Spyware in sheep's clothing
At this year's Computers, Freedom and Privacy conference in New Haven, Conn., the room was packed for a May 22 workshop on new challenges posed by spyware. A proliferation of spyware used by stalkers, identity thieves and even spouses in acrimonious divorce cases recently prompted the Electronic Privacy Information Center to file a complaint with the Federal Trade Commission. (You can see a copy of EPIC's complaint with the FCC here if you have Adobe Acrobat installed.) The sales pitches EPIC's Guilherme Roschke described at the workshop were eye-opening to say the least. Consider this one for a spyware package being advertised for $89.95:
"Do you need to find out what someone is doing online? Is your spouse, child or friend hiding secrets from you? If so Remote-Spy is the perfect solution for anyone that needs this information quickly and secretly. Now you can use the same software professionals use to find out the information you need in total privacy."
The spyware programs are promoted as being capable of spying on email and instant messages, recording websites visited, browsing files stored on the target's computer and capturing all keystrokes typed. Many of them can be installed remotely via Trojan horse e-mail attacks. When I asked Roschke how victims are tricked into opening e-mails that launch the spyware, he replied: "Puppies and flowers." E-greeting cards with such warm and fuzzy visual images are among the lures spyware programs provide to entice the person being targeted to inadvertently install programs which then do their dirty work invisibly.
"We've heard from domestic violence survivors who are terrified because they have no clue how their stalker knows everything they are doing, and we even had one divorce case in which spyware was installed on the wife's attorney’s computer," says Erica Olsen, technology safety specialist at the National Network to End Domestic Violence. In another case, a couple in a Philadelphia apartment complex installed spyware on the computers of several neighbors in the building to commit identity theft.
And you have to give points for over-the-top gall to a plaintiff in yet another case Guilherme described. A man who purchased spyware is being sued by a victim who discovered he'd installed it in her computer, so he in turn is suing the software company, claiming he wasn't properly warned about the illegality of his actions and his potential legal liability.
Anna Stepanov, anti-spyware manager for McAfee told me that examples of this type of consumer software designed for illegal surveillance were detected as early as 2002. "But we're seeing more of these programs now. They're perfecting their techniques and the distribution methods are nastier. We're detecting and classifying many of them as Trojans rather than spyware," she says.
The next front: spyware that can be downloaded on cell phones to monitor incoming and outgoing calls and text messages. "We're just starting to see this, and it can do terrible psychological damage," says Erica Olsen.
—Andrea Rock, Senior Editor
Posted by: Dean Gallea | Oct 17, 2008 10:22:46 AM
There is a big, fraudulent Internet business in promoting (often through spam) anti-malware programs claiming to be free, but requiring payment before they will "clean" what they've "found". Some of these take names similar to popular products to confuse the public into downloading them. Some even contain malware themselves.
The best you can do is to choose a product recommended by a well-regarded source such as Consumer Reports. Barring that, if you are unsure of a product, type its name into a search engine along with the word "review", and see what others are saying about it. The "Ascentive" product mentioned in Kaye's posting here is apparently fraudulent by that measure.
Posted by: Kaye Lehmann | Oct 17, 2008 1:12:53 AM
I wanted to know more about legitimate protection from spyware. There is a company, Ascentive that advertizes free evaluation, but actually it sells separate components for protection at 29.95 per package. It can get really pricey and I cannot find anything out about them. They say they are connected to MicroSoft.
Please advise.