Mark Russinovich tracks a spyware infection on a clean system that takes five minutes (!) to install. He writes on his blog:

Since the release of the first antivirus products many people have believed in a conspiracy theory where antivirus companies generate their own market by paying virus writers to develop and release viruses. I don’t subscribe to that theory and trust the major security vendors, but recent trends show that there’s a fuzzy line between second-tier antispyware vendors and the malware they clean.

The most innocuous of malware-like antimalware behaviors is to advertise with web site banners and popups that mislead average users into thinking that they have a malware problem. Most of the advertisements look like Windows error dialogs complete with Yes and No buttons, and although the word “advertisement” sometimes appears on the dialog background, the notice is usually small, faded and far from the area where users focus their attention. Even more unlike Windows dialogs, however, is the fact that clicking anywhere on the image, even the part that looks like a No button, results in the browser following the underlying link to the target page. Here’s an example I ran across recently on a popular web site…

[Continue reading The Antispyware Conspiracy]

[tags]spyware,malware,conspiracy,spyaxe,spysheriff,spyware cleaner,spyware stormer,false,positive[/tags]