Home Custom Computers Password Depot DoC's Homepage Contact Gord Class Photos Service Request Suggestions Mega Search Site Map

Instant Housecall Remote Support

Drive-By Downloads

Gord's Instant Housecall Remote Computer Service

Gord's Discount Computer Bookstore & Software!!

Using Search Engines What Is Registry? CCleaner Spyware Primer Windows XP SP2 Drive-By Downloads Battling Spyware Your Toolbox Windows Annoyances XP Annoyances Startup List System Restore XP System Restore ME Safe Mode ME/98 Safe Mode XP Using MSCONFIG Virus Fighting Spam Busting Maintenance System Profiling Using BCC Outlook & Explorer Phishing Scams System Cleaning Trusted AntiVirus Software Updater SiteHound Wireless Home Network Common Fixes Staying Safe Online Free Online Tools Trouble Links Vista Annoyances Further Reading

Up
Courses
Free Software
Glossary Of Terms
Private Tutoring
Computer File Types
Games Room
Support Forum
LP's to CD's

Gord's Discount Computer Bookstore & Software!!

Download Gord's FREE Computer Maintenance Scheduler

Read Gord's new Guide for Safer Downloading of Music and Videos!

Gord's Hot Computer Service Offer!
Check out Gord's Fantastic In-Home Computer Tune-Up Special

Gord's FAST & FREE Online Computer Tech Support Helpdesk - AskGordRoutley.com!

>> Computer Repairs & Computer Tune-Ups
>> New Custom-Built Computer Systems
>> Used Computer Systems
>> Private Tutoring
>> Virus Removal
>> SpyWare Removal
>> Data Recovery

Rid Yourself Of Spammers NOW!!

Drive-by Downloads:

What exactly is a drive-by download?

A drive-by download is a program that a Web site surreptitiously plants on your Windows PC when you load its pages. (This problem is, by most accounts, limited to Microsoft's Internet Explorer browser.) Many of these are only irritating -- they just force-feed advertising pop-ups to your browser -- but some change your home and search pages (hijackers), will alter your favourites and mangle important system settings. Some automatically download to your computer, often without your consent or even your knowledge. Unlike a pop-up download, which asks for your consent (albeit in a calculated manner likely to lead to a "yes"), a drive-by download is carried out invisibly to the user: it can be initiated by simply visiting a Web site or viewing an HTML e-mail message. Frequently, a drive-by download is installed along with another application. For example, a file sharing program might include downloads for a spyware program that tracks and reports user information for targeted marketing purposes, and an adware program that generates pop-up advertisements using that information. If your computer's security settings are lax, it may be possible for drive-by downloads to occur without any action on your part.

Xupiter, an Internet Explorer toolbar program, is frequently installed as a drive-by download. The program is said to replace the user's home page, change browser settings, and use redirection to take all searches to the Xupiter Web site. In some versions, the program initiates drive-by downloads of other programs. Furthermore, although it comes with an uninstall utility, Xupiter is said to be next to impossible for the average computer user to remove.

A few of these programs can be found and deleted within the usual Add/Remove Programs control panel. Others may be featured in Internet Explorer's list of "Browser Helper Objects" (some help!), which you can view by going to IE's Tools menu and selecting "Internet Options . . . " Click the "Settings" button and then, in the small window that opens, click "View Objects." As you will see in the tutorial below, the greatest majority of these scumware offenders are of the "search bar" variety.  Google Searchbar, Yahoo Searchbar & MSN Searchbar are "benign" as far as I know as of this writing.  There is some controversy as to whether the eBay Searchbar is spyware or not.  I think not.

Top Spyware & Adware Threats:

Spyware can bring your computer to a screeching halt. Learning to protect your computer from today's most dangerous spyware threats is essential self-preservation. There are spyware programs that are so dangerous they can open a backdoor to your confidential information, consume massive amounts of CPU capacity and memory, clog your network and destroy your business data. PCs affected by these programs slow to a crawl, impacting employee productivity and business operations. Even worse, frustrated users end up having to spend money getting it removed, since many are totally impossible to get rid of.

Top 20 Worst SpyWare Products:

  • KaZaA
  • Cool Web Search
  • Lop.com
  • SearchNow
  • MyWebSearch, aka MySearch
  • My Search Bar
  • My Way Speedbar
  • CoolBar/LookThru
  • Cool Searchbars
  • IWon, iWon Co-Pilot, iWon Search Assistant
  • MySearch/MyWeb (see write-up at bottom)
  • Adult Search Bar (ASSbar)
  • Excite Search bar
  • LookThru Cool Search Bar
  • IST Bar
  • Comet Cursor
  • Bonzi Buddy
  • Ezula
  • HotBar (Adopt.Hotbar.com)
  • GameSpy Arcade
  • Weather Bug
  • Smiley Central

The spyware below is considered to be the most rapidly spreading at this point:

  • Gator/GAIN/Claria
  • Grokster
  • Adopt.Hotbar.com

Below is a compilation of the threat background and additional spyware information on the worst of the worst ...

KaZaA

KaZaa is the number one spyware threat on the Internet in the eyes of most technophiles because of its widespread popularity & it's "open door to the net". Kazaa claims that its software has been downloaded 214 million times. It includes spyware, adware and browser help objects (browser hijackers). It also increases your vulnerability of viruses, trojans & worms as "fake files" are extremely wide-spread on these networks.

Other peer-to-peer file exchange programs, such as Blubster, E-Mule, Gnucleus and WinMX, could also degrade your systems performance and consume storage space because they are all bundled with adware or spyware.

CoolWebSearch (CWS)

CoolWebSearch has the ability to hijack your Web searches, home page, and Internet Explorer settings. Recent variants of CoolWebSearch install using malicious HTML applications or security flaws, such as exploits in the HTML Help format and Microsoft Java Virtual machines. Over 80 different domains have now been identified as affiliated with coolwebsearch. People are paying big money to hi-jack machines. CoolWebSearch is probably one of the most vicious programs in terms of how nasty it is. It completely hijacks the browser so you can't do anything. I consider it to be the most dangerous program on the worst spyware and adware threat lists.

PurityScan

PurityScan frequently displays pop-up advertisements onto your computer whenever you are online. It induces you to install it by claiming to find and delete pornographic images.

n-CASE

(msbb.exe) – n-CASE is an adware program that delivers targeted pop-up advertisements to your computer. This program is usually bundled with freeware applications.

Gator

Gator (GAIN) – is an adware program that has the ability to display banner advertisements based on your Web surfing habits. Gator is usually bundled with numerous free software programs, including the popular file-sharing program Kazaa.

Transponder

Transponder (vx2) – Transponder is an IE Browser Helper Object that monitors requested web pages and data entered into online forms, then delivers targeted advertisements.

ISTbar/AUpdate

ISTbar/AUpdate – ISTbar is a toolbar used for searching pornographic web sites that has been reported to display pornographic pop-ups and to hijack your homepage and Internet searches.

KeenValue

KeenValue – KeenValue is an adware program that collects personal information and delivers advertisements to your computer.

Internet Optimizer (Bargain Buddy)

Bargain Buddy delivers targeted pop-up advertisements to your computer based on key words you might enter while surfing the Web.

Internet Optimizer

Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com.

Perfect Keylogger

Perfect Keylogger – Perfect Keylogger is a monitoring tool that records all visited web sites, keystrokes and mouse clicks. For example, it can log passwords, account numbers and other sensitive information. It is usually installed manually.

TIBS Dialer

TIBS Dialer – TIBS Dialer is a dialer program that hijacks your modem and dials toll numbers, usually to access pornographic "pay" Web sites.

Newly Discovered Threats:

  • Searchit - Also known as: Pugi, after its internal object name., SearchIt Toolbar
  • TrojanDownloader.Win32.Vivia.f
  • TrojanDownloader.Win32.Vivia.e
  • Advanced Excel 2000 Password Recovery
  • Win32Info - Also known as: Adult content dialler
  • Win32.ExeBundle.272 - Also known as: TrojanDropper.Win32.ExeBundle.272 [Kaspersky]
  • PS2 Emulator - Also known as: ->taskmgr.exe [F-Prot], packed: SfxMaker [Kaspersky], TrojanClicker.Win32.VB.cr [Kaspersky]
  • WinSpy 5.6.1
  • Fake Delete - Also known as: FakeDel joke [McAfee]
  • TrojanDownloader.Win32.Apropo.g

FunWebProducts

It turns out that FunWebProducts is an operation of a company called IWon. Its software - a Web application - is essentially yet another piece of adware (often mistakenly called spyware although that is arguably a related subgenre). FunWebProducts is notable because it acquired a large user population with remarkable speed. Iwon is responsible for a series of notorious adware products including IWon, iWon Co-Pilot, iWon Search Assistant, and MySearch/MyWeb.

What does it do?

What FunWebProducts actually does - as do a lot of other adware and spyware products - is to make it difficult to uninstall the software as well as hijack your browser by setting your home page to point to other sites. Worse still, FunWebProducts attempts to reset the browser home page should you dare to try to change it. But, of course, anyone who downloads this free software will read the 5,000-word EULA that explains it all in incomprehensible legal mumbo-jumbo. If you don't already have it, you should download a copy of Lavasoft's AdAware. You'll probably be surprised how much scumware is on your system.

Steps To Preventing Spyware:

  1. Use programs like AdAware & Spybot Search & Destroy regularly. I use both, and a paid-for version of Pest Patrol. SpyBot also has an "immunization" feature that will prevent many offenders from even being installed. This must be done on a "clean" system or it won't work however. You can't close the barn door after the horse has escaped!
  2. For extreme infections, you can resort to using PestPatrol, while not free, it is certainly cheaper than losing all your data. It just "might" be able to get rid of it for you relatively painlessly.
  3. Speaking of data, back it up to CD, DVD or external USB hard-drive regularly (especially your digital photos). Use a program like Handy Backup to do it for you every day & email you a confirmation. I use this approach with a USB 180GB external hard-drive at 3am every day.
  4. When faced with a pop-up asking if you want to download/install "this or that" free goodie, don't click "yes" or "no" or "agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window or press the Alt + F4 buttons on your keyboard to close a window (safest bet)
  5. Don't use peer-to-peer download software unless you have a good firewall (a hardware firewalled router is best) and fully updated anti-virus software.
  6. A technique I use quite frequently in my ever-lasting attempt to avoid spyware when I'm downloading free software is to use a search engine (Google works best) to search for the item followed by the word spyware and a question mark. Make sure it is spelled right. Search like this example for KaZaA >>> "KaZaA spyware?" If any results on, lets say the first two search results pages say anything about spyware, adware or something like, "Help, I can't get rid of..." your best bet is to avoid the download.
  7. The worst offenders like CoolWeb Search, burrow deep into your system registry and need to be surgically removed with such specialized tools as "HijackThis" and "CWShredder", free downloads at http://www.spywareinfo.com/~merijn.
  8. There are some good alternatives for utilities containing spyware. Instead os KaZaA, use WinMX. Instead of WeatherBug, use Weather Watcher, etc.
  9. Microsoft has just released it's beta version of "Microsoft Windows AntiSpyware" for free download. To grab your copy visit http://www.microsoft.com/athome/security/spyware/software/default.mspx. Microsoft just bought out "Giant AntiSpyware and have put their label on it.
  10. Surf and download smarter. Be more cautious when downloading free software, especially "free" file-sharing applications, which often are bundled with spyware. Do not download or run e-mail attachments unless you know what they are. Only download from Web sites and people you trust.
  11. Keep your operating system up-to-date. Windows XP Service Pack 2 adds significant security enhancements that can block spyware before it takes root.
  12. Adjust your Web browser's security settings or use a more secure Web browser. Microsoft Internet Explorer allows you to customize your security settings.
    Other Web browsers, such as Mozilla Firefox offer more security settings than Internet Explorer. Note:These new browsers may not be compatible with some websites, but are appropriate for general day-to-day browsing.
  13. Use a firewall. The newest versions of both Microsoft Windows XP operating system includes built-in firewall software.
  14. And finally: just be cautious! A huge amount of spyware ends up on people's systems because they were not careful about what they were installing or where they were surfing. It seems obvious, but be careful what you do. Those windows that come up asking you if you want to install so-and-so software? Read them before saying no, just to make sure you hit the right button. Downloading free software? Read the license agreement first, to make sure you are not giving permission for additional spyware to be installed. This sort of licensing is especially common in popular peer-to-peer products like Kazaa. If other people use your system, educate them on the dangers first. The shadier side of the Internet is crawling with loaded websites. These come equipped with nasties that will mess up your system if you let them. Just be careful out there.

Back
Next

Search Query

Want Windows XP AND Vista on your new computer?

Gord's Computer Blog

Gord's Business Website

Want A Super Computer Custom-Built  By Gord? Click Here!!

$AVE your travel bucks - Visit DoC's 1SecureTravel.com

DoC's 1SecureDomains.com - Domain Registration only $25/year!

Let DoC Host Your Website from $5.99/month!

Let DoC Submit Your Website to 66+ Search Engines Fast!

Back Home Up Next

Google

Search
Web

  www.eldercomps.com

www.pcmedixwebs.com

www.docsdownloads.com


All Materials Copyright © 2002-2010 pcMedix Web Solutions Group aka Gord Routley.  All rights reserved
Updated: March 17, 2010 03:52 PM