This really is the most contemptible form of malware (too lame for pit)

OK, I’m an IT guy, so I hate (among other things) malware; I hate it when some little hidden process lurks in the background, quietly mangling files, or doing the nefarious bidding of its distant master; I hate it when I have to struggle to delete a pair of trojans that keep reinstating each other every time one of them is killed.

But you know what I hate the most? Malware that brazenly masquerades as anti-malware. I won’t link to it, but the braver of you may wish to check out something called SpyFalcon; it purports to be a solution to remove malware from your PC; there’s even a bright, flashy website extolling its virtues. But what it really does is to install trojans on your computer; trojans that use your computer as a mail relay, or that just open the door to more infection and corruption.
And as I forcibly removed this hideous entity from my boss’s computer, it fought back with desperate, almost living fury; popups screaming “YOUR COMPUTER IS INFECTED! - click here to install SpyFalcon AntiSpy” burst upon the screen; it tried to shut down explorer windows, it popped up fake websites offering me any number of easy-to-install programs that promised to make my computer secure (but were, of course, more malware).

It’s gone now; I booted into Safe mode and drove a stake through it’s executables, but it made me sick to my stomach that someone not only chose to create this filth, but also decided to go to so much effort to package it as beneficial software. That’s what I really hate.

I find it interesting that although their website advertises the product as an anti-spyware program, all of their “testimonials” talk about its fabulous popup blocking features.

Moreover, they have the bare-faced cheek to charge for the program.
I discovered another thing it does; somehow, it biases google search results (or perhaps just plain spoofs them); I google searched for Spybot from the infected machine and the topmost results were all pages detailing how Spybot is ineffective and that you shouldn’t bother with it, using instead something good like… SpyFalcon! (or SpyAxe, which is one of SpyFalcon’s previous incarnations).

I don’t wish death on the creators of this loathsome creation; I wish them deep misery.

To restore the balance of IT yin/yang though…

Let me just say that Netgear routers are the bees tits; I installed a combined ADSL modem/Router/Access point yesterday and it was unbelievably straightforward; a real pleasure to set up; I have done the same with products from D-Link, Belkin, Buffalo and a couple of others, but Netgear kicks all of their asses when it comes to router configuration firmware.

It’s often called betrayWare. Quite appropriate term, I think,

Speaking of which, check out the Google ads . . .

Isn’t there some government agency (FBI?) that you can notify about this obviosly illegal program? I mean, a lot of these “betrayWare” (I like that name) programs are hard to track down, because they only appear in random popups and google ads, never to be seen from again. But this one has its own large website, you say? Selling it’s virtues, which all seem to be lies? It seems like it would be an easier target for them to go after.

Two words: Google Desktop.

I was blissfully unaware of this until a couple days ago, when I was tasked with finding a way to keep it from running in my environment (yeah, I know it’s been around for a while, everyone knows about it, I’m a slacker for not proactively learning about it, whatever - I’m jaded, what can I say).

They’re not the only ones – its a common practice to do a free spyware scan that puts spyware on your computer.

See Spyware Warrior. It lists 269 “antispyware” programs, only six of which are legit.

BTW, their entry on Spyware Falcon is:

Could you tell me a bit more about this; Google Desktop was also installed on the computer I mentioned above and I left it alone, perhaps lulled into a false sense of security by the name.

I understand that it’s possibly spyware, in the classic sense that it indexes and possibly publicises private data, but is it actually malicious, or subject to known exploits?

Another one of the malicious ‘anti-spyware’ things out there is SpywareStrike, which will put a bunch of fake windows update icons in the system tray that say you have a spyware infection and you should click there to download the most effective anti-malware tools to remove it - surprise surprise - attempting to get you to shell out money to SpywareStrike.

It’s nothing short of extortion.

Same company as SpyFalcon, I believe.

Yup. I honestly think that anyone who has been tricked by them into paying money, should get a free bat and five minutes with the creator. If you had to spend time to remove this crap, you should be allowed to buy a bat (with proceeds going to something like CERT) and get the amount of time with the creator as you lost trying to remove the malware.

You’ve got it - it indexes and publishes everything on your machine. I don’t think it’s malicious by design or intent, but by installing Google Desktop, you are inviting Google to observe, record, collate, and interpret every single keystroke, every single website visited, every single document viewed, and so on.

Voluntarily delivering yourself to the Ministry of Truth, in other words. :smiley:

A couple of hours, in my case, but instead of a bat, I’d prefer to use a pin.

For Google Desktop, just roll down to the bottom of the Preferences page and un-check Advanced Features. Also, about midway up the page, you can encrypt the index, which is most useful if you’re on a corporate system and your files are backed up to a group server.

Actually, I’m going to prohibit it from running via Group Policy; the end-users cannot be trusted to use this tool properly.

Conversely, you could give them the Enterprise version which lets you set policies while still allowing people to use it.

I put about a day’s worth of contemplation against that idea, but ended up on the completely prohibit side of the fence. Some places, maybe, but we’re a software company, so all of our goods are in the ethers.