[Dshield] OT: Discussion forums for spyware, adware and malwarein general?

Shawn Cox shawn.cox at pcca.com
Thu Dec 4 14:26:20 GMT 2003

All the more reason to have a place where we can go to discuss with others
the problems we are having.

Case in point and the original reason for my message:
One of our client machines was "infected" with a new strain of ClientMan
which was released on 11/28.  As of 12/3/2003 none of the major cleaning
tools could deal with the new version and so we were left to spend the day
hunting down what turned out to be 9 .dll's, 2 .exe's and 3 BHO's.  What I'm
looking for is a place where not only I could go to look for folks having
the same problems, but to share what I found in cleaning the malware up.

So far I have found these resources and they will be at the top of my search
list when things go awry.


There are forums and live chat rooms with like minded folks here with which
to discuss specific or general problems.


----- Original Message ----- 
From: "Kenneth Coney" <superc at visuallink.com>
To: <list at dshield.org>
Sent: Wednesday, December 03, 2003 10:56 PM
Subject: Re: [Dshield] OT: Discussion forums for spyware, adware and
malwarein general?

> Subject: [Dshield] OT: Discussion forums for spyware, adware and malware
> general?
> From: "Shawn Cox" <shawn.cox at pcca.com>
> Date: Wed, 3 Dec 2003 08:40:40 -0600
> To: "General DShield Discussion List" <list at dshield.org>
> Does anyone have any resources for discussing adware, spyware and malware
> general?  We have discovered an adware infected pc which cannot be cleaned
> by any of the major tools.  It's a modified version of ClientMan and it's
> rat B4st4rd.  I have the feeling that these nasty ad/spy-ware type apps
> going to become as bad as viruses in their mutation and difficulty in
> cleaning.
> --Shawn
> _____________________________________________
> Harder than you know.  Read what LavaSoft (the makers of Adaware said in
> their newsletter.  Someone gonna talk to Dell?
> "Wake Up Call
> Editorial by Aaron Hulett - Chief Research Officer, Research & Development
> Currently there are some discussions within the security and privacy
> communities surrounding Dell Inc.'s stance that they do not endorse the
> of spyware removal software and cannot provide support for them, and the
> alleged instruction to its support staff to not provide support for
> removing such items from users' computer systems, even if such items are
> causing the undesired issues described by the caller.  Some in the
> community see it as the user's total responsibility, citing that they
> should have known enough to not install unwanted items like this in the
> first place.  Some see it as crumbling to 'pressure' from manufacturers of
> programs that track usage information or display pop-ups during use.
> Others see it as a precautionary move against violating End User License
> Agreements (EULAs) that users have agreed to when installing such
> But the big picture is that many are moving away from aiding in removing
> trackware or advertising-based applications for fear of being sued for
> mislabeling or for helping the user violate EULAs.  The industry is taking
> a precautionary stance, and it's paving the way for data-mining companies,
> browser hijackers, and other various commonly unwanted applications to
> spread like wildfire, with nothing standing in their way.  The swarms of
> user frustrations over why their homepages keep changing, or why pop-ups
> appear out of the blue, are heard only by the few that are willing to
>   But even then, some invoke questionable remedies, including illegal
> 'fixes' that the user has no idea they're doing, including replacing files
> with 'dummy' replacements which trick applications into thinking the
> agreed-to component is still present, when in fact it's not.  Or even
> worse, they illegally reverse-engineer programs, removing the commonly
> unwanted components, and upload their versions for distribution.  So, when
> companies, such as Dell, take the position they have, can you really blame
> them?
> The issue, when it comes right down to it, is that, based on user
> posted in our support forums, in the majority of cases, most users were
> unaware of installing data-mining or pop-up-causing or homepage-hijacking
> programs and etc. in the first place.  Reasons?  First off, many EULAs are
> either confusing, or simply bury the fact they're installing data-mining
> advertising modules along with their software.  Some are even worse and
> install such software even if the EULA has been disagreed with, and the
> installation terminated at that time.  Even worse than that is when items
> are unknowingly installed by simply visiting a homepage, or by masking
> their download as something different.  The user doesn't know it's been
> installed until after the pop-ups begin, or their homepage unexpectedly is
> changed.
> The solution?  From the discussions I've seen, some among the security and
> privacy communities believe that the users should be responsible for
> present on their computers, and that ultimately, if something's installed
> on their systems that's causing undesired operation, they should have
> responsibility to read the EULAs prior to installing, and should therefore
> be responsible for removing it on their own.  And in a way, that's true.
> Instead of zipping along the installation, possibly clicking the Agree
> button to an EULA they haven't fully read, they should take the time to
> read and understand what's stated within.  But users have a lot stacked
> against them.  Some may find the EULAs confusing, or simply miss the one
> two sentences explaining that data-mining, pop-ups, homepage switching, or
> other activities not normally associated with an installation will occur
> when the install is performed, as they're located intertwined with the
> other information.  Some EULAs don't disclose that it's going to happen,
> they don't fully explain what information, if any, is collected while
> a product.  Some perform what we call a fly-by install, where the user
> doesn't even know the install has occurred until after its undesired
> effects have started.  Some don't even have an uninstaller!
> Seeking help, users then turn to their support channels.  It is
> that for many, one support channel has now joined the seemingly growing
> list of support channels unable to assist with removing items such as
> presented for removal by a consumer-reporting tool such as Ad-aware.  Of
> course, we will continue to inform and educate users about what's running
> on their systems, and what they may want to be aware of present. And also,
> just as we have from the beginning, we will not support violating the
> of applications by placing 'dummy' files to trick programs into thinking
> the EULA is being complied with.  The user must either accept the
> components as per the EULA, or seek a different application.  But, the
> way to reach the goal of ridding security and privacy concerns such as
> from occurring in the first place is if the community sticks together in
> enforcing that many users simply prefer not to have these types of things
> as requirements to use software, and that to them, placing such items on
> their systems is unacceptable."
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list