'Spy Detect' software -- is it a scam?

Dennis Faas's picture

Infopackets Reader Bob T. write s:

" Dear Dennis,

First of all, thanks for all the great info. I have a security question for windows. With all the security I have, such as a firewall, and virus protection, I thought I was pretty safe when online. However, the other day I stumbled upon a web site that had the contents of my hard drive revealed to me through a link. The software is called Spy Detect. This is from a security firm that is selling software to stop this sort of thing from happening. I would like to know -- is my computer at risk? "

My Response:

This is a scam that preys on the fact that people are ignorant to Java Script tricks and Microsoft Security exploits in Internet Explorer. The funny thing is that this particular web site claims that what they're showing you is not trick.

When I viewed the Document Source, I noticed that there was a lot of Java Code placed throughout the page. While I did not spent a great deal of time analyzing exactly how they made the files on my hard drive magically appear on the Internet Explorer, the one thing that really caught my eye was that the "report number" (displayed on the HTML page) was simply a randomly generated number produced by the Java Code. This fact alone was enough to indicate to me that this web site was less than honest.

You can what I'm referring to here in their HTML document code:

//report; var randomnumber = Math.floor(Math.random()*99999); document.write("Report <b>"); document.write(randomnumber); document.write("</b> created on ")

Anyway, don't waste your time visiting this web site.

Afterthoughts

Originally when I visited the site, I was able to view the contents of my hard drive through their Java Script exploit. However, the latest Microsoft Java Virtual Machine security patch (September 18, 2002) seems to have taken care of this problem.

Rate this article: 
No votes yet