Spyware

On Thursday, security vendor SecureMac reported seeing new variants of AppleScript.THT Trojan horse in the wild affecting users of Mac OS X 10.4 and 10.5.

The new variations exploit a vulnerability within the Apple Remote Desktop Agent, and can avoid detection by opening ports in the firewall and turning off system logging. The new Trojans can log keystrokes, take screen shots, take pictures with the Apple iSight camera, and enable file sharing, according to SecureMac.

The Trojans are using an AppleScript called ASthtv05 and/or may be bundled as an application. You must download and execute the … Read more

StopBadware.org said Tuesday it has labeled two versions of the RealPlayer media player as "badware," or spyware.

RealPlayer 10.5, it claims, "fails to accurately and completely disclose the fact that it installs advertising software on the user's computer." And RealPlayer 11, it claims, "does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled." Ryan Lukin, PR manager for RealNetworks, disputed some of the claims.

Lukin said the Message Center in 10.5 feeds only news and information, product updates, … Read more

On Thursday, the Anti-Spyware Coalition will meet in Washington. Included will be experts from McAfee, Google, and the Pew Internet & American Life project to discuss the latest in spyware trends. In addition to the well-known damage caused by spyware--hawking advertising, stealing passwords, and slowing down PCs--McAfee is calling attention to a little known aspect of spyware: domestic abuse.

"Using spyware for surveillance in cases of domestic abuse is a serious matter," says Anna Stepanov, who manages the Anti-Spyware program at McAfee Avert Labs. She's written a report titled Spyware: A Morphing Campaign (in PDF), which chronicles … Read more

StopBadware.org said Tuesday it has labeled the Sears and Kmart community software known as My SHC Community as "badware," or spyware.

The nonprofit organization run by Harvard Law School, Oxford University, and Consumer Reports WebWatch said it cited the Sears Holding Corporation community in particular "because of inadequate disclosure of extensive tracking and data collection and because the application does not identify itself while running."

In response to several accusations that it collects personal information without proper disclosure, My SHC Community has dramatically revised its Web site since last week. It has, among other changes, … Read more

On Thursday, security vendor Fortinet warned Facebook users that a popular new widget also installed Zango, software that has been labeled by some antivirus vendors as spyware. The Facebook widget, Secret Crush, promises to reveal who has a secret crush on them, and requires the user to add it to their site. Upon doing so, Fortinet says the Zango software also piggybacks in the installation without notification.

Previously, MySpace users were tricked into downloading video from a site called YooTube, which also attempted to install the Zango Cash program.

Zango, also known as 180Solutions and Hotbar, has had a checkered … Read more

Online shoppers who signed up for the "Sears Holdings Community" ("My SHC Community" or "SHC") this holiday season got a gift that keeps on giving: spyware.

Sears defends its actions by saying it clearly notified customers before they accepted the software installation. However, several antispyware researchers found the Sears notification process fails to call out that users' online activities (including logging in to bank accounts) will be recorded and that it generally falls below industry standards.

The concern focuses on software installed by ComScore, an online data marketing firm. ComScore states on its Web … Read more