Spyware Weekly Newsletter :· March 26, 2004

The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/mar26,2004.

Permalink | Top

Several people sent links to the following story.

A California man installed a keylogging device on his boss's computer and was caught. He has been indicted by a Federal grand jury on wiretapping charges.

Wiretap whistleblower indicted on spyware charges

A former employee at an Anaheim insurance company has been indicted on US federal wiretapping charges for allegedly installing an electronic device on a company computer that recorded every keystroke made by a secretary to a company executive.

Larry Lee Romp, 46, of Huntington Beach, was indicted by a federal grand jury in Los Angeles on a single count of endeavoring to intercept electronic communications, a violation of the federal wiretap statute. Romp, who was employed by Bristol West Insurance Group/Coast National Insurance Company until he was terminated in September 2003, is scheduled to be arraigned on the indictment on April 5.

More: http://www.in-sourced.com/article/articleview/1529/1/1/

Spyware at center of wiretap case

A Los Angeles-area man was indicted today for allegedly installing a tiny, almost imperceptible hardware device to spy on his boss's every keystroke, in a case that shines a spotlight on the ease with which spy technologies now can be purchased and used by consumers.

The $49.95 device, called a Key Katcher, is barely the size of a child's pinkie, but it has 46-year-old Larry Lee Roppin a heap of trouble. Romp, who says he was acting as a whistleblower, was indicted by a federal grand jury for illegally intercepting electronic communications and now faces up to five years in jail.

More: http://msnbc.msn.com/id/4595662/

The device the man installed is called a "keycatcher".It is a cylinder that plugs into the PC at the keyboard port, with another port for the keyboard to plug into. It can record every single keystroke and it's very hard for most people to notice. This kind of spyware cannot be detected by the likes of Spycop or X-Cleaner because no software is used.

If anyone other than yourself has physical access to your computer, you should check that keyboard cable occasionally. You never know what you might find.

Permalink | Top

As you know, someone tried to knock SpywareInfo off the internet by launching a massive distributed denial of service attack. For a few weeks we were unable to keep the site running for more than a few minutes. We finally set up several redundant proxy servers as a shield and the site has been operating fine, although there have been a few hiccups with the message board.

Unfortunately, it is costing over $500 per month to host the site now. That's in addition to the $700 bill I received for the bandwidth used during the attacks. Thankfully, the data center agreed to charge only for outgoing bandwidth. If they had charged for incoming bandwidth, the bill would have been $2,400.

If you would like to help with the costs, there is now a new option. We've opened up a CafePress storefront and are selling T-Shirts, coffee mugs, hats and even underwear. I tried to talk my partner Catherine into modeling the thong but she wouldn't do it. *snaps fingers*

The prices are higher than I would like, but CafePress charges their own fees and their base prices are nearly retail price to begin with. I've reduced the prices until the end of next week. After that, the price of everything there will go up slightly.

Each item has a logo which says "DLTBW". That stands for "Don't Let The Bastards Win" (or "BadGuys" if your kids ask you to explain the initials). Of course, that refers to whoever attacked the site and tried to keep it offline. They attacked SpywareInfo, they attacked merijn.org, they attacked Net-Integration and they attacked TomCoyote. Except for Merijn, all of these are back online; and we're working on Merijn's site.

Spywareinfo wants to thanks Travis, Chance, and Tuxedo Jack for contributing their talents and time to put together the graphic.

I'd like to also have another design to offer on the merchandise. What I have in mind is someone looking over someone else's shoulder while they're sitting at a PC and the words "Who's looking over your shoulder? Find out at www.spywareinfo.com". I have no skill at all at drawing, either on paper on in Photoshop. If someone could whip up something like that and send it to me, I'll use it.

If nothing there interests you, there are two other options. There is PayPal for those who have a Paypal account or don't mind signing up for one (it is free).

There is a snail mail address if you do not like Paypal or have no means of sending money online. Please make sure to make checks (in US Dollars) or money orders (in American currency) out to James Healan and not Mike Healan so I am not hassled at the bank. Please note that contributions to SpywareInfo are not tax deductible.

The address is:
James Healan
PO Box 2378
Reidsville, GA USA 30453

Thank you very much for your contributions. Now go buy some stuff. :)

Permalink | Top

An affiliate of Aluriasoftware, maker of SpywareEliminator, has been caught spamming people and using the Look2Me parasite to promote their software. Look2Me digs itself very deeply into Windows and is darned near impossible to remove. Once installed, it pops up advertisement windows.

I wrote to Aluriasoftware to ask about this situation. Aluriasoftware's CEO, Jamie Garrison, wrote back.

Yes, I am familiar with this. James [Director of Operations] has brought it to our attention and our affiliate manager has been looking at it. If I'm not mistaken this is someone that has had almost zero activity and we have deleted their account as of this incident. I want to say that they didn't even have any sales. If you ask me, this is someone that has a vendetta against us (you know how sticky being in anti-spyware can be). I think they want us to look like we are up to no good.

No, we do not approve and won't allow it, ever. They will not be paid (if they did make any sales) and we are sending out a newsletter to all active affiliates reminding them of our policies. Parasitic methods are never allowed and we have recently instituted a "no email" policy....even the legit ones (if there even are any anymore :) It just isn't worth it. We have a concentration on anti-spyware and won't let a few idiot affiliates get in the way :)

Some people are suggesting that Aluriasoftware approved the methods used by this affiliate, although I don't believe that. I'm an affiliate of this company myself, one of their first affiliates in fact, and I can't imagine them permitting someone to do this. The whole antispyware community, myself included, would roast them over a spit if they turned to this sort of marketing. Last year, I publicly delisted a company that sent out a mailing urging affiliates to use pop-ups.

I believe this was one of two things: either this affiliate thought he could do this and get away with it, or he was trying to smear the company. If it was a smear attempt, it seems to have worked somewhat as there are a few people convinced that Aluriasoftware approved of the idea.

Permalink | Top

Utah's Governor Walker has signed the Spyware Control Act into law. Thank you very much to everybody who contacted Governor Walker about the Act. It is now law in Utah.

As it turns out, the law is weak on enforcement. In fact, according to the Center for Democracy and Technology (CDT), it is non-existent. CDT's Michael Steffen wrote to me about it this week.

Just FYI, CDT actually opposed the Utah bill as well intentioned but badly executed. For example, it provides no way for consumers to act against programs defined as spyware under the bill, and doesn't even allow the state's attorney general to act on consumers' behalf (as is standard in fraud laws). A concern is that this will become a model for other laws to "address spyware" without actually providing aid for computer users. The letter we sent to the governor is here: http://www.cdt.org/privacy/spyware/20040312utah.pdf

I did read several critiques of the Act from different viewpoints, including one by its author. However, I'm not a lawyer so I never noticed this problem. It is still good that the law passed, even if it lacks enforcement. Hopefully it will prod the federal government into action.

Ads are one thing and I have no problem with them. I do have a major problem with parasitic software that sneaks onto a PC, sets deep roots so it cannot be removed and pops up advertisements based on the work of an someone else's web site.

Industry self-regulation clearly is not working to stop unscrupulous companies from preying on novice computers users any more than it worked for spam. I just hope that any federal regulation of spyware doesn't become the disaster that CAN-SPAM has become. CAN-SPAM makes the problem worse rather than better.

Permalink | Top

I have written a new article. You've read the Browser Hijacking article (you have read it haven't you?). That article discussed how a browser becomes hijacked and how to fix it. The new article explains how to avoid being hijacked in the first place.

Check it out and spread the word about it. I want everyone with internet access using Windows to read it.

The archives listing the past issues of the newsletter have been updated. All past issues are now listed.

Also the list of E911-enabled cell phones which allow the owner to disable GPS tracking by non-law enforcement persons has been updated.

Links:

http://www.spywareinfo.com/articles/hijacked/ :· Browser Hijacking article
http://www.spywareinfo.com/articles/cell_phones/ :· List of E911-enabled cell phones
http://www.spywareinfo.com/articles/hijacked/prevent.php :· How to prevent a browser hijacking
http://www.spywareinfo.com/links.php?cat=newsletter#newsletter :· Newsletter Archives

Permalink | Top

SpywareInfo needs help! The word has spread that SpywareInfo is the place to go to exterminate a browser hijacker. Unfortunately, there is a colossal number of people infected with browser hijackers and other parasites. Our message board is being overwhelmed with people who need help.

We really could use some more volunteers to help people out at the message board. Those of you who work tech support for ISPs and PC makers who refer these people to SpywareInfo (you know who you are), this is your chance to return the favor. Anyone who knows computers and wants to help people is welcome.

If you have the time to spare, there is an informal "boot camp" at our message board, where the antispyware experts show people how to go about interpreting HijackThis log files. We have made spotting and removing parasites from log files into an art form. We need as many volunteers as possible who are willing to learn that skill and help people.

If you would like to help us out, please read this posting: http://www.spywareinfo.com/forums/index.php?showtopic=32637.

Permalink | Top

It has come to my attention that the newest version of AOL's software is causing a very large number of false spam complaints. Apparently, they have put the "Report as spam" button right next to the "Delete" button (I haven't verified this) and false complaints are being filed accidently every day in very large numbers.

AOL also has started blocking web traffic to web sites linked in spam complaints. I cannot afford to have my site blacklisted. It is a risk I cannot take. All subscribers using an aol.com email address will be unsubscribed after this newsletter is sent out. If this effects you, you will need to find an alternate email service, such as Hotmail or Yahoo, to resubscribe.

I apologize for the necessity of this. Please direct any complaints to AOL.

Permalink | Top

Should We Lay Down the Law Against Spyware?

No one knows how many computers are infected with spyware, the insidious software that installs itself without notice and triggers an unending stream of pop-up ads that are based on the content of the websites that a user has visited. The National Cyber Security Alliance reported last year that some sort of spyware lurks inside the computers of more than 90 percent of broadband users. More recently, when the Center for Democracy & Technology asked one network administrator about the infection rate of computers on his system, it heard the same 90 percent figure.

More: http://comment.cio.com/soundoff/032504.html

Message To Spyware: Get Off Our Private Property

Keystroke loggers and spyware developers may soon be silenced, as Congress is debating a bill that would outlaw the intrusive software and declare it akin to trespassing on private property.

"It's my computer. It's my private property," said Sen. Conrad Burns (R-Montana), during a public hearing in the U.S. Senate earlier this week, talking about his bill to ban spyware. "I bought it and paid for it for my use only. Not some leech."

The plague of spyware is getting so bad that it might rival spam if it does not abate soon.

More: http://www.technewsworld.com/perl/story/33231.html

FBI Petitions for Broad Wiretapping Rights

The Bush Administration has asked the Federal Communications Commission to require broadband service providers to introduce new architecture in their networks that would facilitate eavesdropping by law enforcement officials. The 85-page proposal was filed March 12 by the Department of Justice, the FBI, and the Drug Enforcement Administration. Experts are saying that if it is approved, it could dramatically hinder both emerging and existing technologies.

"Many of the VoIP providers are already working closely with law enforcement to make sure they can get what they need," says Flint. "The problem, though, is that the FBI shouldn"t be designing technology systems. They shouldn"t be going into the core of the Internet and rearchitecting things, which is what would hurt innovation."

More: http://www.pcmag.com/article2/0,1759,1549618,00.asp

Lawmakers Alarmed by RFID Spying

Utah's House of Representatives passed the first-ever RFID privacy bill ..., 47-23. Utah state Rep. David Hogue said that without laws to ensure consumer privacy, retailers will be tempted to match the data gathered by RFID readers with consumers' personal information.

"The RFID industry will carry the technology as far as they can," said Hogue, sponsor of the Radio Frequency Identification Right to Know Act. "Marketing people especially are going to love this kind of stuff."

Utah's Right to Know Act is based on federal legislation drafted by the consumer privacy group Consumers Against Supermarket Privacy Invasion and Numbering, or CASPIAN. It requires all goods bearing functioning RFID tags in stores to be labeled as such. The bill will take effect May 5, 2005, if it is approved by the Utah state Senate and Utah Gov. Olene S. Walker.

More: http://www.wired.com/news/privacy/0,1848,62433,00.html