|
Excerpt from: CamTech 2000 http://camtech2000.net/Newsletters/a_new_spyware_tactic.htm A New Spyware Tactic? I don't usually publish a Newsletter unless I have a new program to release but in this case I think it's more than warranted. Thanks goes out to JoeComputer for alerting me about this one. A program called Spyware Nuker was recently released boasting it can remove Spyware and Adware from your PC that others may leave behind. After testing this I was very surprised by what I found. Am I calling this Spyware? Read on for the results of mt tests and you can decide. What first caught my attention is that you have to first download a small installer that downloads and installs the main file. As a software developer I can tell you that it's twice the work to create a file to download a file and unnecessary in my opinion. Most that do this will download to a temporary directory, install the program and then delete the main file. The only reason I see for this is if someone didn't want you to have or see the main file. I managed to get it anyway and found that their files were compressed by a little known compressor and aren't readable by standard Windows means. Is there something to hide? Here are a few excerpts from their 5 page license agreement: "You acknowledge that "Trek Blue" may, at their sole discretion and for any purpose, provide updates, automatic or otherwise, to the "Trek Blue" Program(s) including but not limited to the advertising or other value-added software and technology. By installing, downloading, copying, updating or otherwise using the "Trek Blue" Program(s), you specifically agree to include and/or accept the noted software and technology through which "Trek Blue", its subsidiaries, affiliates, partners, divisions, and clients provide value-added upgrades and applications to your computer." In other words, they can install anything they want, anytime they want without informing you "including but not limited to advertising or other value-added software and technology" on your PC. "You acknowledge that you desire to receive value-added content and applications as a condition to using the "Trek Blue" Program(s)." Translation: We're covering our butts so you can't sue us. On running a Domain name check I found that the Domain http://www.spywarenuker.com is actually owned by the following advertising company that according to them "specializes in integrated marketing, media branding and online advertising technologies" Domain Name: SPYWARENUKER.COM Organization: Lions Pride Enterprises, Inc. 1959 Palomar Oaks Way - 3rd Floor Carlsbad, CA 92009 US Phone: (760) 496-1600 Fax..: (760) 496-1601 Email: webmaster@lionsprideenterprises.com Web Site: http://lionsprideenterprises.com/ Note: As of June 12, 2003 the lionspride web site is no longer available. But http://trekblue.com is. Registrant: Administrative Contact: Domain servers in listed order: "SHARK01" - an appropriate name. And of course there's http://trek8.com which looks basically the same as Lionspride did. Domain Name.......... trek8.com There's that SHARK again. How about that? A Spyware removal program owned by an advertising company that specializes in installing Spyware/Adware on Computers. What's wrong with this picture? I found this on the Spyware Nuker web site: "Some LSP products may overwrite system files such as wsock32.dll" The file wsock32.dll is written by Microsoft and it's used to connect you to the Internet and you can't connect without it. Why would they need to overwrite that? As far as that goes, why does a program installed on your PC to scan for files even need to be connected to the Internet to be used? Again, it must be there to download and install their "advertising or other value-added software and technology". JoeComputer and I both use Lavasoft's Ad-Aware regularly (still the best in my opinion) and Spyware Nuker did find 6 more files it tagged as Spyware/Adware. The only problem is that they were wrong on all 6 counts and removing some caused problems. These were perfectly legitimate files and definitely not Spyware. One example is that it tagged a .dll in Microsoft Money as Spyware and quarantined it. After that any time My Computer, My Documents or any other directory was clicked on Windows asked for the MS Money disk. Huh??? Now here's the kicker, this is Shareware that will show you which files it thinks are Spyware but if you want to remove them you'll have to fork over $30 to do it. So if I'm right, and I believe I am, not only are they installing Spyware on our PCs but they're charging us $30 to do it. Does the expression "Brass Balls" ring a bell? As I said at the beginning, am I calling this Spyware? No, I would never say anything like that! (I can also cover my butt) As Bill O'Reilly on The Factor says, "We report the facts and let the audience decide". UPDATED 12/12/2002 We finally received a response from Jamie Leasure at Trekdata.com who claimed that Spyware Nuker is not Spyware, the License agreement was an oversight and outdated. The program was just released 11/13/2002 on Cnet so it sure became outdated quick. He also said that they are in negotiations to buy the Domain and program. He failed to mention that Trekdata's business address is exactly the same as Lions Pride Enterprises. By the way, Trekdata's business is mass email marketing. Enough said about that. I have done a install/uninstall tracking every step of the way and here's the results. The first time I ran the program it immediately tried to connect to the Internet as well as the other Computers on my Network. Of course I blocked it. After uninstall I found that it left these files behind in the Windows\System directory: argradient.ocx I deleted them with no problem. If you have installed it before I would suggest you do the same after uninstalling it. If you are using an NT based Operating System you'll find them in Winnt\System instead of Windows\System. Of course the real damage occurs after you install the program and it starts downloading their value-added content and those file names can change from time to time in order to avoid detection. For removing those I use and highly recommend SpyBot Search & Destroy. It's an excellent program for getting rid of Spyware and it's free. http://spybot.safer-networking.de/ It will also install a program in your Windows Startup so it's always running. To remove it click Start/Run and enter msconfig in the box. Then look in the Startup tab for it. It will probably say Spynuker Installer or something similar. Remove the check and restart your computer. If you like you can also use Camtech's Ultimate Startup Manager for managing all your Startup programs. (Yes, that's a plug) To prevent web based Spyware installations try Spyware Inoculator They use InstallShield for their installer which I am very familiar with. I can tell you that it does an excellent job of automatically removing all files and registry entries that it installs unless the programmer specifies otherwise so it's no accident that they were left. |
|
[Home] [Mini Index] [Graphics Library] [Portfolio Showcase] [Galleries] [Children's Gallery] [Links to Die For] [Your Health] [Business Website Specials] [E-Mail] |
