All posts by Jerry Stern

Now you see it… Reboot, you don’t.

Field Reports

Yes, indeed. Very clever, these spyware authors. Working on a cleanup, found a spyware component, turned out to be part of Aurora, that the usual cleanup tools could find, but only could remove on restart. Restarted, and amazingly, it’s gone. Only not; it has a new name. Seems this one randomly renames itself on shutdown, so the only way to delete that file is to cut power, restart in safe mode, and delete it. Got Aurora? (It pops up ad messages with ‘Aurora’ on the task bar.) Don’t do it–there are also some other self-repair features involved in Aurora, and it’s not enough just to get that file. Do a Google search for ABIremover.zip and the instructions that go with it.

On the same system, found viruses galore, mostly trojans. And Bube, and Home Search Assistant, and a few other self-healing malware delights. Truly a combo platter. Took multiple passes to turn the doorstop into a computer again.

Spyware and the Federal Trade Commission

Definitions

The results of the Federal Trade Commission’s spyware conference have been released. The workshop took place in Washington DC on April 19, 2004, and I wrote two position papers that were submitted as public comments 68 and 352.

There is a press release on the report: www.ftc.gov/opa/2005/03/spywarerpt.htm
The report itself is here: (68 page PDF): www.ftc.gov/os/2005/03/050307spywarerpt.pdf

Overall, everyone involved in the industry will find the “Government Responses to Spyware” section of the report interesting, on pages 19-24. The earlier sections, describing spyware, its detection, and industry responses, is thorough and very readable, and after that are supporting documents, footnotes, example screen captures, and the event handouts.

Although the FTC did not call for new legislation, the report does state that existing legislation gives them enough tools to prosecute the creators of spyware and adware right now. That’s an interesting change from what I heard last year from FTC staffers at the workshop. Then, spyware was the question, and adware wasn’t on their radar. Now, the report makes it clear that the line between spyware and adware isn’t clear, and that these two wares can’t be treated separately.

It has been a year since the workshop. Some things have changed. Then, the Microsoft representative talked about Service Pack 2 for Windows XP, and how that would help prevent spyware installations. Now, we know that it discourages downloading of our own products. Then, we heard from companies like Lavasoft that a formal definition of spyware was needed so that the anti-spyware companies could delete problem products without threat of lawsuit. Now, there have been reports at C|Net’s www.news.com that the larger adware publishers have become extremely active against companies that identify their products as spyware.

Then, it appeared that a consortium of adware publishers (Consortium of Anti-Spyware Technology vendors, or Coast) might help to control the problem. Now, Coast is shrunken and likely to be dead soon, and Lavasoft and PestPatrol, which has now been purchased by Computer Associates, use their own in-house point systems for identifying spyware, and aren’t waiting for government definitions.