May 16, 2005

New Phishing Attack Uses Real ID Hooks

Look out! A new breed of phishing attack is on the loose, trying to use stolen consumer data to rip off individual account holders at specific banks.

This more sophisticated form of phishing threat forsakes the mass-targeting approach traditionally used in the fraud schemes in favor of taking aim at individual consumers. The list includes some of the largest financial-services companies in the nation.

According to an article that appeared in CNET, the phishing e-mails arrive at bank customers' in-boxes featuring accurate account information, including the customer's name, e-mail address and full account number. The messages are crafted to appear as if they have been sent by the banks in order to verify other account information, such as an ATM personal-identification number or a credit card CVD code, a series of digits printed on the back of most cards as an extra form of identification.

Phishing is a form of online fraud that has exploded in frequency over the last several years. Typically using large-volume e-mail campaigns, phishers try to trick people into sharing personal information that the thieves then sell or use to commit identity theft. The new breed of attack, however, could have a higher success rate because the e-mails present unsuspecting recipients with accurate information in a document that looks like legitimate bank correspondence.


May 16, 2005 in Spyware | Permalink | Comments (1) | TrackBack

March 10, 2005

Anti-spyware legislation approved

A key committee in the U.S. House of Representatives unanimously approved anti-spyware legislation Wednesday that includes revisions designed to make the bill more palatable to business interests.

HR29, the Securely Protect Yourself Against Cyber Trespass Act, or Spy Act, is sponsored by Rep. Mary Bono (R-California). It aims to prevent spyware purveyors from hijacking a homepage or tracking users' keystrokes, requires that spyware programs be easily identifiable and removable, and allows for the collection of personal information only after express consent is given by users. 

Full article at Wired News

March 10, 2005 in Spyware | Permalink | TrackBack

February 16, 2005

New bill to regulate spyware approved

New bill quells advertiser fears that cookies are not to be considered spyware:

A House of Representatives panel on Wednesday approved a bill to regulate spyware, a move that begins a second attempt to target the problematic class of software after a similar measure died in the Senate in 2004. Last year, the House voted for the so-called Spy Act by a 399 to 1 margin.

This year's version is slightly different. Author Mary Bono, R-Calif., said that it was revised before Wednesday's vote to clarify that cookies, text files saved by Web browsers, are not covered by the bill--something that some online advertisers had worried about.

From CNET News


February 16, 2005 in Spyware | Permalink | TrackBack

February 11, 2005

Anti-spyware market looms large in 2005

According to a Forrester Research study sixty five percent of surveyed companies plan to invest in antispyware solutions this year.

Technology decision makers from 185 North American companies of all sizes participated in the survey. While 69 percent of large enterprises said they would purchase anti-spyware tools this year, only 53 percent of small and medium businesses said they'd go for such protection, it found.

The study exposed several cracks in firms' anti-spyware strategy. Almost 40 percent of respondents failed to put a number to the total number of their machines that have been infected. According to the rest, about 17 percent of their systems had already suffered from spyware, a number Forrester expects to climb to 25 percent within 12 months.

Full article:  CNET Security >> Business & legal

Tags: , ,

February 11, 2005 in Spyware | Permalink | TrackBack

February 10, 2005

Trojan attacks Microsoft's anti-spyware

Seems like trouble for Windows AntiSpyware:

Windows AntiSpyware is threatened by a Trojan horse that also tries to steal online banking details, a security company warns.  Virus writers have created a malicious program that can disable Microsoft's new anti-spyware application, security experts warned on Wednesday.

Antivirus experts, who are calling the Trojan "Bankash-A," say it is the first piece of malicious software to attack Windows AntiSpyware, which is still in beta.

"This appears to be the first attempt yet by any piece of malware to disable Microsoft AntiSpyware," Graham Cluley, a senior technology consultant at Sophos, said in a statement. "As Microsoft's product creeps out of beta and is adopted more by the home user market, we can expect to see more attempts by Trojan horses, viruses and worms to undermine its effectiveness." From CNET

Tags: , , , ,

February 10, 2005 in Spyware | Permalink | TrackBack

February 09, 2005

Anti-Spyware Group Splits

Apparently there's some drama going on in the Anti-Spyware industry:

"Some members of an anti-spyware group resigned after the group, the Consortium of Anti-Spyware Technology vendors (COAST), instituted a certification process that could allow adware vendors to distinguish themselves from the less desirable spyware purveyors. The certification process allowed adware firms 180Solutions and Weatherbug into the consortium, angering three longer-term members from the computer security community. Webroot, Aluria and Computer Associates said they would rather leave the group than sully themselves by associating with firms using software to display advertising. Others note that COAST has changed spyware and adware firm practices by engaging with the companies and establishing reasonable standards. 180Solutions has agreed to change its software practices as part of its certification process with COAST. Among other things, the software exploited an ActiveX vulnerability to install software without seeking explicit permission, according to CNET. COAST gave 180Solutions 90 days to replace all of its user base's software. A Webroot executive told CNET that this wasn't good enough, saying adware "uses your computer's resources and sometimes [has] sloppy or damaging practices all in the purpose of serving up ads, which they get paid for and you don't."" From MarketingVOX via CNET "Catfight in the spyware corral"

Tags: , ,

February 9, 2005 in Spyware | Permalink | TrackBack

February 03, 2005

Spyware Information

iMediaConnection posts a story today about how BURST! Media, Inc. ran a banner in late 2004 intended to educate consumers about spyware.  The banner linked to an informational page which has some pretty good general information about spyware. I've posted the bulk of that information below:

Spyware Information & Resources

Many Internet users have at some point or another had to deal with an Internet experience compromised by excessively intrusive advertising, often in the form of pop ups or pop unders. After some preliminary research, most users in this scenario find that they have spyware or adware on their computers.

Spyware vs. Adware

The terms spyware and adware are often used interchangeably (including points within this article), because their impact on an Internet user can be similar. Both adware and spyware deliver ads based on observed browsing behavior. However, these terms are not synonyms. The primary difference between adware and spyware is that adware is permission based. Adware is most often downloaded after the user decides that the benefits of the program or software justify the increased advertising.

Spyware differs from adware in that the end user is often unaware that the program even resides on their computer. Spyware programs can download directly from websites (depending on browser security settings), or are deceptively packaged with other programs that were downloaded voluntarily. Spyware is different from adware in that it is designed to be difficult to find and uninstall.

Depending on the specific type of software that you have downloaded, it may deliver advertisements that are not associated with the websites you are visiting, collect information about you without your knowledge, change your browser settings, and make using your computer and the Internet difficult. Some individuals whose computers are infected with spyware find it almost impossible to use their computer regularly until the software is removed.

The increasing amount of spyware around, is an important issue to web users. Spyware violates the traditional advertising agreement between visitors and content providers. Visitors read content for free and the publisher is paid by displaying a reasonable amount of advertising. Spyware delivers ads to visitors without providing anything in return. Spyware gives Internet users a negative experience, a negative view of the websites they visit, and a negative view of Internet advertising in general. As an advertising representative of 2,000 quality websites, BURST! is committed to helping web users reach the content they really care about as easily as possible.   From BURST!

Tags: , , ,

February 3, 2005 in Spyware | Permalink | TrackBack

February 02, 2005

Rise In Spyware

An article on TechWeb today points out issues with an increase in spyware:

The worst kinds of spyware reached all-time highs in the last quarter of 2004, said a national ISP and an anti-spyware vendor as they released their quarterly SpyAudit report Wednesday.

The numbers offer hard evidence to back up suspicions that phishing scammers are turning to deadlier, stealthier spyware to hijack identities and empty bank accounts.

Spyware -- the umbrella term given to software that installs and runs without the user's knowledge -- collects data such as surfing habits, or, more maliciously, records keystrokes in the hope of snagging account passwords or other confidential information.  Full article at TechWeb

Securence offers information on anti spam software and anti spyware software solutions.

Tags: , , ,

February 2, 2005 in Spyware | Permalink | TrackBack

January 17, 2005

Spyware - Spy vs Spy

Recent article from Forbes on spyware:

"Here's a typical scenario in tech world: Without warning, your computer flashes a dialogue box that says your machine has been infected with spyware. Click here, it instructs, for antidote software that will fix it. And, indeed, the helpful link does offer a program to get rid of the prying software--before installing its own spy package on your PC instead. "

"Sometimes the cure for spyware is worse than the disease. It's a problem that affects at least two-thirds of PCs, often without their owners' knowledge, and generates 12% of all support calls to Dell. But once you find out your computer is tainted, getting rid of the offending software is tough and comes with serious pitfalls. "

Full Article >


January 17, 2005 in Spyware | Permalink | TrackBack

January 12, 2005

Crackers Tune In to Windows Media Player

eWeek provides coverage of a recent exploit.

"Crackers are using the newest DRM technology in Microsoft's Windows Media Player to install spyware, adware, dialers and computer viruses on unsuspecting PC users."  Excerpt from Slashdot.

January 12, 2005 in Spyware | Permalink | TrackBack