Slashdot Mirror

bonch writes "Technology consultant Benjamin Edelman has developed a methodology for determining the existence of a hard-coded bias in Google's search engine which places Google's services at the top of the results page. Searching for a stock ticker places Google Finance at the top along with a price chart, but adding a comma to the end of the query removes the Google link completely. Other variations, such as 'a sore throat' instead of 'sore throat,' removes Google Health from its top position. Queries in other categories provide links to not only Google services but also their preferred partners. Though Google claims it does not bias its results, Edelman cites a 2007 admission from Google's Marissa Mayers that they placed Google Finance at the top of the results page, calling it 'only fair' because they made the search engine. Edelman notes that Google cites its use of unbiased algorithms to dismiss antitrust scrutiny, and he recalls the DOJ's intervention in airlines providing favorable results for their own flights in customer reservation systems they owned."

Gandalf_the_Beardy writes in with news that's been around a while but is getting more attention lately. Last month Benjamin Googins, a security researcher at CA, determined that Sears Holding Corp. installed ComScore spyware without adequate disclosure. Sears said, yes we tell people about tracking their browsing. On Jan. 1 spyware researcher Ben Edelman weighed in, noting that Sears' notice occurs on page 10 of a 54-page privacy statement, and twits Sears because its installation identifies the software as "VoiceFive" and later claims it's coming from a company called "TMRG, Inc." even though a packet sniffer confirms the software belongs to ComScore, adding "These confusing name-changes fit the trend among spyware vendors."

Jamie found an interesting story about how Spyware is still on the move. It talks about how Spyware vendors are trying to clean up their image, but still doing fishy things. It breaks down several common types of spyware and some analysis of each.

Dotnaught writes "A new study by spyware researcher Ben Edelman finds that spyware-driven traffic inflation is common, particularly at video sites. The study identifies Bolt.com, GrindTV.com, Broadcaster.com, Away.com, RooTV.com, and Diet.com as the beneficiaries of spyware-driven traffic. 'Our measurement systems are inaccurate for the amount of trust we'd like to put into them,' Edelman said. 'So that's the puzzle: How do you build an advertising economy when the number can't be trusted?'"

Ant writes "According to Ars Technica, security researcher Ben Edelman revisited his May 2006 report on the relative risk of search engine results. In the original report, Edelman found that 5 percent of the results provided by search engines were marked as either "red" or "yellow" by SiteAdvisor, indicating that they presented some risk to the user. Now, Edelman says that his new study has shown that only 4.4 percent of such sites are risky, representing a drop of 12 percent since May... ... The study found that not only can regular links found by search engines be dangerous, the sponsored links that appear in prominent positions in the results pages can also be harmful. In fact, in the May study, sponsored links were more than twice as likely to be linked to malware than non-sponsored links (8.5 vs. 3.1 percent)."

Behind the Front writes "eWeek has teamed up with Joe Stewart, a senior security researcher at SecureWorks in Atlanta, to show the inner working of a massive botnet that is responsible for the recent surge of 'pump and dump' spam. It's a detailed picture of how these sleazy operations work and why they're so hard to shut down. Sobering numbers: 70,000 infected machines capable of pumping out a billion messages a day, virtually all of them for penis enlargement and stock scams. Excellent graphics, too, including one chart that shows that Windows XP Service Pack 2 is hosting nearly half the attacked machines."

Unwanted Software writes "There's an interesting interview on eWeek with Joanna Rutkowska, the stealth malware researcher who created 'Blue Pill' VM rootkit and planted an unsigned driver on Windows Vista, bypassing the new device driver signing policy. She roundly dismisses the quality of existing anti-virus/anti-rootkit products and makes the argument that the world is not ready for VM technology. From the article: 'Hardware virtualization, as recently introduced by Intel and AMD, is very powerful technology. It's my personal opinion that this technology has been introduced a little bit too early, before the major operating system vendors were able to redesign their systems so that they could make a conscious use of this technology, hopefully preventing its abuse.'"

An anonymous reader writes, "Over the past few days, adult webmasters have been accusing adware maker Zango of 'stealing sales' by means of the following method: Computer users with Zango's adware on board will pop open a window containing the affiliate merchant's site they happen to be on at the time, except with Zango's own affiliate code in the window. By doing this, Zango claims credit for the sale and the original, rule-following merchant, the one who referred the user there, loses out. Despite this practice having been around since at least 2004, it seems the adult webmasters are only just realizing this takes place — surprising, considering how deeply connected the worlds of adware and porn are. It seems pornographers pushing adware is acceptable only as long as they aren't the ones getting burnt. Part of me doesn't care, and part of me hopes they carry the financial clout to force Zango to change their current practices."

aricusmaximus writes "A California student is now facing felony conspiracy charges after unleashing a botnet attack that shut down the network of a Seattle hospital intensive care unit. This indictment comes a few weeks after another California man pled guilty to similar charges. Both attacks were attempts to make money off of adware affiliate programs. So who's really at fault here? The students? The hospital for not securing their computers and network? Or the adware companies for providing the incentive?"

rhizome writes "Benjamin Edelman, a PhD candidate in Economics and a Law student at Harvard, has analyzed the hidden (or not) additions to a user's machine when they install some of the major Windows P2P clients. He analyzes the length and readabilty of their licenses, what is revealed or hidden in the software's installer and includes screenshots for illustration. Clear, concise and eye-opening."

emcron writes "Ben Edelman has been doing great forensic work looking at spyware, adware, and malware. His latest piece, How VeriSign Could Stop Drive-By Downloads, turns the harsh light of public scrutiny on VeriSign's grubby practices in issuing digital certificates to vendors who try to install spyware by tricking users into clicking 'yes' with low-down dirty lying dialog boxes. Now, Ben wants VeriSign to clean up its act: it should refuse to issue certificates to companies that use obviously fake names (such as "CLICK YES TO CONTINUE") or that use those certificates to deceive consumers."

NW writes "Ben Edelman just published a list of major investors in spyware companies totaling over $139 million in venture capital." Slashdot has not verified Edelman's information, and please note that harassing the receptionist at these places is unlikely to cause any change in their investment policies.

metalion writes "True to the saying 'no honor among thieves,' adware company, Avenue Media, is finding that competing adware company, DirectRevenue, is detecting and deleting their software. Now Avenue Media is crying foul and have filed a lawsuit against DirectRevenue stating that DirectRevenue 'knowingly and with intent to defraud, exceeded its authorized access to users' computers.' DirectRevenue acknowledges that it may uninstall competing applications in its user license agreement. A researcher at Harvard University, Ben Edelman, reasons that 'Once the computer is infected with 10 different unwanted programs, the person is likely to take some action to address the situation.' Just how far will adware companies go to continue to attempt to bombard us with their ads?"

theVP writes "Ben Edelman has recently written up his disassembly of the Gator EULA. He has come across some interesting finds, including the fact that their EULA states that you can't remove their software via 3rd-party means, as well as prohibiting the use of packet sniffers or intercepting the data coming from their software."

zagman asks: "I am doing some research on SpyWare / AdWare, and how to prevent/contain the problem, and am looking for some of those 'Bad Sites' - you know, the ones which take advantage of any of the known exploits and installs a whole bunch of software without your knowledge (or sometime with it). I am testing this on IE6 on an XP-SP1 box (no further patches) and also IE6.02 on a XP-SP2 box. Can anyone out there recommend some 'good' bad-sites for me to go? Benjamin Edelman did some similar work, and posted his results, but I also want to compare Mozilla and FireFox's response as well. Thanks out there!" Update: 11/24 4:05pm EDT by C : In case it hasn't been mentioned already, a considerable amount of infection can be obtained from a single website. Any other infectious goodies out there?

Ben Edelman has written extensively on issues including censorship and spyware. He's got a very interesting piece on his site now about who profits from spyware, and how much spyware can be installed on a Windows XP machine when the user simply visits a single Web site using Internet Explorer.

Ben Edelman has written extensively on issues including censorship and spyware. He's got a very interesting piece on his site now about who profits from spyware, and how much spyware can be installed on a Windows XP machine when the user simply visits a single Web site using Internet Explorer.

TheFarmerInTheDell writes "According to CNet News, a judge in Utah has granted an injunction to WhenU.com to temporarily halt the state's new anti-spyware law from going into effect. WhenU filed suit in April asking for an injunction, and this judge has decided that their claim of abridging their First Amendment Rights has enough merit to issue the injunction. What about our rights not to have to deal with this scumware?" (This previous post mentions Ben Edelman's research on WhenU and other spyware makers' activities.)

stev_mccrev writes "Harvard Student Ben Edelman released this report documenting at least thirteen web sites operated by WhenU (the spyware company who recently sued Utah) that use cloaking to fool search engines into higher rankings. WhenU was dropped by Google and Yahoo! on May 12; on May 13, WhenU CEO Avi Naider confirmed the accusations, but added that the questionable practices were the work of its heretofore undisclosed search engine optimization (SEO) firm--which, he said, was promptly fired following the news." (Here's a link to Edelman's previous reports on WhenU's activities.)

stev_mccrev writes "Harvard Student Ben Edelman released this report documenting at least thirteen web sites operated by WhenU (the spyware company who recently sued Utah) that use cloaking to fool search engines into higher rankings. WhenU was dropped by Google and Yahoo! on May 12; on May 13, WhenU CEO Avi Naider confirmed the accusations, but added that the questionable practices were the work of its heretofore undisclosed search engine optimization (SEO) firm--which, he said, was promptly fired following the news." (Here's a link to Edelman's previous reports on WhenU's activities.)

stev_mccrev writes "Harvard Student Ben Edelman released this report documenting at least thirteen web sites operated by WhenU (the spyware company who recently sued Utah) that use cloaking to fool search engines into higher rankings. WhenU was dropped by Google and Yahoo! on May 12; on May 13, WhenU CEO Avi Naider confirmed the accusations, but added that the questionable practices were the work of its heretofore undisclosed search engine optimization (SEO) firm--which, he said, was promptly fired following the news." (Here's a link to Edelman's previous reports on WhenU's activities.)