Note to our younger readers: Installing spyware on school computers and hacking your way into the system to change your grade is a terrible idea. A pair of teens in Orange County, California are accused of exactly that and now one of them faces a maximum prison sentence of 38 years in jail on multiple counts of second degree burglary, identity theft, computer access and fraud, removing and secreting a public record, and altering and falsifying a public record.

Omar Khan, 18, faces these most severe charges, while his accomplice, Tanvir Singh (also 18) faces lesser charges of conspiracy, burglary, computer fraud and altering a public record and faces a maximum sentence of three years in jail.

Kahn and Singh are accused of breaking into their school to steal tests and alter records, as well as hacking the schools network to change not only their grades, but the grades of 12 other students in the schools computer system. Why is Khan in so much more trouble than his pal Singh? Namely, it's the the identity theft and computer fraud charges, both heavy-duty felonies.

Okay, so you've got some brains, guys, but next time, try cracking open a book! [Source: Channel Web]

Is Facebook too friendly?

It seems the social behavior of the networking site's users is itself to blame for the proliferation of a spyware application on users' computers.

Users are invited to find out who their "secret crush" may be by adding a new Facebook widget to their Facebook accounts. (Widgets are the names of third-party developed applications for Facebook that allow users to share information, play games, or send specific kinds of messages to each other. They are not supposed to capture and store users' information.)

Once the application is installed, it attempts to download a well-known spyware program called Zango. Internet and computer security provider FortiGuard actually calls it "the infamous Zango adware/spyware." That means treat it like the color red in nature -- stay away.

The whole purpose of Facebook is to add and use these widgets freely to better enhance the social networking experience, which many users do without considering what information they may be sharing and with whom. In this, users are giving away not only their own information but providing more potential victims by inviting their own friends to add the widget (because the widget makes you invite at least five friends in order to see your supposed secret crush).

And, in the end, there is no "secret crush," so you'll just have to keep searching for love in all the wrong places.

For a good rundown of just what this spyware looks like on Facebook, check out the detailed walk-through on Fortiguard's site.

The Secret Crush/Zango adware invasion on popular social networking sigtes is a wake-up call to all of us who have been adding new widgets, willy-nilly, to our Facebook profiles. Let's all be a little more discerning.

From FortiGuard.

Related links:

• Sears Using Spyware to Monitor Your Personal Information
• Facebook Under Fire for Spyware Ad System
• Best Facebook Apps for the Office
• Facebook Ads Raise Privacy Concerns

If you've signed up to receive e-mails from Sears, and then clicked on to join the retailer's "My SHC Community," it's likely you've been providing more information to more people than you thought. Even more troubling, it turns out that you're not just sharing information with Sears, but also with a company called comScore, which tracks and aggregates Internet browsing habits.

Installing the software from Sears results in the installation of software called VoiceFive, which provides data to comScore. It's essentially spyware. comScore is the company behind the (disputed) numbers that indicated more people were stealing Radiohead's latest album than downloading it legally, as well as the statistics that showed GodTube was the fastest growing site last August.

These sorts of stats come from monitoring and compiling the habits of millions of Web surfers who are often unknowingly running the comScore software. Likewise, those who have installed the software through links from Sears may not actually know what they're participating in. Buried deep in the privacy statement users must agree to before signing up for SHC is this frightening statement:

Once you install our application, it monitors all of the Internet behavior that occurs on the computer on which you install the application, including both your normal web browsing and the activity that you undertake during secure sessions, such as filling a shopping basket, completing an application form or checking your online accounts, which may include personal financial or health information.

Sounds scary, especially the part about monitoring "both your normal web browsing and the activity that you undertake during secure sessions, such as...checking your online accounts." The bit about "personal financial or health information" is scary, too. The above wording would certainly ward off anyone who actually reads these sorts of things, but we're guessing that the average Sears shopper isn't thoroughly scanning through the privacy statement.

According to BetaNews, the disclosure may be a little too well hidden to meet the intents of FTC regulations that require companies to make such spyware inclusion very clearly apparent. Many would agree that burying it in the middle of a multi-page privacy statement doesn't do much for clarity.

From BetaNews

Related Links:

• Most People Downloading Radiohead's New Album for Free
• Download Stats Are Wrong, Says Radiohead
• Christian YouTube Is the Fastest-Growing Site on the 'Net

The battle between malicious software makers and computer security companies has taken a new turn. Spammers have turned users against themselves and against the security firms trying to protect them.

The latest security system to undergo assault by spammers is CAPTCHA, or "Completely Automated Public Turing Test to Tell Computers and Humans Apart." CAPTCHA displays a series of letters and number that are distorted and overlaid with visual artifacts (as seen above) in order to prevent automated systems from sending spam, hijacking services, and overtaking forums and blogs. You've probably seen these optical illusions countless times when signing up for a variety of services.


The new tool -- also known as malware -- in the spammers box of tricks is a PC program that shows pictures of a woman in increasingly scanty states of undress each time users correctly spell out these scrambled images of letters. This malware program arrives via e-mail and shows up on your computer as soon as you open the Internet Explorer Web browser.

The woman, called Mellisa, is currently being used to help spammers break through the protection on Yahoo! Mail sign ups, but it's not hard to imagine its use becoming more widespread soon.

We shouldn't have to say it, but here's how you can prevent these types of malware scams from infecting your computer: Run spyware removal software and virus scans on a regular basis, don't open e-mails or attachments from unfamiliar sources, and immediately remove any software if you don't know where it came from.

From The BBC

Related Links:

• Porn Spammers Get Prison Time
• Nude Celebrity E-Mail Infects More Than Curiosity
• Online Videos Could Deliver Viruses, Experts Say

MySpace is a minefield. Time magazine even put the social-networking site on its list of 'Five Web Sites to Avoid.' Even we here at Switched have posted endless coverage of the sexual predators, spammers, and hackers that have made the MySpace risky at times for anybody not browsing with a sandboxed Firefox browser.

Now, the hackers have managed to expand their attacks beyond the usual faux profiles or hijacks of your friends pages. They're starting to hit the MySpace pages of celeb musicians such as Alicia Keys.

The hack is actually quite sophisticated and involves multiple avenues of infection. Just visiting Keys' page prompts spyware to attempt to install itself on your PC.

If that fails, the page will then ask you to install a codec to allow you to view a video. The codec is fake and if you accept the installation, you will get instant spyware infection! If that fails, the entire background image of the page is a link. Miss any of the legitimate links on the page and you'll be taken to a Web site registered by a Chinese company Xiamen Hua Shang Sheng Shi Network Co. Ltd. That Web site also tries to install malicious code on your computer.

It's a big mess!

Security experts at Exploit Prevention Labs, a company that tracks pages containing malicious code, spotted the hack when Keys' s MySpace page was flagged by users of the company's LinkScanner system.

Keys's page has been confirmed as being cleaned by MySpace and LinkScanner.com, but all that could change in a matter of days.

From PC World

Related links:

• Five Web Sites You Should Avoid
• Five Things to Avoid When Dating Online
• Is MySpace's Tom Lying About His Age?

For most Internet users, retrieving wanted e-mail messages is like hacking through the dense underbrush of a rainforest using a Jason Voorhees-sized machete. But, instead of vines and tree branches, it's pitches for stock deals and Canadian penis pills you're hacking through.

Though junk mail is a modern inconvenience we've mostly gotten used to, it's no less shocking to learn that spam now accounts for a whopping 83% of all e-mail messages sent and received worldwide -- this according to a new study by e-mail security firm IronPort Systems. That's 60 billion to 150 billion bogus messages every single day.

Here are a few ways of deflecting some of that garbage:

• Keep two e-mail addresses –- one for personal correspondence and one for Web sites that request your e-mail address, like when you're shopping or signing up for contests.
• Do not use your real e-mail address on your personal Web site, blog, MySpace page or Facebook page. Ditto for Craigslist or any other type of online classified ad. That's because spammers use programs called bots, which are constantly trawling the Internet in search of new addresses to hammer with junk mail.
• Services like Dodgeit.com, myTrashMail.com and others let you create temporary, disposable e-mail addresses for signing into sites and forums that require an e-mail address to enter.

Find more tips for blocking spam at GeekSugar and Wired.

Related Links:

• Spammers' New Methods of Deception Uncovered
• Majority of Americans Can't Spot E-mail Scam
• The Hit Man Spam Scam

Privacy advocates, prepare thy letter writing hands. A student at Timberline High School, outside Seattle, Washington, has recently been arrested for calling in repeated bomb threats. That, you should have no problem with.

The scary part is the manner in which he was caught and convicted. Josh Glazebook, 15, taunted authorities via e-mail and even created a MySpace profile called Timberlinebombinfo (shown), which used the alias Doug. It's through this profile that the FBI was able to track down Josh. Using a fake profile, the FBI sent a message to Timberlinebombinfo that installed a hacker-style trojan horse on his PC. The FBI spyware collected a wide range of information including the computer's IP address, MAC address, open ports, a list of running programs, the operating system type, version and serial number, preferred Internet browser and version, the computer's registered owner and registered company name, the current logged-in user name, the last-visited URL and the IP Address of every computer it connects to. Phew...

The FBI was able to install this program without a suspect or wiretap warrant because "under a ruling this month by the 9th U.S. Circuit Court of Appeals ... Internet users have no 'reasonable expectation of privacy' in the data when using the Internet."

So note: Simply using the Internet disqualifies you from normal expectations of privacy and safety of your data.

See Wired for the full story.

Related Links:

• 1,000 Cell Phones Smuggled Into CA Prisons
• Man Charged for Using Cafe's Free Wi-Fi
• MySpace Hands Over Sex Offender Data

Though it was just a few short weeks ago that the House of Representatives passed legislation attaching prison time to the use of spyware, another bill has just sailed through that takes an even stricter stance.

Last month's legislation was altered at the last minute to remove a key component requiring companies to notify users of what is being installed and to obtain consent. It was removed to appease the software industry, which claims the caveat will unnecessarily burden developers and harm technology investment.

However, lawmakers have now added those requirements back into the new bill, which passed with huge bipartisan approval by a vote of a 368 to 48.

The bill now heads to the Senate, which, historically, has been very unkind to spyware legislation. At this time, the Senate has not yet decided when or if it will even take up the bill.

We can't remember the last time we were taken out to a fancy dinner by the software industry lobby, so it strikes us odd that anyone in their right mind would ever vote against protecting U.S. citizens from spyware.

From Beta News

Related Links:

• Man Charged for Using Cafe's Free Wi-Fi
• MySpace Hands Over Sex Offender Data
• NY State Preps Video Game Legislation

A new study has found that Internet searching is getting safer overall, but that certain search terms -- particularly those related to music and technology -- are more likely than others to steer users in the direction of spyware and other malicious code.

The study was conducted by security software maker, McAfee, which used its SiteAdvisor program to test 2,300 popular search terms across the top five search sites: Google, Yahoo!, MSN, AOL and Ask.com. SiteAdvisor rates sites based on the presence of spyware, viruses, excessive pop-up ads, junk mail or other nasties.

Using this criteria, SiteAdvisor had a beef with 42 percent of results returned for the search term "screensavers," and found other words such as "LimeWire" and "Kazaa" similarly dubious. Overall, it found four percent of search results returned by the top five sites to be risky. It also found that among keyword ads returned alongside search results, seven percent led users to suspect sites. The good news is, these numbers are down from last year: five percent and 8.5 percent respectively. What's also interesting is that, according to McAfee, searches performed through Google, AOL and Ask.com were safer than those run though Yahoo! and MSN. Of course, AOL and Ask.com use Google to power their search engines.

The lesson to be taken away from all of this? If you're looking for trouble (i.e., searching for file-sharing programs), trouble will find you. If you're an upstanding search citizen, then you're safer than you used to be.

From USA Today

Related Links:

• House Passes Spyware Bill
• Top Reviewed Virus Killers
• Fewer Illegal Downloads For Kids

Good news for Windows users! Yesterday the House passed legislation that attaches jail time to the criminal use of Internet spyware.

According to the new bill, accessing a person's computer without authorization and with the intent of committing a federal offense would be punishable with up to five years in the clink. Illegally obtaining or transmitting personal information with the intent to scam or hurt that person or damage his or her computer would fetch an additional two years behind bars.

The bill also grants the Justice Department $10 million per year over the next four years to help combat other computer scams such as 'phishing' and 'pharming,' which dupe users into handing over personal information through the use of fake Web sites and e-mails.

It's nice to see that some members of government finally have our backs when it comes to Internet crime. It's just too bad the House has passed similar bills in the past -- none of which has ever made it through the Senate.

From USA Today


Related Links:

• Top Rated Virus Killers
• NY State Preps Video Game Legislation
• Troops Barred From MySpace and YouTube
• MySpace Hands Over Sex Offender Data

Whether you're trying to keep goons out of your bank account or off of your wireless network, safe computing isn't as easy as it used to be. Even if your network and accounts are on tight lock down, there's always the specter of the evil computer virus.

The threat of virtual infections dates back to the earliest days of computing when viruses spread from machine to machine via floppy disks. But, today a malicious program can hitch a ride on e-mail messages and infect computers around the globe within hours. Thankfully, anti-virus software has been around for nearly just as long as the viruses themselves.

To help you determine which is best for your computer, PC World has compiled a list of the top eight anti-virus performers. The roundup compares how well each program detected and removed computer viruses, as well as how quickly each was able to identify other malicious stuff may have snuck in (like 'spyware' that tracks your web browsing habits).

According to PC World, Kaspersky Anti-Virus 6.0 takes top honors. The software caught 96 percent of the bad stuff testers threw at it and boasted an easy-to-use interface, to boot. Unfortunately, the Kaspersky brand of protection doesn't come cheap, gouging you for $50 up front and another $35 per year for updates. Like nature, after all, new viruses crop up all the time -- making anti-virus software kind of like your computer's own little version of Dr. House.

From PC World

Related Links:

• Hack-Proof Your Home Network

What's that putrid smell, you ask? That, friend, is the mounds and mounds of junk mail piling up all over the Internet. According to a new study by research firm IDC, 2007 is the year when the number of spam emails being sent and received will outnumber legitimate person-to-person (P2P) emails. Two factors are at play:

1. Image-based spam is becoming increasingly popular with spammers and can more easily dodge junk-mail filters.
2. P2P email traffic is actually decreasing as instant messaging and Internet phone calling gain more and more acceptance.
   

To learn more about how you can avoid spam, check out this guide from PCSTATS.

From TG Daily