Personal Tech Pipeline | bogus anti-spyware tool | Spyware Software Dubbed 'Ransom-ware'

White Papers

Sponsor Resources

Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

May 31, 2005

Spyware Software Dubbed 'Ransom-ware'

Courtesy of TechWeb News

An apparently bogus anti-spyware tool is the newest addition to the expanding "ransom-ware" category of malware, Panda Software said Tuesday.

Ransom-ware, the term some have slapped on malicious code that infects a PC, then demands money in return for cleaning up the machine or unlocking suddenly-encrypted documents, is just another example of how hackers are increasingly driven by greed, Luis Corrons, the director of Panda's research lab, said in a press release. Now, said, Corrons, a purported anti-spyware product, SpywareNo, joins the list of ransom-ware.

Surreptitiously downloaded when users visit certain porn or pirate Web sites, SpywareNo exploits vulnerabilities in Microsoft's Internet Explorer to get onto a PC. Once it installs itself, it creates an icon on the desktop and displays a bogus warning that the system's infected with spyware, Corrons said. (It also modifies the Windows Registry to guarantee it runs every time the PC is started, even after the user thinks he's managed to manually delete the program.)

The warnings are as fake as a $3 bill.

The on-screen alert invites users to purchase the full version ($20 for a month's subscription, $60 for an annual plan); only those who pay the ransom see the "threats" disappear.

"If users fail to register, this commercial software will 'detect' threats that don't actually exist on the computer, and which will 'disappear' as soon as users pay for the product," said Panda in its own warning.

In a release posted to the Spyware Warrior anti-spyware message forum, someone claiming to be the public relations manager for SpywareNo took exception with the ransom-ware categorization, and blamed the drive-by-installs on out-of-control affiliates.

"The spyware removal software market is so overcrowded," wrote someone identifying herself as Jessica Simmons. "The competition is very very hard. That is why we direct all our efforts to development itself and have no time and power to advertise our products effectively. We use affiliated advertisers to do this. This is an easy way for us. This way is a very dangerous though. It is a shame that some of our advertisers do not respect the law, but unfortunately we are unable to check them all at the initial stage."

The poster went on to say that SpywareNo "does not install silently or without permission," and that any such instance is due to "those unprincipled advertisers."

End-users commenting to the message forum, however, say different. One said SpywareNo got installed "out of nowhere," while Eric Howes, a graduate student at the University of Illinois, a contributor to the Spyware Warrior site and list, noted "the [SpywareNo] scanner turned up eight listed spyware programs, all 'high risk' in just two seconds. Even a scan of the processes [running in Windows] takes five or six seconds. That's a big red flag," he said. "SpywareNo wasn't actually scanning anything at all.

"Within 48 hours of the first report we had of SpywareNo, we had reports from all over the place," said Howes. "The fact that the reports came from a number of different sources, at about the same time" indicate that it had been seeded on multiple Web sites.

Phony spyware detection isn't a new tactic, said Howes, who compared SpywareNo's approach to others, such as Spywiper and SpyWareAssassin, two products which have been investigated by the Federal Trade Commission.

"They're guilty of unfair practices, just as was SpyWareAssassin," Howes alleges. "But I think Panda is on to something by classifying it as 'ransom-ware.'

"SpywareNo has been irresponsible at best," he added. "I've stopped listening to that 'our affiliates did it' excuse years ago. Even if its' true, they're still responsible."

Attempts to contact SpywareNo, which according to the alleged public relations spokeswoman, is based in Istanbul, were unsuccessful.

E-mail This Story
Print This Story
Reprint This Story

Get the latest Personal Tech news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?

In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.

On the CIO Agenda with IBM
With business growth back on the agenda, the role of the CIO is changing from manager of technology to C-suite collaborator in enabling innovation that matters for the business. Read an executive summary and register to download the full IBM paper.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

Block or Secure IM Use
IM threats up 250%. Protect your corporate network. Free Download.

Secure & Easy Console Management with Digi CM
The Digi CM console server provides secure, intelligent & easy access to network devices with a serial console port. With Digi CM, you can securely monitor & control servers, routers, switches & other devices even when your network is down.

Understand the financial impact of open source.
Will open source pay off? Open source is becoming standard within enterprises, often because of cost savings. Find out how much of a financial impact it can have on your organization. Get this methodology and calculator now, compliments of JBoss. Go!

Buy a Link Now

Protecting HTTP traffic: An integral part of your security strategy
Stellent eSeminar "Approaches to Metadata Design" on March 23
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia