Whipnet | Security | Phising Hole
Web Hosting Services
Whipnet's Tech Services for Houston, Tx

Contact Whipnet


Business Consultations


Hardware Services
Software Services
Virus Removal Services



Computer Security | Phishing Hole in IEComputer Security - Misleading Software


FTC shuts down spyware Web sites

Company selling harmful program, authorities allege


SEATTLE - Consumers across the country who bought a Washington company's anti-spyware program could be unwittingly allowing malicious software to upload onto their computers. The Federal Trade Commission recently shut down the Spokane company promoting software called SpywareAssassin after investigators discovered it didn't work, leaving consumers vulnerable to pop-up ads, privacy invasions and other threats, according to newly unsealed court documents. A federal judge in Spokane issued a temporary restraining order on March 8 against the software's promoter, Thomas Delanoy, who says that he has been advised by his attorney not to comment on the case. Meanwhile, computer experts say that with the rapidly increasing infiltration of exploitative software on personal machines, all computer users, whether they paid for the allegedly useless SpywareAssassin or not, should seek protection against unknown software downloads.

All types of danger

Spyware is now a common term for software that, without the user's knowledge, tracks activities on the computer and then transmits information over the Internet to someone else who uses it, presumably for marketing or theft. There are several types of spyware, from what experts describe as passive, such as cookies, to the more malicious, such as browser hijackers, key loggers (recording all keystrokes, including passwords or credit card numbers), viruses and automatic phone dialers. According to the FTC, the makers of SpywareAssassin, MaxTheater and their affiliates, used e-mails and Internet ads to market the bogus software, then used deceptive pop-ups to scare consumers. "You have dangerous spyware virus infections on your computer," the pop-ups declared, when there was no way to know if the computer contained spyware. "This spyware threat is very, very real," said Steven Gribble, a computer science professor at the University of Washington. "So, this company, assuming the FTC was correct, was capitalizing on this very tangible, very real threat. The metaphor I would use is a company selling snake oil to protect you against the bird flu." SpywareAssassin.com told viewers that there was a 99 percent chance their computers were infected with adware or spyware and then purported to create an "ironclad line of defense" against them. No one knows for sure how many computers are infected, although it is "frighteningly high," Gribble said. He estimated that between 75 percent and 80 percent of computers have at one point been given spyware. "This is the reality of living on an open Internet. You now need anti-virus software, anti-spyware software and you need anti-spam software, and you need firewalls, as well," said Hank Levy, another UW computer science professor.

Universities infected

Gribble and Levy published a report last September, apparently the first academic attempt to quantify the proliferation of spyware, showing that 69 percent of organizations using the UW network, such as academic departments, had at least one host computer profile infected with spyware. The professors emphasized the infiltration on campus despite UW's network security protocols. The UW study found that just four common spyware applications affected 1,587, or 5 percent, of networked computers on campus. But many experts believe that there are more than 800 distinct spyware applications actively floating around the Internet. The number of times those applications are spread increases exponentially as millions of users download free software, often called shareware, which allows spyware to piggyback through the download. Some of the most common shareware that brought spyware along with it to UW computers were Kazaa and Morpheus, programs that help people share files, according to the UW study. Piggybacking on downloads also can allow a particular type of spyware to open back doors through network firewalls. Acting on consumers' fears of the spyware phenomenon, Congress last fall tried to pass the SPY ACT (Securely Protect Yourself Against Cyber Trespass.) The measure passed the House but lingered in the Senate. The measure is now before Congress again, but lawmakers have rewritten portions to exclude other, more common types of marketing tools, such as cookies. There is also a new exception for anti-piracy programs, such as Microsoft's Windows Genuine Advantage, which interacts with a computer to determine if the software running on it was properly paid for and licensed.

Progressive legislation

In Olympia, meanwhile, the state House last week passed a bill that would prohibit anyone from transmitting software to deceptively modify another's computer settings, collect personally identifiable information through key logging, prevent the installation or uninstalling of programs or otherwise take control of the other person's computer. The bill also would restrict the use of spyware for unrequested marketing. The bill, HB 1012, must go before the state Senate. If enacted, Washington would be one of the first states to prohibit the use of spyware. Twenty other states are considering similar laws this year, according the National Conference of State Legislators. No one testified against the bill, but such legislation could curb the practices of some Washington businesses, such as Bellevue-based 180Solutions, which have programs that allow it to display advertising targeted to a computer user's current activity, such as browsing the Internet for a particular product.

Growing nuisance

The problem with spyware is likely to get worse before it gets better, Gribble said. "There are programs out there that purport to be anti-spyware that you can download for free that are actually spyware," he said. SpywareAssassin charged consumers $29.99. In addition to the phony detection of spyware, the software does not remove "any and all," as it advertises, nor even substantially all of the spyware installed on a computer, the FTC said. Most of the Web sites promoting SpywareAssassin have been taken offline. According to captured images of the sites, MaxTheater also offered webmasters a 70 percent cut, or $21, for each $30 sale of the software download. Mona Spivack, lead attorney in the FTC case against SpywareAssassin, said that there are likely many consumers who bought the software who think they are protected against spyware but could be running malicious software on their computers. Spivack declined to say how many consumers may have purchased the software but said the promotion was spread nationwide.

Seattle Post-intelligencer


What is Adware?

Pharming for Your Identity

Internet Cookies

Phishing Flaw in Alternate Browsers

Phishing Hole Discovered in Internet Explorer

Avoiding a Phishing attack


Security VulverabilityJPEG No Longer Safe for Viewing



HOME                                                          2002-2020 Whipnet Technologies