web browser to
> load a web page. Windows checks the registry to see which web browser
> the user has configured to handle web surfing, then loads the web page
> in that browser. If the user has set their firewall to allow their web
> browser to access the internet, then obviously there will be no alert.
>
> This is not a flaw in ZoneAlarm by any conceivable stretch of the
> imagination. Does Zone Labs write Windows? No, Microsoft does, and yet
> ZoneAlarm has been singled out as being responsible for this issue.
>
> Read the rest of this article at SpywareInfo
>
> Links:
>
>
> http://www.securityfocus.com/archive/1/326371 :: Bugtraq posting
> http://www.spywareinfo.com/articles/zonelabs/exploit_hoax.php :: The
> full version of this article
> -----------------------------------------------------------------------
>
> DogReader
>
>
> Permlink | Top
>
> I mentioned several weeks ago that I was involved in a new web site
> with my best friend. The web site, DogReader, is a valuable resource
> for anyone with a dog in the family. I wrote an article for it myself
> a few weeks ago.
>
> The site is already getting a lot of attention. It was featured in a
> recent issue of the straight-poop.com newsletter and has even been
> named one of the top-12 writing sites on the Web by
> writewritewrite.com.
>
> If you haven't checked the site out yet, you definitely should today.
> The July 8 article is a republication of a story written by Holly
> Manon Moore and published in the book, Chicken Soup for the Cat & Dog
> Lover's Soul. This is a very, very good story, and you definitely
> should check it out. The older, archived articles there are also an
> excellent read.
>
>
> Links:
>
>
> http://www.dogreader.com/ :: DogReader Web site
> http://www.dogreader.com/archives/000018.php :: My article at
> DogReader
> -----------------------------------------------------------------------
>
> Mozilla Article
>
>
> Permlink | Top
>
> To the guy that emailed asking for permission to quote part of my last
> newsletter for a Mozilla article, the email address you gave me
> doesn't work. ;-)
>
> Go right ahead and use that quote you asked about.
>
> Anyone else that would like to quote something that I have written,
> please read SpywareInfo's Terms of Use policies.
>
>
> Link:
>
>
> http://www.spywareinfo.com/terms.php :: Terms of Use policies
> -----------------------------------------------------------------------
>
> Links and Software Pages Improved
>
>
> Permlink | Top
>
> I have redesigned both the downloads page and the links page on the
> web site. Rather than one long page that takes forever to load (on
> dialup at least), both of these pages now allow you to pick which
> categories you want to look at. You can also choose to view all
> categories at once and to close all of them.
>
> I have also updated links for both the articles located on the site
> and also put together an archive of every past issue of this
> newsletter. I warn you though, the first several issues of the
> newsletter are horrible looking. I *will* be switching all of those
> old issue to the new design.
>
>
> Links:
>
>
> http://www.spywareinfo.com/downloads.php :: Software page
> http://www.spywareinfo.com/links.php :: Articles and links page
> -----------------------------------------------------------------------
>
> Late
>
>
> Permlink | Top
>
> Sorry for this issue being late. Normally, this newsletter is released
> on Tuesday. However, I have been dodging thunderstorms nearly every
> day for weeks now. Several times over the past week, my power has gone
> out, leaving me with no way to write or research my articles.
>
> If Mother Nature will leave me alone this week, the newsletter will be
> on time next Tuesday.
> -----------------------------------------------------------------------
>
> Recommend SpywareInfo to a friend
>
>
> Permlink | Top
>
> Do you like SpywareInfo and this newsletter? Then please tell a few
> friends about it! We are trying to come up with ways to increase the
> number of visitors to the web site and the number of subscribers of
> this newsletter.
>
> Recently I signed up for RecommendIt's service, also used by Scot
> Finnie and Fred Langa. When you use RecommendIt's service to send a
> link to a friend or family member, you can also choose to enter a
> contest with a grand prize of $10,000.
>
> The privacy policy of the site looks solid and I did ask around if
> anyone had heard anything bad about it before I signed up for it. You
> can use their service to recommend SpywareInfo to someone you know at
> http://www.recommend-it.com/l.z.e?s=881459
>
> Of course, you don't *have* to use RecommendIt's site to send a friend
> a link to the site. Just sending an email will also do the trick.
> Links:
>
> http://www.scotsnewsletter.com :: Scot Finnie's Newsletter
> http://www.langa.com/newsletter.htm :: The Langalist
>
>
> -----------------------------------------------------------------------
>