Spyware/Spydeleter, Malware that Tries to Blackmail Users Online
Panda Software’s antivirus solutions effectively detect and neutralize the actions of this malicious application, whose author is now in the hands of the law
Over the last few days, some media -such as USA TODAY (http://www.usatoday.com/tech/news/computersecurity/
2004-10-24-spam-king_x.htm)- has reported a civil lawsuit filed in the USA against Stanford Wallace, known as the Spam King, ordering him to disable a malicious application -Spyware/Spydeleter- that blackmails users into paying to remove the application from their computers.
Spyware/Spydeleter is a script that can download up to nine spyware programs to the computer. It is also installed on users computers when they visit web pages, either through links or Java scripts that do this automatically.
Once it has reached the system, Spyware/Spydeleter downloads the spyware programs through FTP connections. Similarly, it creates several processes and leaves them memory resident. These processes have names like sd.exe or sd3.exe and ensure that the script is running at all times.
Finally, Spyware/Spydeleter creates several entries in the Windows Registry. The most visible symptom of these entries is that they change the home page of Microsoft Internet Explorer for another page warning the user that the computer could be infected by spyware. This page also includes a link where the user can supposedly find help to clean the computer. If the user clicks on this link, a page opens from which the application Spy Deleter is downloaded, which will remove the spyware from the computer for the “modest” price of 29 dollars. The situation is made worse by the fact that Spy Deleter has apparently been programmed by the same person that created and distributed the malicious script.
What’s more, affected users may also find that two links called Click to Remove Spyware and Remove Spyware Now have been created on their desktop which point to this purchase page.
According to Luis Corrons, head of PandaLabs, “it could be said that this is the start of a new era for malware, in as far as many of the authors of these kinds of programs are not just trying to prove that they can create damaging code better than the rest, but are trying to make a profit out of doing so. The number of fraud attempts through phishing is growing and many Trojans are circulating that try to steal confidential data, above all, bank account details. Now more than ever, it is vital to take precautions in the Internet, especially as they can hit where it most hurts: users’ pockets.”
However, while this lawsuit is settled, computers could be affected by this malicious script. Panda Software recommends users to take precautions when they browse the Internet and to keep their antivirus updated. Panda Software’s antivirus solutions effectively detect and neutralize this malicious application, as well as other spyware programs that may be installed, restoring the changes to the system made by these applications.
For further information about this and other computer threats, visit Panda Software’s Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/
In addition, users can scan their computers online for free with the Panda ActiveScan, available at
On receiving a possibly infected file, Panda Software’s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.