Gallery

State of spyware

Posted on 26 Oct 2006 at 11:39

Davey Winder is intrigued by this year's report on spyware, which reveals some unexpected results

And it isn't just unsuspecting newbies who get caught out, as I've encountered otherwise astute and seasoned professionals who get into a flap when confronted by a "your PC may be infected" Windows error dialog on their screen during an out-of-hours bit of web browsing - they click on the "scan now" button, which then installs the rogue application. I've seen every cookie stored on a laptop reported as spyware, I've seen essential Windows components reported as spyware, and I've seen numerous applications that will offer to disinfect a basically clean machine, once the credit card has been used of course. I've given up attempting to track down the offenders, as their WHOIS records tend to lead one on a wild goose chase of epic proportions, and by the time you get anywhere the perpetrator has long since moved on to the next scam.

Instead, I've decided to take the route of education, encouraging anyone who asks to bookmark the SpywareWarrior website and to always consult its rogue anti-spyware list (spywarewarrior.com) before evaluating, scanning or buying any anti-spyware solution. Be warned, though, this list is a groaning 300 items long, such is the scale of the problem. At the same time, obviously, I recommend that they only use those applications that have been properly reviewed, and that means they have undergone proper testing by a reputable magazine such as this one. Whatever you do, don't rely on the result of an online search leading to a website that claims to compare half-a-dozen of the top solutions, when there's no trust relationship - in fact, some such sites are used to drive more traffic to rogue product sites.

The other most common way to steer traffic to the rogues is, sadly, via Google. By using either sponsored search links on Google itself or AdSense links on third-party sites, rogue products can fool masses of people by abusing their trusted relationship with Google. In defence of the search giant, it has been working hard behind the scenes to crack down on rogue anti-spyware advertising, and there are noticeably fewer instances than there were even six months ago, but a problem nonetheless remains. The obvious solution is to do a Google search again on the product name being advertised, which will usually throw up plenty of red flags, but how many people bother taking the time to double-google anything?

One solution I did come across, which I heartily recommend to anyone who uses AdSense on their own website, makes use of the fact that Google provides a URL-filtering mechanism to prevent advertisers you don't want on your site from being published there. This was intended to enable you to prevent your competitors advertising on your site, but you can use it to block rogue anti-spyware scams and do your bit to protect your end users. A list of URLs suitable for cut and pasting into the AdSense filter is maintained at the Short-Media forums (www.short-media.com).

More spyware scams

A number of readers have contacted me about what they thought was a problem with the PC Recommended anti-spyware application Spyware Doctor. Having read our reviews and purchased the application, they received an email with a subject line of "Spy Doctor" containing an order number and a body text that thanked them for their subscription but mentioned a charge of £79, way in excess of the amount actually paid. Of course, there's also an attachment that claims to be the invoice for the transaction, but in reality will carry a malicious payload (w32/downloader.aewm in the cases I've investigated for readers).