![]() ![]() After the infection is complete, which is so extensive it takes close to five minutes, a system is loaded with 8 viruses, 8 spyware packages and 7 adware products. About a week ago someone sent me a link to a web page, that if visited using a version of Internet Explorer that hasn’t been patched with December’s security updates, slams the system with deluge of malware (several sites download the same malware package using the recently discovered Is another antispyware vendor promoted in the same way as Spyaxe. Spyaxe of course denies any connection with the underhanded advertising, but it’s hard to believe someone would promote Spyaxe this way without some financial incentive. Related to an infection dubbed “Spyaxe.” It gets its name because it continuously pops up tray balloons informing users that their systems are infected. The most trafficked threads on the Sysinternals forums are Either they, or partners that have a vested interest in sales of their products, are actually infecting machines so that users are essentially blackmailed into purchasing. Unfortunately, sleazy antispyware vendors aren’t just stopping with misleading banners and false infection reports. It looks like the unscrupulous antispyware vendors are part of a ring. The user interfaces of both these antispyware tools look the same, but with different skins and icons, which leads me to believe that Myspywarecleaner and Spyware Storm are licensing core "antispyware" technology from someone else. through, so whoever is behind Spyware Stormer apparently wants to remain anonymous. The Whois report for lists it has beeing registred by Domains by Proxy, Inc. One group was the Registry keys associated with Windows Internet Configuration Wizard, which Spyware Stormer reported as the "Surfairy" spyware package, and the other related to COM objects involved with the per-user configuration of Explorer that the tool labelled as "WinAD" adware. Once again, the infections were false positives. I downloaded their spyware cleaner, ran it on a the same clean Windows XP install, and it reported 7 different "infections": The only reference I found on the web to the owner or his company was aįrom June of 2004 that complains of one of their tools falsely identifying systems as being infected with the Sasser worm.Ī few days later I ran into the same banner on another site, one for Windows systems administrators that would be embarrassed if revealed, and clicked again. Lookup of the domain name shows that it belongs to Gary Preston of Secure Computer LLC. Who makes Spyware Cleaner? You won’t find out on the Myspywarecleaner web site, which consists of only a handful of pages like the download page, a FAQ page, and one for affiliates. ![]() Of course, to remove the “infections” a user has to pay to register the software. It also lists each COM component twice, reporting their presence in HKLM\Software\Classes as well as HKCR, which for those objects is a symbolic link to HKLM\Software\Classes. The page looks like an Internet Explorer error message, again probably to mislead unsophisticated surfers into following its directions, and it guides visitors to download and install an antispyware utility called Spyware Cleaner:Įven on a freshly installed copy of Windows XP, Spyware Cleaner reports close to a dozen “extreme risk” and “high risk” infections that include innocuous items like cookies left by MSN.com and several built-in Windows COM components, including RDSHost.exe, the Remote Desktop Service control, and Shdocvw.dll, a Windows shell COM object, both of which Spyware Cleaner identifies as spyware. Here’s an example I ran across recently on a popular web site:Ī click on the image took me to a page at Even more unlike Windows dialogs, however, is the fact that clicking anywhere on the image, even the part that looks like a No button, results in the browser following the underlying link to the target page. Most of the advertisements look like Windows error dialogs complete with Yes and No buttons, and although the word “advertisement” sometimes appears on the dialog background, the notice is usually small, faded and far from the area where users focus their attention. The most innocuous of malware-like antimalware behaviors is to advertise with web site banners and popups that mislead average users into thinking that they have a malware problem. I don’t subscribe to that theory and trust the major security vendors, but recent trends show that there’s a fuzzy line between second-tier antispyware vendors and the malware they clean. Where antivirus companies generate their own market by paying virus writers to develop and release viruses. Since the release of the first antivirus products many people have believed in a First published on TechNet on Jan 03, 2006 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |