Anti-Spyware

Fright Fight: Washington Attorney General leading battle against scareware with Microsoft
SEATTLE – Attorney General Rob McKenna stood at the frontlines with Microsoft Corp. in the war against spyware in 2006. Now armed with tougher legislation, the state’s top law enforcement officer, with the world’s largest software company, is charging forward with new lawsuits targeting scareware purveyors.

“The Attorney General’s Office along with Microsoft has yanked the fear factor dial out of the hands of businesses that use scareware as a marketing tool and have spun it toward them,” McKenna said.

“We won’t tolerate the use of alarmist warnings or deceptive ‘free scans’ to trick consumers into buying software to fix a problem that doesn’t even exist,” McKenna continued. “We’ve repeatedly proven that Internet companies that prey on consumers’ anxieties are within our reach.”

The Attorney General’s Office along with Microsoft announced the filing of new cases under Washington’s recently improved Computer Spyware Act during a joint press conference today in Seattle.

“Microsoft is honored to assist Washington Attorney General McKenna in helping to protect consumers from online threats,” said Richard Boscovich, Senior Attorney for Microsoft’s Internet Safety Enforcement Team. “Cybercrime continues to evolve, but with public/private collaboration such as this, we can work to champion tougher laws, greater public awareness and, ultimately, stronger protections for online consumers.”

In 2005, Washington became one of the first states to adopt a law explicitly prohibiting spyware activities and imposing serious penalties on violators. The statute doesn’t stop at outlawing programs that collect personal information, but uses a broader definition of “spyware” and punishes those who mislead users into believing software is necessary for security. The law was updated last session to create additional liability for third-parties that permit the transmission of spyware and to address new types of deceptive behaviors, such as misrepresenting the need for computer repairs.

As of today, the Attorney General’s Office has filed seven suits under the statute.

The Attorney General’s Office filed its latest case today in King County Superior Court against the marketers of a program called Registry Cleaner XP. The civil suit brings five causes of action against James Reed McCreary IV, of The Woodlands, Texas, and two businesses: Branch Software, of The Woodlands, Texas, doing business as Registry Cleaner XP, and Alpha Red, Inc., of Houston, Texas. McCreary is the sole director of Branch Software and CEO of Alpha Red.

McKenna said Microsoft referred the case to the Attorney General’s Consumer Protection High-Tech Unit and has been helpful in assisting the office with enforcement issues.

According to the state’s complaint, the defendants sent incessant pop-ups resembling system warnings to consumers’ personal computers. The messages read “CRITICAL ERROR MESSAGE! – REGISTRY DAMAGED AND CORRUPTED,” and instructed users to visit a Web site to download Registry Cleaner XP.

Computers capable of receiving Windows Messenger Service pop-ups, also known as Net Send messages, were vulnerable to the attacks. Windows Messenger Service, not to be confused with the instant-messaging program Windows Live Messenger, is primarily designed for use on a network and allows administrators to send notices to users.

“Consumers who visited the Web site were offered a free scan to check their computer – but the program found ‘critical’ errors every time,” said Senior Counsel Paula Selis, who leads the Attorney General’s Consumer Protection High-Tech Unit. “Users were then told to pay $39.95 to repair these dubious problems.”

The filings today bring the number of civil spyware actions brought by Microsoft since the Computer Spyware Act was first enacted in 2005 to 17. In 2006, Microsoft and the Attorney General each brought lawsuits against the same group of defendants under the Washington Computer Spyware Act, obtaining permanent injunctions and settlements. Additionally, Microsoft has routinely worked with the FTC and other state and federal law enforcement agencies in the battle against spyware.

Spyware has arguably become the biggest online threat to consumers and businesses since the advent of the Internet. Microsoft has said that 50 percent of its customer-support calls related to computer crashes can be blamed on spyware.

Complaint

Registry Cleaner XP demo

- 30 –

Media Contacts:
Janelle Guthrie, APR, Communications Director, Office of the Attorney General, 360-586-0725 or janelleg@atg.wa.gov
Dan Sytman, Media Relations, Office of the Attorney General, 360-586-7842 or dans@atg.wa.gov

Editor’s Note: The Attorney General’s Office has also brought enforcement actions against companies that market products named Registry Cleaner, Registry Cleaner Pro, Registry Cleaner 32 and related names. Those cases are unrelated and involve different defendants.

Press release

Update
Microsoft also filed five “John Does” lawsuits. Nameless defendents until discovery reveals the identities of the individuals responsible for marketing the scareware, aka ‘rogues’.
The actual products are well known in the security community and forums that help victims of malware infections.

Antivirus 2009
Malwarecore
WinDefender
WinSpywareProtect
XPDefender

The lawsuits were filed under Washington’s Computer Spyware Act.
Microsoft also amended two complaints filed earlier to unmask those running SMP Soft LLC, a Delaware corporation that markets a scareware product called Scan & Repair Utilities.

A few names should ring a bell.

Antivirus 2009
This site is currently under construction!
ICANN Registrar: 1 & 1 INTERNET AG
registrant-firstname: Oneandone
registrant-lastname: Private Registration

Malwarecore
ICANN Registrar: ESTDOMAINS, INC.
Registration Service Provided By: ESTDOMAINS INC
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

XPDefender
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By: VIVIDS MEDIA GMBH
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

WinDefender
ICANN Registrar: TUCOWS INC.
Registrant: Whois Anonymizer

WinSpywareProtect
ICANN Registrar: GODADDY.COM, INC.
Registrant: Domains by Proxy, Inc.

XPDefender
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By: VIVIDS MEDIA GMBH
Status: SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.

{ 0 comments }

From Patrick Kolla, developer of Spybot Search and Destroy.
http://www.safer-networking.org/en/home/index.html

Time for an update! To keep up with the latest threats, and solve some issues and feature requests users had, we’re proud to announce Spybot-S&D version 1.6. Some of the features include:

Improved Scan Speed

Reported a few weeks ago as one of the big issues users face, Spybot-S&D 1.6 integrates parts of the future 2.0 file scanning engine to speed up the on-demand scan.
Up-to-date browser support

Both immunization and the on-demand scan are able to access a dozen different browsers, which now include the latest revisions of the most popular ones, Firefox and Opera.

Easier On-Access Use

Until now, our on-access part was able to block bad entries, but at the same time, confused many novice users by asking for confirmation on changes of other monitored system entries as well. While this is a great feature for all experienced users who want full control over their systems, we decided that we need to make this easier for the average user, and integrated automated decisions based on the system entry database built through our RunAlyzer, containing more than quarter of a million decisions.

OpenSBI

Safer Networking also announces OpenSBI, our attempt at opening up the fight against malware to anyone who wants to participate. OpenSBI means we’ve published documentation and tools that anyone can use to create their own malware detection patterns for use with Spybot-S&D, and share those with other Spybot-S&D users.

• Diversity - everyone can create detection templates for any software, without depending on a central authority to acknowledge its threat.

• Neutrality - we cannot be bought to remove detections from our database, but if you do not believe us, you can simply publish your own rules against some malware.

• Continuity - OpenSBI ensures that you’ll get updates as long as someone is interested in updating the database (which does not mean we intend to do less work in adding new detections).

• Flexibility - as a system administrator using the network edition, you can make sure that working time is not wasted by employees playing the latest Moorhuhn clone if you add your own detection for it. Keep in mind that some relaxation is said to even improve work results.

And quite a lot more bug fixes and new features, which can be found on bug tracker.

{ 2 comments }

From Patrick Kolla, developer of Spybot Search and Destroy.

Scanning a bit faster… first beta of 1.6 available!
Eight years ago, Spybot-S&D originally started off as a very fast anti-spyware scanner, detecting some 30 small things, and you could watch it finish in under a minute.

Today, a full scan applies more than 600,000 tests, and you can watch that number grow weekly on our update list. Handling such numbers obviously is quite a bit different, and while we’ve tried to adjust to that with each version, a full scan might still take half an hour currently. Since this was one big major complaint issue, we decided to integrate parts of the new file scanner designed for a future 2.0 release and optimized for modern malware fighting, and got you a major push in speed now - that same scan will now take five to six minutes only, being about five times as fast as 1.5 was!

If you want to enjoy that speed and know a bit about beta testing, head over to our beta forums and get the first beta! If you prefer to wait for a thorougly tested public release, we hope to get around to that quite soon.

Oh, and one more thing… there’s more up for 1.6: a second big issue we hear often will be addressed, so stay tuned!

More…

{ 0 comments }