Please visit the new home of Majikthise at bigthink.com/blogs/focal-point.

« Judicial hawks: The Connecticut Judicial Branch coloring book | Main | Hivemind, follow-up: What is ComputerCop Pro? »

January 16, 2007

Hivemind: Seeking spyware crash course

Hivemind, what are the best online resources about spyware? I'm looking for some reliable web-based materials to teach me how spyware works.

I'm also looking for computer security experts who would be willing to do a brief email interview this afternoon.

If you write spyware, or work for a site that uses spyware, I'd like to talk to you, too. On background, if necessary.

The blog email address on the left is the fastest way to get in touch with me.

Comments

One place you might go looking (this is general info, hence posted to comments) is Freedom to Tinker (http://www.freedom-to-tinker.com/). Their archives have discussion of the Sony/BMG CD fiasco.

But yuck, spyware, what a frapping catastrophe. A friend had an infested old Windows box (mostly adware), it took me days to get her mail out of it, and then we left it at the curb. One attribute of spyware/adware is that it attempts to prevent you from detecting it or removing it, which in her case was crudely accomplished by denying access to the System Control Panels. I think the newer stuff is a little more subtle, but I work hard to avoid having any personal experience. Got her a Mac, and never looked back (and I sent my friends at Microsoft some email letting them know that they had a serious problem).

I think that some of this stuff is far more sophisticated and pernicious than people think.

My sister had a Gateway computer, enquired about buying a Dell--and then immediately got an e-mail add that she "shouldn't leave Gateway". Was some years back.

More recently, I changed my paypal password. The next day, I received an e-mail ( to an alternate account, not the one that is linked with paypal ) stating that " we want to verify your contact information, since you just changed your paypal password ". I forwarded the message to paypal, who confirmed that it had not come from them.

I regard the people who produce this software to be common criminals.

Phantom,

I'm going to go out on a limb and suggest that both incidents are coincidences.

In particular, my spamtrap accumulates a "you just changed your paypal password" or "paypal fraud unit has detected a problem" type email on a regular basis. For a while, I was getting one a day.

I'd second that. I get "verify your password" spam purporting to come from PayPal all the time. (After all, the purpose of those spams is to harvest passwords and credit card details. Anyone who had already obtained that information using spyware wouldn't need to send spam.)

I also get fake eBay spam, and I'm not even a member. Not to mention all the UK bank spam, US bank spam, European lottery spam, etc. etc. The spammers just figure that, if they send messages to enough people, they'll get to someone who really has an account with that bank or really did change their PayPal password that morning.

The comments to this entry are closed.