A utility to fight
installations and repair systems they damage
Status: Coming back from the drawing board
The SpySwatter program (concept) is being redesigned to account for recent advances in spyware. When I first had the idea for this utility, long before the days of polymorphic spyware and the BHO craze, all spyware came in the form of an EXE or DLL with a known filename, in a known location. My simplistic early plan was to install a small dummy file in the place of each known spyware module that, when run, would send a letter to the spyware company and/or pepper their server with phony adware logins containing bogus demographic info.
However, more recent advances in spyware have invalidated this simple plan. The current plan is to release a product consisting of a suite of smaller utilities, collected together into a simple interface. This software will detect and remove malware, monitor key systems areas for unauthorised changes, and repair common problems caused by malware applications. The possibility of sending out bogus spyware packets has not been ruled out.
The most ambitious spyware defense yet
Over several years of fighting and analysing spyware and its ilk, I've could say I've seen it all. But then I'd be lying, because they always have a new trick up their sleeves and can't wait to deploy it on an unsuspecting public. From changing a users' Internet dialup to a 1-900 number, to cannibalizing their Winsock stacks to collect Internet usage info, to loading enormous spy programs onto their systems, to changing their Explorer shells to launch a malicious program everytime a file is clicked, there's no end to the lengths a greedy marketing company will go to in order to make a fast buck. Any countermeasure would naturally have to cover all the bases and then some. This program hopes to guard against not only every currently-known dirty trick in the book, but also the chapters that haven't yet been written.
Intelligence from the front lines
I also hope to include an (optional) "tattle tool" as part of the software. This will allow users to submit reports of suspicious activity, and send suspect files to investigate. It could also include the ability to submit an anonymous report listing the spyware detected and cleaned. These statistics can be used to analyse spyware affiliations or "groupings" (which products tend to appear together), and provide a measure of how widespread each product is. It may also help to determine if any removals were unsuccessful.
For the truly ambitious spyware sleuths, this reporting tool could also be instructed to watch for new background tasks and BHOs, submitting reports when new, unknown modules appear on the system.
Currently I have some GUI programming experience, and now an impressive list of people willing to pitch in help if necessary. For obvious reasons, however, I can't go into specifics about the program. If you have suggestions, nits, advice or words of encouragement (no threats from spyware companies, please), they can be sent to adware-project "at" cexx.org. Many thanks from CEXX and spyware victims alike!