RE: Spyware becomes increasingly malicious
William Warren wrote:
not all the variants are that easy..how about doing a google on coolwebsearch..scumware.com has a good writeup as well as spywareinfo.com...the newer variants are not that easy....
I second that. The version I saw required a third party registry editor and booting up into the recovery console from an XP cd (safe mode didn't cut it) just to remove a hidden dll. Had it not been for the forums out there at http://forums.spywareinfo.com and the cwsshredder, which got most, but not all, of the cruft installed by this piece of bastard software, my grandmother's computer would still be popping up those tens of pages of garbage randomly. The authors of these coolwebsearch variants are extremely intelligent programmers with far more understanding of the bowels of the windows platform than your average script kiddies. If you get hit with the version I saw, it's no 10 minute piece of cake. What I don't understand is how exploiting bugs in a program (internet explorer) to install software without the consent or even acknowledgement from the owner/user is legal behavior. To me, it's just like someone abusing a bug in bind, and installing a rootkit, which last time I checked, could end up getting someone in legal troubles. For another hastily-thought-out analogy, it's like someone breaking into your house and reprogramming your cable box to keep changing the channel to the home shopping club every 30 seconds. -Brian
The authors of these coolwebsearch variants are extremely intelligent programmers with far more understanding of the bowels of the windows platform than your average script kiddies. If you get hit with the version I saw, it's no 10 minute piece of cake.
It makes spywire more dangerous than viruses, which are written (in 99.99% cases) by more younger and less experienced persons (and without good QA, good project management etc).
What I don't understand is how exploiting bugs in a program (internet explorer) to install software without the consent or even acknowledgement from the owner/user is legal behavior. To me, it's just like someone abusing
It is not a bug; it is specially designed IE feature. MS always was proud of their full automation - install on demand, update automatically, add new software to start at a startup without need to be system admin, etc etc... As a result, we have a field full of bugs, pests, pets, spiders, spies and so on... They have _exactly_ what they designed. No one even bored to ask me 'do you want to allow this registry change' , because 'MS believe that their users are lamers so everything must be automated from the beginning to the end'... It is another weak side of MS design (first one is complexity....) and other side of MS agriculture (first one is monoculture easily infected by mortal infection). I do not blame MS, but what about spyware on MAC-s - is it so easy to write and install spyware there?
a bug in bind, and installing a rootkit, which last time
It is a difference. This was a bug. Bind have not undocumented features. MS have millions of undocumented features, and (because they never opened their OS and never published full specs) every developer play a game 'find a feature before competitors and use it'. As a result, someone finds features which was not designed but just 'happened' -:). Anyway, this are a features, not a bugs. This is 100% legal at this point (and even if it is not legal, who bored about it outside of USA? No anyone!).
I checked, could end up getting someone in legal troubles.
For another hastily-thought-out analogy, it's like someone breaking into your house and reprogramming your cable box to keep changing the channel to the home shopping club every 30 seconds.
-Brian
Brian Battle wrote:
For another hastily-thought-out analogy, it's like someone
breaking into your house and reprogramming your cable box to keep changing the channel to the home shopping club every 30 seconds.
That would be the result of the "broadcast bit". Pete
participants (3)
-
Alexei Roudnev
-
Brian Battle
-
Petri Helenius