The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/jan29,2004.

Permalink | Top

It's official. The MyDoom worm is worse than Sobig.f. Called variously Mimail.R, MyDoom, Novarg as well as other aliases, MyDoom accounts for one in every twelve emails on the internet as of Wednesday morning. Sobig.f accounted for one in every seventeen emails at its worst.

The worm spreads from an infected PC by emailing itself to everyone in the victim's address book, as well as appending likely email user names to the domains found in the address book. For instance, when it finds newsletter@spywareinfo.com, it will send itself to that address as well as faking a common user name such as bill@spywareinfo.com or james@spywareinfo.com.

Many of the emails appear to be bounced messages with subjects such as "Server Report", "Mail Transaction Failed" or "Mail Delivery System". Mixed in with that will be real bounces from email servers running antivirus software. When a mail server running antivirus encounters a virus-infected email, often they will be set to bounce that email to the sender.

I wish the administrators of those servers would turn off that feature. No useful purpose is served by bouncing those emails since the majority of modern email worms spoof the FROM: address. Anyone who allows their email server to bounce virus emails is participating actively and adding to the network load caused by that virus.

If the sobig.f outbreak did not clearly deliver that point to server operators, I can't imagine why they are entrusted with running the server in the first place. Quite frankly, I am sick of receiving these bounces and am seriously considering sending an invoice for bandwidth to a couple of companies.

MyDoom also spreads on the Kazaa file sharing network. Once the PC that has Kazaa installed is infected, the worm finds the shared folder by looking in the registry, then copies itself there with any of the following filenames: nuke2004, office_crack, rootkitXP, strip-girl-2.0bdcom_patchers, activation_crack, icq2004-final and winamp5. These files can end with .exe, .scr, .pif or .bat.

MyDoom will use infected machines to launch a denial of service (DoS) attack on the Web site www.sco.com from February 1 through 12. It also opens a remote access proxy server on ports 3127 to 3198. An attacker can connect to an infected machine on these ports and make it download and install files.

Symantec says the worm appeared to contain a program that logs keystrokes on infected machines, but no other antivirus that I am aware of mentions this keylogger.

This worm is a nasty bugger and the infection rate is incredible. If you have a friend or family member who does not understand how to operate an antivirus, please check that they are updated and protected. If they don't have an antivirus, download one and install it for them.
http://www.nod32.com/ Nod32 $39.00 (The best AV available in my opinion)
http://www.grisoft.com/ AVG Free (Good enough for the price)

Links:

http://www.spywareinfo.net/aug26,2003#bounces :· Please Stop Bouncing Infected Emails
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R :· WORM_MIMAIL.R

Permlink | Top

Program: Registry Mechanic and Tweak Manager
Author: Winguides Software
Platform: Windows 9x/ME, NT, 2K, XP
Click to purchase Tweak Manager
Click to purchase Registry Mechanic
Purchase both and receive a $10.00 discount. Add both products to your cart and use coupon code SWBUNDLE to receive your discount

Tweak Manager was probably the most fun to test of all the programs that have been featured here. I am a geek and I like playing with my computers. I set up a test computer recently with a fresh install of Windows on it. I used Tweak Manager to play with the settings and this program is amazing.

As its name implies, Tweak Manager allows you to tweak every imaginable setting on your Windows machine. There are literally hundreds of settings that can be tweaked and more are added all the time. You can change how Windows looks, how it behaves, how it shuts down and how it starts. It will optimize memory and CPU usage and tweak your internet connection to speed up your web browsing and downloads. Tweak manager disables unsafe settings and many common annoyances such as reminder pop-ups and balloon tips. Some of these tweaks are not for the faint of heart, so please be careful.

Tweak Manager lets you choose for which users on the machine you are changing settings and even lets you tweak another machine over a local network. I've used a dozen tweaking programs and Tweak Manager has the most refined interface I have ever seen. It is intuitive and nicely organized which makes finding a particular tweak very easy. It even points out other tweaks related to the one you currently have selected and lets you go online to read about each tweak at Winguides.com. You don't have to be a geek to find your way around this program.

If it has been some time since you last installed Windows, then your computer's registry is probably a horrible mess. Everything you do on your computer leaves traces in the registry, from picking through the start menu, opening program, installing programs and surfing the web. These traces build up over time and fill your registry with unneeded junk.

Even after uninstalling them, many programs leave invalid entries throughout the registry and it is nearly impossible to remove them all. If you ever have had a problem with Windows telling you a file is missing after you restart it, this is because of an invalid registry entry.

Registry Mechanic scans your entire registry to find these junk entries. It also checks your shortcuts to find those pointing to non-existent programs. Once it has scanned, it lists every invalid registry entry and every shortcut pointing to a missing file and lets you delete them with the click of a button. Every entry that is removed is backed up in case you need to restore something. Depending on how long it has been since you installed Windows, you might see a small difference to a dramatic increase in performance and stability.

Links:

Tweak Manager: http://store.eSellerate.net/a.asp?c=0_SKU3844387508_AFL085344836
Registry Mechanic: http://store.eSellerate.net/a.asp?c=0_SKU9387073395_AFL085344836
Purchase both and receive a $10.00 discount. Add both products to your cart and use coupon code SWBUNDLE to receive your discount

Permalink | Top

Quickly check to see if your favorite software has been updated.

Dozleng.com has opened a "Calendar of Updates" that lists updates to popular software. Using the calendar feature built into the popular Invision Power Board message board, registered members of the site can log in and post to the calendar, when a product has been updated. If your favorite program is not listed among the updates, you can register at the site and update it yourself.

This actually is a pretty clever idea. I may steal it for use at SpywareInfo's message board. We use a sub forum for software updates instead of the calendar.

Links:

http://www.invisionpowerboard.com/ :· Invision Power Board
http://forums.spywareinfo.com/index.php?showforum=22 :· Software Update Announcement forum
http://www.dozleng.com/updates/index.php?act=calendar :· Calendar of Updates

Permalink | Top

Program: K9
Address: http://keir.net/k9.html
Author: Robin Keir
Platform: Windows 98, ME, 2000, XP (not sure about 95 and NT)
License: Free (Voluntary donation for site hosting costs requested)

Author's blurb

K9 is an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time.

K9 learns from its mistakes and becomes better and better at being able to identify spam. More importantly it learns to recognize what you consider to be spam.

K9 is for standard POP3 email accounts only. It does not directly support Hotmail, AOL or any other kind of webmail type systems, nor does it support SSL or secure authentication as used by MSN.

Mike's blurb

I've been using K9 since late December. A lot of email finds its way into my inbox and most of it is spam. Out of 3,800 emails that K9 has processed, there has been exactly one true false positive. There have been just over 200 false negatives in the same time, which is not too bad. Most of those false negatives were in the first week. Since then, the bayesian filtering engine has caught roughly 19 of every 20 spams.

By default, K9 adds "[spam]" to the subject line of emails it flags as spam. This allows you to create a message rule in your email program that treats those tagged emails in whatever manner you decide. I send them to a spam folder and clear it out every so often. I'm tempted to let it go ahead and delete spam automatically. It is that accurate.

I wouldn't recommend this to computer beginners. It takes a little bit of work to set it up. For everyone else, definitely give this program a try. It's free, so you have nothing to lose and it works great.

Permalink | Top

The scoop on spyware

What is spyware? And what harm can it do to my network?

Even in its most innocuous form, spyware is an invasion of privacy.

Spyware programs such as Cydoor, Gator, Lop.com and Xupiter install without the user's knowledge by piggybacking on peer-to-peer file-sharing programs, cute executable images or a long list of freeware.

Primarily used for target advertising purposes, spyware tracks a user's Web habits. Some programs log keystrokes and even capture and transmit screen images.

"These programs are hard to avoid because they come bundled with other things, and it's not always apparent when they're installing themselves. And once they're on computers, they can be difficult, time-consuming and costly to remove," says Michael Steffen, policy analyst with the Center for Democracy and Technology (CDT) in Washington, D.C.

More: http://www.computerworld.com/securitytopics/security/story/0,10801,89489,00.html

Software to limit tracking cell phone users

Now that wireless companies can track a mobile phone's location, customers will want to control exactly who knows where they are and when.

Bell Labs says it has developed a network software engine that can let cell users be as picky as they choose about disclosing their whereabouts, a step that may help wireless companies introduce "location-based services" in a way customers will find handy rather than intrusive.

More: http://www.cnn.com/2004/TECH/ptech/01/19/cell.location.ap/index.html

Plans for Wireless Directory Raise Concerns About Privacy

After last year's campaigns against spammers and telemarketers, lawmakers on Capitol Hill are poised to tackle the next privacy frontier: the nation's 150 million wireless phones.

As a group of carriers quietly works to create the first wireless white pages, legislation is in the works to protect consumers concerned about the privacy issues of those numbers going public. Privacy advocates say the proposed protections are not strong enough.

The Wireless 411 Consumer Privacy Act was introduced in both the House and the Senate before the holiday recess. The bill would require existing customers who want to be listed in a national database of numbers to "opt in," or specifically say they want to be listed, while new wireless subscribers would have to "opt out," that is, choose not to be listed.

More: http://www.spywareinfo.net/rd/30

Firm wants a base for your data

A giant corporation that owns major hotels, mortgage lenders, real-estate companies and tax-accounting services is getting into other business. Yours.

The Cendant Corp. wants to compile a massive database of its customers. The database would include more than 200 pieces of personal information, including credit-card numbers, e-mail addresses, driver's license numbers and financial information such as income and mortgage balances.

The data would be collected from all of the corporation's businesses and put into one place to "determine customer buying patterns and behavior," according to a draft proposal obtained by The Washington Times.

More: http://washingtontimes.com/national/20040125-124210-9676r.htm

Lie-detector glasses offer peek at future of security

It may not be long before you hear airport security screeners ask, "Do you plan on hijacking this plane?" A U.S. company using technology developed in Israel is pitching a lie detector small enough to fit in the eyeglasses of law enforcement officers, and its inventors say it can tell whether a passenger is a terrorist by analyzing his answer to that simple question in real-time.

More: http://www.eetimes.com/story/OEG20040116S0050

Permalink | Top

This week, we have a Junk Science Award instead of a scumbag award.

The Junk Science Award goes to HP Labs for producing one of the most outlandish pieces of junk science I have ever seen. This study concludes that a person's reluctance to divulge personal information stems directly from a perception that the information in question "deviates" somehow from "normal" society. To put that into English, only a deviant worries about their privacy.

This study is rubbish. They asked 127 people how much money it would take for them to divulge their weight in front of a group of peers. They found that those who are overweight asked for more money. Congratulations HP, you have discovered the concept of "peer pressure". You should receive a gold sticker for that revelation.

However, the conclusion of this study implies that people in general are unwilling to divulge personal information because they feel that the information will portray them as deviant. This is not only incorrect, it is an insult to every living person on this planet. There are plenty of perfectly normal reasons not to divulge personal information and you don't have to resort to junk science to list them.

Without the slightest doubt, the antiprivacy kooks will point to this study and start screeching "See!? People with nothing to hide don't worry about their privacy! You must be hiding something deviant!". To this, I say, "Ok, fine. Drop your pants and let's put a tape measure to what's in your boxers. What's that? You don't want me to publish that? Why don't you? Are you hiding something?"

Next week we will publish a rebuttal of this junk science. That rebuttal will be based on actual "science" written by someone who has studied statistical analysis and paradigm design and applied it to "the real world" successfully.

Links:

http://science.slashdot.org/article.pl?sid=04/01/27/1950258 :· Weighing the Value of Privacy
http://www.hpl.hp.com/research/idl/papers/deviance/index.html :· Privacy and Deviance
http://science.slashdot.org/comments.pl?sid=94484&cid=8113114 :· [in reply to] Do we need more or less privacy?

Permalink | Top

I'm considering adding another subscription option but I want some feedback before I decide on it. Subscribers using this third option would receive only a notification that the newsletter is online. They would not receive the actual newsletter itself, just a link to the online version.

Basically, it would look similar to this (except in plain text):

Hello Subscriber,

The January 28 issue of The Spyware Weekly is online at http://www.spywareinfo.net/.

This would (hopefully) circumvent spam filters that decide they don't like the content of the newsletter and it would help with those email programs that screw up hyperlinks (AOL is bad about that). It would also save me some bandwidth. The newsletter usually is only about 20-30 KB in size, but multiply that by 11,000 subscribers and watch how that number grows.

Does this sound like an option in which you would be interested? If you think this sounds like a good idea, click this link and send me an email to vote. No message is required, just the email itself (I won't be reading them, only counting). If enough people are interested, I will set it up.

While I'm on the subject, I would like to point out a problem with the unsubscribe links at the bottom of the newsletter. As I mentioned, some email programs screw up links. I've had more than one person email saying they couldn't unsubscribe because their program messed up the very long link at the bottom. If this happens to you (and only if this happens), send an email to unsubscribe@spywareinfo.com and I will remove your address manually. Be sure to specify whether you are subscribed to the text or html version.

Permalink | Top

Running SpywareInfo has become an expensive thing to do. Somewhere on the order of 300,000 visitors use about 200 gigs of bandwidth every month. This is not a cheap web site to host.

If you would like to help with the costs, there are two options. There is PayPal for those who have a Paypal account or don't mind signing up for one (it is free).

There is a snail mail address if you do not like Paypal or have no means of sending money online. Please make sure to make checks (in US Dollars) or money orders (in American currency) out to James Healan and not Mike Healan so I am not hassled at the bank. Please note that contributions to SpywareInfo are not tax deductible.

The address is:
James Healan
PO Box 2378
Reidsville, GA USA 30453

Thank you very much for your contributions.