Slashdot Mirror

Something sure does seem fishy about this whole arrangement, so I can understand why bloggers have been going apeshit (though the developers seem OK with it). Historically, this was a tactic of commercial malware, and overwriting third-party affiliate IDs with your own - in the browser or any other HTTP stream - was a good way to get your product removed by antispyware applications. (Now, get off my lawn!)

"3. UNIX environment - Jurassic Park (1993). The UNIX environment here is a classic geek joke. Everything we saw was real - created by Silicon Graphics and called IRIX. InGen was the corporation funding the island, and from an IT perspective they let the worst possible thing happen: they allowed one programmer to design the infrastructure with no supervision. What's worse, they obviously required no documentation of what was done. The result was a kid had to hack in and gain ROOT privileges. The likelihood of a young kid knowing a way to get ROOT (and not a more experienced programmer) is pretty hard to swallow. The hardware for this server was probably minimal, running door locks and starting Quicktime movies. 'We spared no expense!' You would think that with the millions of dollars they spent on the park, they could have hired a couple newbie programmers and added a server on the backend."

"3. UNIX environment - Jurassic Park (1993). The UNIX environment here is a classic geek joke. Everything we saw was real - created by Silicon Graphics and called IRIX. InGen was the corporation funding the island, and from an IT perspective they let the worst possible thing happen: they allowed one programmer to design the infrastructure with no supervision. What's worse, they obviously required no documentation of what was done. The result was a kid had to hack in and gain ROOT privileges. The likelihood of a young kid knowing a way to get ROOT (and not a more experienced programmer) is pretty hard to swallow. The hardware for this server was probably minimal, running door locks and starting Quicktime movies. 'We spared no expense!' You would think that with the millions of dollars they spent on the park, they could have hired a couple newbie programmers and added a server on the backend."

There's another AIM worm "on the loose" this morning:

http://blog.spywareguide.com/2006/09/aim_pipeline_ worm_uses_modular.html

Please don't click on IM links, even if they appear to come from your friends unless you know for certain that you're not talking to an automated process.

In this particular instance, you might get a message like "hey is it alright to put this picture of you up on my egallery album?" Clicking could induce a continuing "cycle of infections" that would be unseemly given our upcoming Sarbox audit.

Thanks!

True. Which is why you need to (a) execute common sense and (b) have a good virus scanner.

The same applies to a virus scanner. The lastest virus disables it as well as the Windows 'firewall. How does the users common sense detect when a URL links to a malicious script or if an attachment is unsafe.

You're not too far from the truth, actually. A direct quote from the article:

In fact, the browser just seems to be a "shell" for Internet Explorer, because mistype a domain and you get the following IE-based error page: this page

This page:
http://www.spywareguide.com/creator_show.php?id=97
Will give you the details on this company. Zoomable map, sattelite images. Even integrates with Google driving instructions. :)

One Person's Spyware is another person's Adware

"A group in the middle east who previously infected PCs with a rootkit via IM, apparently installed BitTorrent without user permission on infected machines, then started piping movies to the end users."
http://digg.com/security/BitTorrent_installed_with out_permission%2C_downloads_movie_files

more links:
http://www.vitalsecurity.org/2005/12/bittorrent-re loaded-unauthorised.html
http://www.spywareguide.com/articles/the_bittorren t_auto_installs_98.html
http://www.techdirt.com/articles/20051220/2013214_ F.shtml

Have you ever run Linux? Or OSX? While running these operating systems, have you ever received any spyware? If so, please list the name of the said spyware program, along with a link to an information resource about said spyware. If you can't find one, I'd be glad to list information resources that contain such information for Windows:

Spyware Guide
Spyware Encyclopedia
Spyware Database

Each of these contains thousands of listed spyware programs for Windows. Considering Linux and OSX are the next most popular OSes after Windows, why wouldn't hackers be motivated to write spyware or viruses? The source code is open source, after all.

searching arroung I was able to find
http://www.benedelman.org/spyware/180-affiliates/, and http://www.spywareguide.com/product_show.php?id=50 7

Isn't this the same Wurld that does adware? I remove a lot of spyware from people's machines, I know I've seen Wurldmedia being removed before.

Uh... a purple talking monkey... well, on OS X Speech Commands are built in natively. Under System Preferences. You can control most of what the computer does this way. It isn't speech to text but it IS "Open Safari" "Open Google" "Switch to Finder" and fun stuff like that. http://www.spywareguide.com/product_show.php?id=59 9[CoolWebSearch] You will be glad that isn't on a Mac. Gator is also malware. You'll be glad that it isn't on a Mac. Bagle and Netsky are also bastardly little things. Score another point for the Mac. You can get a lot of good free software for the Mac at versiontracker.com or Apple's website under the OS X tab. If you want to switch, email me at this username (mechcozmo) at gmail DOT com.

There's some info at the spyware guide. Firefox didn't display the prompt, so I'm guessing it's yet another IE-specific bit of malware.

For mucking around in the registry

And one last good all around resource

have fun and good luck.

OK, I'll bite: Why is Viewpoint Media Player, which ships from Microsoft with Windows, considered spyware?
Googling found this: http://www.spywareguide.com/product_show.php?id=88 0
When it delivers a 3D ad, it phones home with the details of whether you responded. But how many sites use their content?

Good point...

The toolbar being installed was the http://www.dotcomtoolbar.com/

The toolbars install was launched from a page counter. The toolbar is well known spyware... http://www.spywareguide.com/product_show.php?id=62 8 and http://securityresponse.symantec.com/avcenter/venc /data/spyware.dotcomtoolbar.html

This is the company that made the "free" page counter http://www.realtracker.com/

Here's a quote from their website http://business.realtracker.com/index.asp?reseller =RTUS

RealTracker specialises in analysing visitors, but our innovative software goes further. We offer high-quality information, such as a detailed description of surfing behaviour, browser and computer settings, geographic information, origin and the key words used for search engines. 1.001.271 companies already use our marketing tools worldwide.

So they give away a "free" toolbar and then sell your web surfing information and put pop-ups, desktop links, and banners on your computer. The links installed on my desktop had plenty of porn links mixed in as well. This appears to be their entire business model.

Here's a snippet from an "article" by the founder http://www.theezine.net/articles/44/RealTracker-On -USA-Market.html

RealTracker recoups expenses by placing mini-banners on users homepages. The revenue generated is split between the service provider and RealTracker. It is an innovative business model.

They are based out of Amsterdam. Have at them! :)

It appears that their privacy policy is a load of crap, stating that URLs are not transmitted. A new version of the internet, perhaps?
Anyway, this calls into question the reliability of the entire policy, and besides - whilst submitting requests to adservers, you're automatically given tracker cookies.
They're blockable in the long run, but in the end it's cat and mouse, so it's evil enough for me.

iPod, iStereo and other stuff: I don't know, nor do I particularly care why Apple is made an iPod division :), however I liked the idea presented for an indash iDevice that an iPod could just plug into. I think it would behoove Apple to partner with/make deals with some of the larger and popular car stereo mfr's to make this a reality. I would love to see a deck for my car that I could slide an iPod into, as long as I could also use regular CD's seeing as how I don't presently have an iPod, but that would in some twisted way justify my purchasing one :)..or alternately, i could buy an iPod and if the car deck existed, I could then make a justification to purchase that...heh heh heh

Other crap you may or may not be interested in: One of the things that I am extremely sick of reading here on slashdot is the constant Mac and Windows bashing comments. Sometimes they are humorous, but more often than not they are just annoying.

Presently my work consists of repairing customers Windows machines on a daily basis (hardware and software), repairing customers Macs occasionally, assisting our System Administrator in the administration of our Linux (RH and Slackware), netBSD, and FreeBSD servers, and a myriad of any other things that may present themselves as needing to be done at my job. I am seriously a I.T. Jack of all trades there...and they pay is in my area, pretty good, but abysmal compared to my last job..*sigh*

With that said, I can say that there are a lot of things that I despise about Windows machines, the consistant need to run Spyware removal tools (Spybot S&D, Spysweeper, Ad-Aware, etc.), manually editing registry entries, and all the typical Windows things that have to be dealt with. At the same time however, My windows box at work is fine for what I mostly use it for, email and word processing. It is acceptable (at best) for Photoshop.

My Mac on the other hand, is great for programming, testing perl, c and other things that I may be putting onto our webservers right out of the box with OS X (Panther) installed. It is outstanding for Photoshop, editing video, audio and other tasks that the Mac has traditionally been good at. I would never dream of playing games on it though, because that would require me to use VPC for the games I want to play and that would be too slow :)

Our un*x boxen are just that. Our production servers. They work, and until we replace them with the XServes we are hoping to get, I have no complaints about them. They just do their job, but I wouldn't want them as desktops to do my normal work on either.

Every machine I use has its purpose, and I aquired each one for the purpose I felt it was best suited to. In my personal collection of machines, the majority of them are Macs, I use them simply because they work, I don't come home and worry about things like the Sasser Worm and it's variants and all the associatedSpyware that I would likely encounter were I running Windows at home.

It is a personal choice, based on my needs. I know that I could run some

Actually, I just went back through my history file to find the culprit site, and here it is:

http://www.musicsonglyrics.com/

This site calls a JavaScript from searchbarcash.co (here's the javascript source that installs it) which in turn attempts to install an XPI from flingstone.com. Both of the aboved domains are aliases for blazefind.com-- a known spyware provider whose parent company is also responsible for XXXToolbar.

Oh, and just for safety's sake, I'll add the requisite warning: don't click on the links without taking appropriate precautions...

you probably know it more as savenow. a nasty varient of spyware. if you do a ctrl-alt-del and you see savenow in your process list, then you got it.

this site tells you what it does

spybot and ad-aware both remove it if you got it on your PC

click here for spybotSD
For Ad-Aware.

Ah....for all of you who are going to continue jumping in with "1 in 20? more like 1 in 1..." without reading the article...

The "1 in 20" figure the researchers got was not from scanning the HDDs with Spybot/AdAware/etc....they sniffed for known packets from FOUR of the significantly more than four known malwares.

So, to be detected at all, the machines had to be running and the spyware loaded and actively broadcasting packets during the sampling period. Given this lack of an exhaustive check, the 1 in 20 figure doesn't surprise me. (We all know it is 1 in 1... :-)

• iGetNet
• Bonzi Buddy
• Lycos Sidesearch

• iGetNet
• Bonzi Buddy
• Lycos Sidesearch