Spyware Redux: Protect Your Ass!
By Peter A. Bromberg, Ph.D.
Printer - Friendly Version
Peter Bromberg

As a professional software developer, I have a busy life. And one thing I don't need is to have my life made more complicated, however indirectly, by the technologies that I use. There are two things that really get me PO'd about the Internet - SPAM and SPYWARE.

SPAM is controllable to an extent and mostly serves to be an annoyance (if I get one more email about how to make my member bigger, I'll ....) However, SPYWARE is more insidious. SPYWARE goes against the most basic tenets of our American society - the notions of personal privacy and liberty. I may not agree with your political or social views, but as an American, I stand ready to defend your right to espouse them, so long as you don't interfere with my own personal liberties or privacy in doing so. In other words, if you think abortion is wrong, that's fine. Just don't bomb an abortion clinic. You want to talk about it, go on TV, whatever you want; fine with me, pal.



SPYWARE is pernicious, sometimes malicious trickery that usually does not inform you of its intentions or presence, and takes advantage of technology to invade your privacy and / or liberty (that's my personal definition; I have others but they aren't fit for publication because this stuff gets me spinning like a Dreidel in a sandstorm and my English degrades to babbling gutter-speak).

Spyware Sedition

I've ranted here on eggheadcafe.com about spam and spyware before, and maybe its time for an update. I recommended Lavasoft Ad-Aware some time ago and it's served me well, but recently I noticed Internet Explorer windows that had been minimized to the TaskBar, and they seemed to occur after using Google search. Had somebody succeeded in hijacking the Google Toolbar? I bet they did! Here's what I found in my cache under the filename of ron_context.php (a long querystring was present also):

<HTML><TITLE> Micorsoft Internet Explorer</TITLE>
    <BODY>
      <script language='javascript'>
      var expires = new Date();
      expires.setTime (expires.getTime() +  (24 * 60 * 60 * 30 * 1000));
      expire = expires.toGMTString();
      document.cookie = 'js=1; expires='+expire+'; path=/; domain=.offeroptimizer.com;';
      </script>       <META HTTP-EQUIV=Refresh CONTENT='1; URL=http://xlime.offeroptimizer.com/close.html'>
    </BODY></HTML>



So I went on the Net and searched for xlime and offeroptimizer and so on, and came up with a few good links. After a couple of days of this annoyance, I put a whole list of these babies into my restricted sites list and also added them to my hosts file pointing to 127.0.0.1 so they would be sure to be thwarted. It seems that Ad-Aware, while it is a very good program for beginners, simply doesn't catch all these nasty exploits. And if you think that because you have ZoneAlarm or you are behind a firewall / proxy that these things won't find their way on to your PC, you better think again. Everything in my house is behind a firewall, and they just keep coming right in without knocking or even so much as a cough. They can log keystrokes, steal your passwords, get your personal data, and on and on. They are doing it on your PC right now, my friend!

By the way, these are the dweebs that run this nasty scheme. If you did a port scan on the range,you'd find they run Apache and they have plenty of holes. But don't bother about Las Vegas, any yo-yo with an above-room temperature IQ can open a corporation in very private Nevada in 5 minutes over the phone, complete with a fake address and phone:

offeroptimizer.com  

Registrant:
Services, Ad ( HIGYAUVHPD )
PO BOX 28909
LAS VEGAS, NV 89126
US

Domain Name: OFFEROPTIMIZER.COM

Administrative Contact:
Services, Ad ( GMQPQUCTEI ) adservices2003@yahoo.com
PO BOX 28909
LAS VEGAS, NV 89126
US
888-674-9416 fax: 888-674-9416
Technical Contact:
Murray, A ( LXOWHIWXQI ) adservices2003@yahoo.com
PO BOX 28909
Las Vegas, NV 89126
US
702-464-4147

Record expires on 22-May-2009.
Record created on 22-May-2002.
Database last updated on 14-Nov-2003 23:03:09 EST.

Domain servers in listed order:

NS3.OFFEROPTIMIZER.COM 207.246.124.153
NS4.OFFEROPTIMIZER.COM 207.246.124.154

 

Protect your ass!

One of the nice things I did find was a freeware program called SpyBot Search and Destroy, put out by Patrick Kolla. Let me show you what this program found on my notebook computer (the one that's behind a firewall 100% of the time and on which I had been running Lavasoft regularly):


The above is only a partial list, my friends. There were 27 different items it found and removed. It even has an option to run like ChkDsk as the first program on a reboot (just one time) before any of the little critters can be loaded into memory. This is a good program. I recommend it; download yourself a copy RIGHT NOW, install it and run it and I bet you'll see a list of CRAP as big or bigger than the above! And make a donation at this guy's site because he's on our side and he deserves to be rewarded for his fine effort. You'll thank me later.

What do you think about SPYWARE and SPAM? What are you doing about it? Can we put these absolute bastards out of business and maybe in prison where they belong? Post your comments, views and questions here on our forums.

N.B. Since posting this article, I've received a number of emails asking for help. There's no way I can possibly respond to every email. Our forums are the best place to post questions, and there are a number of readers who are smarter than I who can post answers to your question. This benefits everyone, because many other people are able to read the forum thread and derive benefit from it.

And remember the advice my little old lawyer from Nyack, NY, Isidore Cohen (may he rest in peace) gave to me years ago:

PROTECT YOUR ASS.


Peter Bromberg is a C# MVP, MCP, and .NET consultant who has worked in the banking and financial industry for 20 years. He has architected and developed web - based corporate distributed application solutions since 1995, and focuses exclusively on the .NET Platform.
Discuss this article: