[1stPickPCHelp] A New Spyware Tactic?

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Thu, 05 Dec 2002 12:36:51 -0800

I just received this interesting newsletter;

Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see ~ http://www.mwn.ca 
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
See my Anti-Virus pages ~ http://virusinfo.hackfix.org
A Technical Support Alliance Charter Member 
http://groups.yahoo.com/group/techsupportalliance
_____________________________________________________

A New Spyware Tactic? by Jerry Campbell

 
I don?t usually publish a Newsletter unless I have a new program to
release but in this case I think it?s more than warranted.  Thanks goes
out to JoeComputer for alerting me about this one.

A program called Spyware Nuker was recently released boasting it can remove
Spyware and Adware from your PC that others may leave behind.  After testing
this I was very surprised by what I found.  Am I calling this Spyware?  Read
on for the results of mt tests and you can decide.

What first caught my attention is that you have to first download a small
installer that downloads and installs the main file.  As a software
developer I can tell you that it?s twice the work to create a file to
download a file and unnecessary in my opinion.  Most that do this will
download to a temporary directory, install the program and then delete the
main file.  The only reason I see for this is if someone didn?t want you
to have or see the main file.  I managed to get it anyway and found that
their files were compressed by a little known compressor and aren?t
readable by standard Windows means.  Is there something to hide?

Here are a few excerpts from their 5 page license agreement:

"You acknowledge that "Trek Blue" may, at their sole discretion and for any
purpose, provide updates, automatic or otherwise, to the "Trek Blue"
Program(s)  including but not limited to the advertising or other
value-added software and technology.

By installing, downloading, copying, updating or otherwise using the  "Trek
Blue" Program(s), you specifically agree to include and/or accept the noted
software and technology through which "Trek Blue", its subsidiaries,
affiliates, partners, divisions, and clients provide value-added upgrades
and applications to your computer."


In other words, they can install anything they want, anytime they want
without informing you ?including but not limited to advertising or other
value-added software and technology? on your PC.


"You acknowledge that you desire to receive value-added content and
applications as a condition to using the  "Trek Blue" Program(s)."

Translation:  We?re covering our butts so you can?t sue us.

On running a Domain name check I found that the Domain
http://www.spywarenuker.com is actually owned by the following advertising
company that according to them ?specializes in integrated marketing, media
branding and online advertising technologies?

Domain Name: SPYWARENUKER.COM

   Organization:

      Lions Pride Enterprises, Inc.

      1959 Palomar Oaks Way - 3rd Floor

      Carlsbad, CA 92009

      US

      Phone: (760) 496-1600

      Fax..: (760) 496-1601

      Email: webmaster@xxxxxxxxxxxxxxxxxxxxxxxxx

      Web Site: http://lionsprideenterprises.com/


How about that?  A Spyware removal program owned by an advertising company
that specializes in installing Spyware/Adware on Computers.  What?s wrong
with this picture?

 
I found this on the Spyware Nuker web site:

?Some LSP products may overwrite system files such as wsock32.dll?

The file wsock32.dll is written by Microsoft and it?s used to connect you
to the Internet and you can't connect without it.  Why would they need to
overwrite that?  As far as that goes, why does a program installed on your
PC to scan for files even need to be connected to the Internet to be used?
Again, it must be there to download and install their ?advertising or
other value-added software and technology?.


JoeComputer and I both use Lavasoft?s Ad-Aware regularly (still the best
in my opinion) and Spyware Nuker did find 6 more files it tagged as
Spyware/Adware.  The only problem is that they were wrong on all 6 counts
and removing some caused problems. These were perfectly legitimate files and
definitely not Spyware.  One example is that it tagged a .dll in Microsoft
Money as Spyware and quarantined it.  After that any time My Computer, My
Documents or any other directory was clicked on Windows asked for the MS
Money disk.  Huh???


Now here?s the kicker, this is Shareware that will show you which files it
thinks are Spyware but if you want to remove them you?ll have to fork over
$30 to do it.  So if I?m right, and I believe I am, not only are they
installing Spyware on our PCs but they?re charging us $30 to do it.  Does
the expression ?Brass Balls? ring a bell?

As I said at the beginning, am I calling this Spyware?  No, I would never
say anything like that!  (I can also cover my butt)  As Bill O?Reilly on
The Factor says, ?We report the facts and let the audience decide?.

Regards,

Jerry Campbell

http://Camtech2000.net

http://Camtech2000.com

http://Camtech2000.org



~*~*~*~*~
Was this forwarded to you?  Want to subscribe?  Send an email 
to 1stpickpchelp-request@xxxxxxxxxxxxx?Subject=subscribe.

For a complete list of email commands for our list send an email 
to ecartis@xxxxxxxxxxxxx with a subject of "info 1stpickpchelp" without the 
quotes.

If you wish to unsubscribe from our list send an email 
to 1stpickpchelp-request@xxxxxxxxxxxxx?Subject=unsubscribe

To contact the list moderators send an email to 
1stpickpchelp-moderators@xxxxxxxxxxxxx
~*~*~*~*~

Other related posts:

• » [1stPickPCHelp] A New Spyware Tactic?

1. Home
2. 1stpickpchelp
3. Archive
4. 12-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---