RealTime IT News

Beware of 'Badware'

If FunCade, Jessica Simpson Screensaver, UnSpyPC or Winfixer is installed on your computer, chances are your machine is spying on you.

All four applications are the most recent additions to StopBadware.org's Badware Watch List.

StopBadware.org is a nonprofit consumer protection initiative formed by Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute to combat spyware.

According to the organization, "Badware" is any piece of malicious software that tracks users' moves online and then feeds that information back to shady marketing groups.

The marketers sell that data and may use it to ambush people with pop-up ads. The info can also be used to drain bank accounts or carry out identity theft.

Badware is now a $2 billion-a-year industry and 59 million Americans have malicious information collecting software on their computers, according to StopBadware.org.

"Adware and spyware threats have become a paramount threat in the past two years," said Ken Dunham, director of the Rapid Response Team at VeriSign iDefense, a computer security research company.

"And protecting against ad/spyware is not easy in today's world."

Dunham noted that many of these bad programs are embedded into Web site code or included surreptitiously with free applications like games and screensavers.

And whether it's lurking on the Web or inside other programs, Badware often installs itself without a computer owner's knowledge or permission.

Making sure that browsers and other applications are updated with the latest security patches lowers the risk of ad/spyware installations.

So does using "alternative" browsers like Firefox, Opera and Apache, Dunham said.

Running anti-virus, firewall, and anti-ad/spyware programs provide yet more layers of defense.

"In the end it's a multitude of techniques and techniques utilized by the consumer that helps lower overall risk against ad/spyware threats," said Dunham.

According to the reports filed on the newest entries in StopBadware's hall of infamy, Jessica Simpson Screensaver comes with more than a dozen pieces of software, including a 'dialer' which automatically, and without the user's permission, dials for-pay porn sites with a modem (if connected), and toolbars that modify the installer's browser.

"The Jessica Simpson Screensaver from Team Taylor Made is one of the worst Badware applications we've ever seen," said John Palfrey, co-director of StopBadware.org and Executive Director of the Berkman Center for Internet & Society at Harvard Law School.

"It is an almost textbook example of a small software vendor using deceptive means to fund a business."

FunCade is a game that comes bundled with adware programs BullsEye, which serves up ads based on a user's Web surfing habits, and NaviSearch, which redirects mistyped URLs and 404 errors to the Navisearch website.

Even if users uninstall Funcade, the adware programs remain active on the computer until those, too, are deliberately uninstalled.

Since users may be unaware the programs are present on their computers, few will know that they need to be uninstalled.

"UnSpyPC" is billed as a spyware remover, but instead it identifies legitimate antispyware software, such as VMWare, WinPatrol, and Windows Defender as spyware.

It also adds an UnSpyPC icon to Internet Explorer without asking for the user's permission to do so.

Additionally UnSpyPC does not come with its own uninstaller, so users must uninstall it from the Add/Remove Programs functionality contained within Windows.

Even after uninstalling, a bit of programming code is left behind that could be used to surreptitiously reinstall the product.

WinFixer is another program that claims to offer spyware protection, but instead produces alarming alert messages claiming that a computer is harboring "severe system threats," which can only be removed if the user upgrades WinFixer to the paid version.

WinFixer 2005 also apparently installs a rootkit, according to StopBadware.org's analysis.

A rootkit collects information from an infected computer, transmits it, and can also be used to remotely control a computer.

"This is one of the trends we're seeing now; malicious software posing as good 'helper' software," said Christina Olson, the project manager at Stopbadware.org.

"So products that claim to be anti-spyware are in fact spyware."

File sharing application Kazaa, application download manager Mediapipe, "anti-spyware" application SpyAxe and screensaver Waterfalls 3 were previous entries on the Badware list.

Companies whose products have been cited as Badware are free to send a written response to StopBadware.org list, and that response will be printed on the site. To date, only Mediapipe has contested their listing.

Olson said that consumers who want to download games, anti-spyware and screensaver applications should check with third party sources such as her organization to find out whether the software is Badware before installing the applications.

"Once it's installed, Badware is difficult to remove," said Olson.

"The user may not know the name of the software that was installed, making it hard to uninstall it. And Badware can have components that reinstall applications even after they've apparently been removed."

StopBadware.org is supported by Google, Lenovo and Sun Microsystems.