Security experts are warning Internet users about a new piece of software that poses as a spyware-removal tool but is actually being used to persuade unsuspecting Internet users to download spyware programs and Trojans.
The program, SpywareNo, is installed on Internet users computers without warning, can be difficult to remove and may be accompanied by malicious programs that hijack victims Web browsers, according to interviews with spyware experts.
The company behind the new tool claims that it is the victim of unscrupulous online advertisers who bundle the product with noxious wares.
But at least one spyware expert says the new application is just the latest example of so-called “rogue anti-spyware” programs that exploit user naiveté and frustration with spyware.
SpywareNo is advertised as a desktop security software suite, with integrated firewall, application security and intrusion detection features, according to spywareno.com, the programs official Web site.
The program was unknown to spyware experts such as Suzi Turner, who runs the Spyware Warrior Web site.
Turner first learned of the new program after users began complaining about it in a computer security discussion list run by BroadBand Reports, she said.
“These people said that it was running on their computers, but they didnt know how it got there, which is an immediate red flag,” Turner said.
One contributor to the forum, who claims to be a U.K. resident and uses the online name “Skanxs,” wrote in an e-mail that he has no idea how the program got installed on his system, but that the appearance of SpywareNo coincided with other strange behavior on his computer.
“I did not download any software off the Net when I [first] got infected … [on] May 14. On [May] 18 pop-ups started, and on the 19th [SpywareNo] was in my [Windows] system tray,” he wrote.
“When I used add/remove to remove it, it seemed to go, but when I restarted my computer, it was back.”
Phillip Gagliardi, an IT administrator at Crobar, a nightclub with locations in New York, Miami and Chicago, and a contributor to the forum, had a similar story.
“The program installed by stealth. … The icon just appeared in my task tray and asked me to run it to make sure I was protected. I did not do so and just shut the program down,” he wrote in an e-mail to eWEEK magazine.
Stories like that got SpywareNo added to a list of rogue or suspect anti-spyware products on SpywareWarrior.com, said Eric Howes, a spyware expert and frequent contributor to Spyware Warrior.
Howes said that he and researchers at anti-spyware vendor Sunbelt had a copy of the program installed on a test system while trolling “sleazy porn sites” for malicious software.
But SpywareNo claims that any untoward behavior is the fault of unscrupulous advertisers that the company contracts with to market its program.
“We use affiliated advertisers to [market SpywareNo]. It is a shame that some of our advertisers do not respect the law, but unfortunately we are unable to check them all at the initial stage,” wrote a person claiming to be Jessica Simmons, SpywareNos public relations manager, in an e-mail to eWEEK.
?”> When asked about accounts of users having difficulty removing SpywareNo, Simmons said the behavior is “not usual for SpywareNo.”
“This may be a trick used by those unprincipled advertisers,” she said.
Spyware experts such as Turner and Howes dont dispute Simmons explanation of the problem, and say that the version of the program that is available on the SpywareNo Web site is at least easy to remove. But that doesnt excuse SpywareNo of responsibility, they said.
“Im not sure what the case is, but SpywareNo has a terrible problem—to have rampant reports of stealth installs and spyware and SpywareNo running on the same desktop. These are just unconscionable practices,” Howes said.
Reputable spyware vendors that use affiliates to promote their wares have strict terms in their affiliate agreements that specify what kinds of behaviors, such as stealth installs, are not acceptable, Howes said.
“Reputation is one of the most important things you possess, especially when youre dealing with adware or spyware victims whose trust has already been violated once,” he said.
SpywareNo does prohibit unsavory installation practices in its affiliate agreement, but the company has no way to check whether affiliates are abiding by the agreement, Simmons wrote.
“Unfortunately it is easy for them to say OK, but not so easy for us to check that,” she said.
But Howes and Turner said they have doubts about SpywareNo that go beyond the companys marketing strategy.
SpywareNo scored poorly in a test that Howes performed on a machine that was free of spyware and adware, displaying a list of infections on the machine just seconds after a scan was initiated.
“The list came back way too quickly for [SpywareNo] to have done a thorough job of scanning the machine for spyware and adware. The numbers of false positives were ridiculous,” he said.
Howes speculated that the warnings about spyware infections, accompanied by strong language such as “severe threat,” may just be false positives used to pressure users into purchasing the full application from SpywareNo.
For a product that provides questionable spyware protection, SpywareNo is no bargain, either: $59.95 for a 12-month subscription, compared with $19.95 for proven products such as Web Root Software Inc.s Spy Sweeper and products by LavaSoft and others, Howes said.
The program is just the latest spark in an explosion of rogue anti-spyware programs in the past year, he said.
“We have 192 listed [rogue anti-spyware] applications, and we add a few more every week,” he said.
Rampant spyware infections and a growing base of potential customers desperate to rid their systems of the noxious programs are to blame, he said.
“These are people who are victims. Theyre scared and frustrated and angry. And theyre people who are not very knowledgeable about the problem afflicting them,” he said. “Its a market thats ripe for exploitation.”
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.