Domain: doxdesk.com
Stories and comments across the archive that link to doxdesk.com.
Comments · 26
-
Re:Eh.. not really
-
Re:Psh, jQuery.
-
Re:if it's done well, and some are
I was pretty surprised about this too, but Microsoft gives the URL of an example page that does this (if you're using IE5.5 for Windows).
-
Peer Impact Caveat (Wurld Media)
Peer Impact was created by Wurld Media, the same company that was responsible for some of the third-party spyware in Morpheus.
-
MarketScore is included on the Black Hole DNS List
anti-spyware utility manufacturers are still thinking whether to include it on their list
If you use the blackhole dns list of spyware domains from bleedingsnort.com its already included based on this submission from doxdesk. Squid ACLs are a great way to stop these parasites and you don't have to wait for anti-spyware manufacturers to decide whether its spyware or not. Also ClamAV lets you create your own signatures so you can setup rules to detect anything you consider to be spyware. -
Re:Jupiter Research??
The spyware monger is Xupiter , not Jupiter Research.
k. -
Re:I got spyware from Firefox
Windows Media Player is also an infection vector for spyware, especially WMVs.
Or MSN, kazaa, edonkey/emule, outlook, etc..
But considering ISTbar is malware for IE, does it even affect Firefox at all? -
Re:I got spyware from Firefox
From here...
"ISTbar is an IE toolbar, homepage- and search-hijacker provided by Integrated Search Technologies/CDT Inc."
It was probably installed by an application that is using embedded IE (ie. an activex object). Why would someone target firefox only to install an IE only browser 'helper' -
One of the Good GuysBen Edelman is one of the good guys in the fight against cruft that installs on your computer without your knowledge. The work he does is both comprehensive and shocking.. if you haven't checked out his site do so now. Particularly, look at some of the videos and documentary evidence at what actually happens, despite the claims otherwise of the scumware publishers themseves.
There are a handful of other people I can think of who've done a similar amount of work. Merijin Bellekom, Patrick Kolla and Andrew Clover spring to mind, although there are others.
-
Re:The REALLY nasty malware...For the DLL's
For mucking around in the registry
And one last good all around resource
have fun and good luck.
-
Re:IE bugs and phishing
Here's more on that. This article outlines how the vulnerability can be used to spoof the entire screen, this making everything suspect.
They've even got a sample exploit for you IE users. An ActiveX dialog pops up and is made to appear innocuous through the exploit (drag the dialog box and you'll see). This one is harmless, but it gives you an idea of the danger.
-
I always recommend
using a web site http://www.doxdesk.com/parasite for spyware detection and removal instructions. Its pretty good!. Post some more links that may be useful
-
Re:Pictures.
Beware! WebShots may hose your TCP/IP stack (if it doesn't make backups -- it replaces it) and allows remote code execution! It also may be uninstallable.
WebShots installs the NewDotNet program...
The new.net software downloads and silently executes arbitrary code from its controlling server, as an update feature.
Stay the hell away from anything that includes NewDotNet. It's a HORRID little piece of software and at my former job 50% of the service calls were related to WebShots downloads (against policy, but *you* try to make Win95 usable and locked tight without DeepFreeze or similar products) and malfunctioning network stacks (in that case it seemed to hose Novell Netware Client pretty good, which made no sense, but hey, this *is* Win95 here). NewDotNet was, of course, the real reason why. Not to mention that it hogs resources even worse than Internet Explorer.
In other words, use it at your own risk! -
Re:More lies?A quick Google reveals this information on their practices. Executive summary:
- Installation: It's bundled with several programs. Based on general experience, I'd say it's probably buried somewhere in the EULA, but I don't know the specifics of how it's installed.
- Advertising: Displays pop-up ads, monitors keywords and displays advertising based on what you see and type. Also hijacks referrer links.
- Privacy: Sends back the term which triggered the ad and the ID of the affiliate software which installed WhenU when it displays an ad. However, there aren't any cookies set or any GUIDs.
Note: I'm not a lawyer; don't take this as legal advice.
-
Everyone ready to make a "1 in 20?" comment.. RTFA
Ah....for all of you who are going to continue jumping in with "1 in 20? more like 1 in 1..." without reading the article...
The "1 in 20" figure the researchers got was not from scanning the HDDs with Spybot/AdAware/etc....they sniffed for known packets from FOUR of the significantly more than four known malwares.
So, to be detected at all, the machines had to be running and the spyware loaded and actively broadcasting packets during the sampling period. Given this lack of an exhaustive check, the 1 in 20 figure doesn't surprise me. (We all know it is 1 in 1... :-) -
More fake programsI found a comment from this page very informative:
Rogue Anti-spyware Programs Part 3
Looks like this program isn't the only one.I mentioned some of these before, but this is a more inclusive list.
Spy Wiper
AdWare Remover Gold
BPS Spyware Remover
Online PC-Fix SpyFerret
SpyBan
SpyBlast
SpyGone
SpyHunter
SpyKiller
SpyKiller Pro
SpywareNuker
TZ Spyware-Adware Remover
xp-AntiSpy
SpyAssault
InternetAntiSpy
Virtual Bouncer
AdProtector
SpyFerret
SpyGone
SpyAssaultSources: Doxdesk.com: parasite, Tom Coyote Forums, Spywareinfo.com forums, safernetworking.org, home of Spybot Search & Destroy
-
Fortunately there are answers..Ad-Aware
Spybot Search & Destroy
SpywareBlaster
Spyware info..
SpywareInfo
Dox Desk
Favorite description:What are parasites?
Of course there's pop-up blocking..
'Parasite' is a shorthand term for "unsolicited commercial software" -- that is, a program that gets installed on your computer which you never asked for, and which does something you probably don't want it to, for someone else's profit. -
Fortunately there are answers..Ad-Aware
Spybot Search & Destroy
SpywareBlaster
Spyware info..
SpywareInfo
Dox Desk
Favorite description:What are parasites?
Of course there's pop-up blocking..
'Parasite' is a shorthand term for "unsolicited commercial software" -- that is, a program that gets installed on your computer which you never asked for, and which does something you probably don't want it to, for someone else's profit. -
I've seen the future....and it stinks. Last week there was a massive "joe job" attack on Doxdesk.com, a site detailing browser parasites, porn diallers and other nasty plugins. The aim of the joe job was to generate fake spam supposedly advertising the site so it would get shut down.
The spam was being generated from multiple locations simultaneously, and from IP addresses that looked like standard ISP subscribers, mostly in the US and Western Europe. It looks suspiciously like the spam was being sent from Trojanised PCs.
Bearing in mind that the people most likely to want to force Doxdesk.com off the web were browser parasite writers, it seems to me that there is a definite link now between these parasites, certain viruses/trojans/worms and spammers. Just another bit of proof that these people have no respect for the law.
-
More information and removal instructions...
...can be had here: http://www.doxdesk.com/parasite/Xupiter.html
-
Re:PC World desperately needs this
Antivirus software just cannot detect it.
That's because you gave permission to install it via some sneaky click-wrap license. You know, those ones you never read? AV companies have the technology, but they would probably get their pants sued off if they called another company's product malicious when it was merely annoying or nosy--and when the user supposedly consented to it being there.
The wintel world (win9x) needs something that can get Gator and friends out the door.
There are plenty of them already, like Pest Patrol, Spybot S&D, and Ad Aware.
There's a lot of good information on spyware at Doxdesk and Spyware Info.
-
Re:Funny points of their EULA
-
Help for webmasters
This site has some info and javascript code to detect spyware and warn users browsing your website that they have spyware on their systems. This might help if you are trying to get affiliate links from your site.
-
Re:Hello? Symantec? Anyone home? ...
Well, not a virus, but I'd certainly call it a trojan. So did Trend and McAfee when they came across the 'dlder' spyware that crept into many P2P apps last year, since it wasn't mentioned in the licence agreement, and some of the apps' companies claimed to have been unaware of it.
In the end, they backed down. McAfee still detects it, but only if you ask it to look for 'other programs' as well as viruses/trojans. There are a few other parasites in this category. But mostly, it's a case of "if it isn't used by 'hackers', it's not a proper trojan".
Luckily, there are others working on anti-spyware software. Ad-Aware and Spybot S&D are the most popular. more info + online check...
-
Re:here's why
I know this is OT but do you have any info on exactly what kind of security hole gator poses?
Like most spyware, it has a feature whereby it can update itself without confirmation or warning. This can be used by whoever owns the server the software connects to to run any arbitrary code on the machine in question.
This is the mechanism Brilliant will be using (it hasn't happened yet) to install their distributed computing network client on machines that previously only had their crappy "rich media" advertising software on.
Most spyware also does not have any kind of code-signing mechanism for downloaded updates, so any enterprising hacker who r00ts the spyware company's server, or persuades Verisign to hand over the DNS, or uses something like DNS poisoning, can install anything they like on the X-million boxen with that company's client on - great for DDOSing, eh?
(Brilliant's client does have checks so is not vulnerable this way. I have not investigated Gator enough to tell in that case.)
Oh, and also, if your boss is surfing an intranet with Gator, it may be leaking information in visited URLs you might not want the outside world to see.
I can't work out why some people get so attached to Gator. All modern browsers have form-filling features built-in, so the only advantage of having an application to do it is that the app can offer multiple accounts - something which you should be using Windows's built-in accounts for, especially in a corporate environment.
BTW, if you're using IE with scripting and ActiveX on, just visit this page for an instant spyware-check. It doesn't catch everything (you can't from a web page alone), but it's a good start.
-
FREE way to find and remove this stuffThere are lots of software programs like Ad-Aware that will clean these up for you, but my goal is to have LESS software on my PC, not MORE.
I found an nice free website that will run a JavaScript in your browser that detects various kinds of spyware and directs you to instructions on how to remove it. He also offers the source up for free so webmasters can help combat this scourge by hosting the script on their own pages. (That way all your site visitors will be warned about they spyware as they visit your site). It doesn't seem to detect this one though.
I dug this up when I discovered a few months back that AudioGalaxy had secretly installed a similar application called VX2 on my PC. The odd thing was that Audio Galaxy wanted to install BonziBuddy too, but it let me choose. But no choice with this other one. Fortunately it was easy to remove and AG runs fine without it.