RE: Spyware becomes increasingly malicious

Mailman List Mirror (Read Only)
1

William Warren wrote:

not all the variants are that easy..how about doing a google on
coolwebsearch..scumware.com has a good writeup as well as
spywareinfo.com...the newer variants are not that easy....

I second that. The version I saw required a third party
registry editor and booting up into the recovery console
from an XP cd (safe mode didn't cut it) just to remove
a hidden dll. Had it not been for the forums out there
at http://forums.spywareinfo.com and the cwsshredder,
which got most, but not all, of the cruft installed by
this piece of bastard software, my grandmother's computer
would still be popping up those tens of pages of garbage
randomly.

The authors of these coolwebsearch variants are extremely
intelligent programmers with far more understanding of
the bowels of the windows platform than your average
script kiddies. If you get hit with the version I saw,
it's no 10 minute piece of cake.

What I don't understand is how exploiting bugs in a
program (internet explorer) to install software without
the consent or even acknowledgement from the owner/user
is legal behavior. To me, it's just like someone abusing
a bug in bind, and installing a rootkit, which last time
I checked, could end up getting someone in legal troubles.

For another hastily-thought-out analogy, it's like someone
breaking into your house and reprogramming your cable box
to keep changing the channel to the home shopping club
every 30 seconds.

-Brian

2

The authors of these coolwebsearch variants are extremely
intelligent programmers with far more understanding of
the bowels of the windows platform than your average
script kiddies. If you get hit with the version I saw,
it's no 10 minute piece of cake.

It makes spywire more dangerous than viruses, which are written (in 99.99%
cases) by more younger and less experienced persons (and without good QA,
good project management etc).

What I don't understand is how exploiting bugs in a
program (internet explorer) to install software without
the consent or even acknowledgement from the owner/user
is legal behavior. To me, it's just like someone abusing

It is not a bug; it is specially designed IE feature. MS always was proud of
their full automation - install on demand,
update automatically, add new software to start at a startup without need to
be system admin, etc etc... As a result, we have a field full of bugs,
pests, pets, spiders, spies and so on... They have _exactly_ what they
designed. No one even bored to ask me 'do you want to allow this registry
change' , because 'MS believe that their users are lamers so everything must
be automated from the beginning to the end'...

It is another weak side of MS design (first one is complexity....) and other
side of MS agriculture (first one is monoculture
easily infected by mortal infection). I do not blame MS, but what about
spyware on MAC-s - is it so easy to write and install spyware there?

a bug in bind, and installing a rootkit, which last time

It is a difference. This was a bug. Bind have not undocumented features.

MS have millions of undocumented features, and (because they never opened
their OS and never published full specs) every developer play a game 'find a
feature before competitors and use it'. As a result, someone finds features
which was not designed but just 'happened' -:). Anyway, this are a features,
not a bugs. This is 100% legal at this point (and even if it is not legal,
who bored about it outside of USA? No anyone!).

3

Brian Battle wrote:

For another hastily-thought-out analogy, it's like someone

breaking into your house and reprogramming your cable box
to keep changing the channel to the home shopping club
every 30 seconds.

That would be the result of the "broadcast bit".

Pete