September 30th, 2004 03:45 PM
A little about adware/spyware and Spam - just for you StopSpam
Ok after reading StopSpam's tutorial and finding it....errr...somewhat lacking in any kind of indepth explination or advice i have decided to write an altogether new one - is not a definitive guide or anything - lol
but should provide a little bit more help to those worried about adware/spyware and spam
Ok am going to break this down into 2 parts :
- Infections on your computer (spyware/adware}
- Attacks on your inbox (Spam)
these I feel are the two most annoying things affecting the normal home user today.
So what is Spyware?
A technology that assists in gathering information about a person or organization without their knowledge. On the Internet, "spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties." As such, spyware is cause for public concern about privacy on the Internet.
ok so spyware is a little program which runs in the background without you knowing and gather sinformation about you. The types of information gathered varies but can be the likes of :-
- Websites visited
- Music listened to
- Movies watched
- Personnal details
- IM conversations
- CC Numbers
- Buddy contacts/emails
and so on and so on.
Now obviously this is not something you want to be happening – but how do they get the software to montior and record all this on to your computer in the first place?
Well they are constantly coming up with new ways – here are some of the more common ones :
As a Trojan – a trojan is a program which poses as one thing but is actualy something else [see here] So you think your downloading a nw piece of software…could be anything a p2p program, an mp3 player and along with the program it comes bundled with all these other nasty little surrprises.
Most legitamite programs which use this method to spread their spyware will have a clause in their EULA (End User License Agreement) which states that by installing their program you also agree to the installation of the spyware. Now how many people actually read the EULA’s? Yeah not many – and that’s how they slip through a lot of the time. One thing you should be carefull of if you see in the EULA a bit stating that you agree to allow companyX to use some of your bandwith for periodic reports on usage/activity etc etc – as basically what they are saying is that you agree to let the software dial home and report to the makers on how you use it (eg if it was a media player it could tell them what music you listened to what films you like detc)
Another method is through Webpages – how many times have you seen pop-up boxes asking you to download X plugin or upgrade Y – some of these pop-ups which may look genuine are actually faked in order to get you to allow the downloading and installation of more spyware &/or adware. The only way to be completely safe if you receive such a pop-up eg if it was for Macromedia Flash Player Verison n is to visit the manufactuars site…in this case Macromedia and download the plug-in from them and then visit the previous site. If it is indeed a genuine request for a required plug-in it will nt matter what site you get it from as long as you have it and the original site requestijng the plugin should now work fine.
Some spyware however does not even need you to click on anything for it to be downloaded and installed – it relies on a vunrebality in IE which allowed software to be downloaded and installed on your machine simply by viewing a site. This is why you should always keep your browser (and OS) up to date with all updates and critical patches.
Ok so now you know a little bit about what it is and how you get it – how do you go about stopping it?
Well first of all the best method is prevention!
Follow the simple instructions mentioned above.
Only install programs which you are sure of – don’t even truyst those sent to you by friends as they might not be aware that the program is infected either.
Check the EULA for any clauses which sound sus
Check all pop-ups and do not click ok without reading it properly.
Have a good AVP (anti-virus program) installed, running and updated – you can get AVG free from here
Install a firewall – you can download a free version of outpost firewall here
You may also wish to get the cleaner (free 30 day trial) to scan for any trojans which maybe installed.
Now you have the necessary precautions in place you should scan your machine for any current infections. Due to the fact that a lot of adware/spyware are legitimate preograms your AVP like AVG might not pick up on them so it is best to get additional spyware/adware scanners to check for you as well.
Two of the most successful are Adaware and Spybot
These pieces of software will scan your system for none pieces of spyware – before running a scan you should always check for any available updates as spy/adware is constantly changing so you need to ensure you have the latest definitions.
You should run a ful scan with each of these to check for any infections – what you may want to do as well is scan in safe mode. As you probably know you can delete a file that is in use. So these programs may not be able to clean some files which are currently active – by booting into safe mode you stop these programs from running and can then get rid of them. For more information on how to boot your computer in safe mode check here
For more information on spyware/adware check these links
Ok so now for part 2 – Spam (and no I aint talking about this kinda spam – lol)
So what is spam?
Unsolicited "junk" e-mail sent to large numbers of people to promote products or services. Sexually explicit unsolicited e-mail is called "porn spam." Also refers to inappropriate promotional or commercial postings to discussion groups or bulletin boards.
we will be focusing on the type of spam that you receive in your email.
Everyone has prolly received some form of spam at some stage – but how do they get your email?
Well sometimes they don’t – they simply guess! They may send out emails to :
Etc etc until they finally get a correct address – because of this one of the things you should never do when you receive spam is open it. Some spam msgs have Webbugs contained within them – these are little transparent images which allow the sender of the spam to tell when an email has been viewed – so if an email has ben viewed then they know someone is using that email addy and they can send more spam to it! So how can you stop these?
Well as I said above don’t open the email – but sometimes you can’t tell its spam so you should also disable the HTML view so that you see the email as a plain text document and the image is not fetched from the spammers server.
Another major rule when dealing with spam is never click on the unsubscribe link. Once again this alerts the spammer that someone has received and viewed the email as they are clicking on a link from it – so they will then target you with more spam.
There are other ways in which a spammer may get your email address as well
They may use some forms of spyware or trojans to harvest email addresses from peoples computers or they may scan websites for the addresses this is why on some sites now the email will be displayed like johnSmith -=[AT]=- hotmail -=[DOT]=- com we know that this email realy should be johnSmith@hotmail.com but a spammers webcrawling robot may just ignore it as it does not recognise it as a valid email address.
But what if you have a website and wish to have people contact you from it and you do not wish to do this? Well you can set up another email address just for emails from that site and then set up rules to move any that contain a certain subject to another folder
You could then use
or something similar so that all legitimate emails arrive with same subject and could then be fwd’d to a new address using filters/rules.
mailto:firstname.lastname@example.org?Subject=this is not a spam msg&body=Pls do not change the subject of this email
For more information on spam please check