So, Grandpa Albert thinks he might have badware on his computer. It’s just not running the way it used to. Everything is slow. He doesn’t see any pop-up ads like last time but these days it feels like he’s always waiting for something to finish processing.

Grandpa Albert is too cheap to hire any “Nerd Herd” techies to come over so he calls his tech savvy niece, Aimee. She suspects that his computer may be part of a bot network. Millions of computers on the internet today are part of bot networks and there’s a high likelihood that Grandpa innocently visited a hacked site which downloaded infected software without his knowledge.

“Darn criminals,” Grandpa mutters on the phone. “No one’s controlling my hard earned CPU cycles without MY consent!”

Aimee doesn’t have the time to stop by because she’s working on a presentation for the She’s Geeky Un-conference in Mountain View this October. In the meantime, she tells him to try downloading some anti-spyware and she’ll troubleshoot when she can visit later.

Grandpa Albert surfs the net searching for the products Aimee suggested. Seems like there are tons of anti-spyware products out there making lots of promises. He tries typing in ‘spy bot’ into his search engine. Hmmmm. Which one is the right one? Should he download www.Spy-Bot.net, www.SpyWareBot.com, www.SpyBot-SD.net, www.Spybot.com or one of the others?

Grandpa Albert shakes his head. He remembers the scolding Aimee gave him that last time he downloaded a random application from the internet. He didn’t know back then that the screensaver had installed trojans, dialers and all kinds of bad things onto his computer. This time he’d be more careful. Best to stick to the applications Aimee suggested.

He tries typing in ‘ad aware’ into his search engine. Hmmmm. There’s www.AdwareAlert.com and Noadware.net. They both have adware in the title but what about the one from www.LavaSoft.com? They all look good. They all have professional websites. How can he be sure?

Grandpa scratches his head. He types in ‘anti-spyware’ into his search engine and starts surfing around to learn more. He stumbles across Spyware Warrior’s List of Rogue/Suspect Anti-Spyware Products & Web Sites.

Ha! This site says that spy-bot.net is associated with AlertSpy which is on Spyware Warrior’s list as a rogue and suspect application. Spywarebot.com is on the Spyware Warrior list too.

Spyware Warrior says that some of the products listed on this Rogue Anti-Spyware site don’t really provide anti-spyware protection at all and some of them even install spyware/adware themselves!

“Darn criminals,” Grandpa Albert mutters to himself. “These folks are deliberately playing upon name recognition to get their sleazy software installed on my system!”

Yep.

PC World has an article about some new malware tricks. The lead sentence is right on the money:

Microsoft has released a new service pack (service pack 3) for Microsoft Office 2003, the pervasive suite of applications that includes Word, Excel, PowerPoint, and Outlook. This service pack reportedly fixes a long list of security vulnerabilities in these applications. While we have not seen a lot of Office-related attacks lately, these apps represent a potential attack vector that home and business users alike should be trying to block by installing updates like this latest service pack.

Despite popular belief, the Automatic Update feature in Windows does not download updates for Office and other applications, but only for Windows and Internet Explorer. (There is a free download known as Microsoft Update that extends Automatic Update to include Office products.) Therefore, you may need to follow the link above for instructions on how to download and install the service pack.

Since being hired as the manager of StopBadware, I have been proud that we counted amongst our sponsors some of the leading companies in the technology industry: Google, Lenovo, and Sun Microsystems. Their support has been critical to StopBadware’s success in fighting badware through dissemination of research and management of the Clearinghouse appeals process.

We are now excited to welcome two additional sponsors: VeriSign and PayPal. Like our other partners, these two companies are committed to addressing security issues so that the web can be a safer place for all of us. With their help, StopBadware will continue to be an objective source of information about badware and those who spread it.

You may have received an email over the past few days with a message about online privacy – a common subject line being “You are being watched online.” The messages urge the reader to download Tor, a distributed anonymity program popular as a tool to circumvent censorship. Unfortunately, the links in these messages don’t lead to the actual Tor download, but to a dangerous rogue application and pages that attempt to install badware on the user’s machine.

The real Tor website is located at tor.eff.org, and the real Tor software can be downloaded there. Legitimate copies of Tor are verifiable through instructions on the Tor website.

Rogue applications attempting to hijack the popularity of legitimate programs are unfortunately all too common. For example, many rogue applications purport to be anti-spyware tools but are in fact themselves damaging. It’s always a good idea to check out the reputation of any software you’re considering installing, and to verify that the version you’re considering comes from a reputable source. Similarly, be wary when following links in emails from sources you don’t know. An unsolicited link could lead to a page hosting drive-by badware downloads.

You can read more about the Tor spoof in BoingBoing and PC World.