Domain: vitalsecurity.org
Stories and comments across the archive that link to vitalsecurity.org.
Stories · 14
-
Security Researcher Chases Virus Maker Off the Net
An anonymous reader writes "There is a great writeup over on CNET covering the pursuit of a virus writer who created a fake Grand Theft Auto game, crippling PCs by causing them to endlessly reboot. Despite the police apparently not being very interested, a security researcher pursued his man anyway, culminating in a teary eyed 'I'm leaving the internet' post from the virus writer himself. Awesome stuff, and one in the eye for the bad guys (for once)." -
Security Researcher Chases Virus Maker Off the Net
An anonymous reader writes "There is a great writeup over on CNET covering the pursuit of a virus writer who created a fake Grand Theft Auto game, crippling PCs by causing them to endlessly reboot. Despite the police apparently not being very interested, a security researcher pursued his man anyway, culminating in a teary eyed 'I'm leaving the internet' post from the virus writer himself. Awesome stuff, and one in the eye for the bad guys (for once)." -
FTC Fines Zango $3 Million
An anonymous reader writes "Wired is reporting that government regulators have fined rogue adware distributor Zango (formerly 180Solutions) $3 million. This is 'following charges that the company deceived internet users into installing its pop-up software and tried to prevent them from uninstalling it.' ZDNet mentions that 'Zango's executives pointed a finger elsewhere, claiming that the federal violations were due to third-party distributors rather than the software manufacturer itself.' Security researchers are still happily finding examples of Zango software being popped open in rogue distributions such as IM worms. Ben Edelman is claiming to have more evidence of their dubious business practices, casting into question their claims of newfound affiliate responsibility." -
Zango Under Fire From Adult Webmasters
An anonymous reader writes, "Over the past few days, adult webmasters have been accusing adware maker Zango of 'stealing sales' by means of the following method: Computer users with Zango's adware on board will pop open a window containing the affiliate merchant's site they happen to be on at the time, except with Zango's own affiliate code in the window. By doing this, Zango claims credit for the sale and the original, rule-following merchant, the one who referred the user there, loses out. Despite this practice having been around since at least 2004, it seems the adult webmasters are only just realizing this takes place — surprising, considering how deeply connected the worlds of adware and porn are. It seems pornographers pushing adware is acceptable only as long as they aren't the ones getting burnt. Part of me doesn't care, and part of me hopes they carry the financial clout to force Zango to change their current practices." -
Microsoft Gives MVP Award to Adware Pusher
An anonymous reader writes "Ed Bott reports that Microsoft has given an MVP (Most Valuable Professional Award) to an individual known for peddling Adware via his Messenger Plus program." From the article: "So how did a guy whose primary business involves installing adware become an MVP? That's what Christopher Boyd, a Microsoft Security MVP better known as Paperghost wants to know. Boyd isn't the only MVP who has a history with Patchou. Sandi Hardmeier, a current MVP in the Internet Explorer category who specializes in the fight against malware, has written three long, angry pages about the messy adware that 'sponsors' Patchou's product." -
IE Used To Launch Yahoo IM Clickfraud
An anonymous reader writes, "There's a new Instant Messaging worm in the wild that is taking the idea of Botnet clickfraud up a level. It trades in automated drones (prone to malfunction and detection) for real live people who (of course) have the option of not actually clicking anything, thus theoretically making their clicks harder to identify as 'fraudulent.' This IM attack doesn't even need a victim to physically run anything to become infected — simply visiting a certain site in Internet Explorer will cause the files to download and start sending infection messages. At this point, their homepage is changed to a site using Mesothelioma (a rare form of cancer) to ring up high-paying results on the perpetrators' Google ads. As the researcher who discovered the infection notes, 'It's way, way harder to trace some random boob who has a ton of (partially) unconnected people shunting IM links all over the place. Try staying anonymous as a Botnet owner who just had the entire details of his server splattered across the net by Shadowserver. What will be interesting to see is if some of the smaller Botnet guys ditch their technical woes and jump on the much-easier-to-maintain IM bandwagon to get their clickfraud kicks.'" -
Adware Spreads Through Myspace
Sandbagger writes "Here's an interesting problem for MySpace — groups of websites that entice MySpace users into placing videos onto their profile pages (under the guise of 'free content'), without disclosing a key piece of information that might make them think twice. When someone visits one of these profiles carrying the video, a DRM acquisition box pops up and attempts to install Zango adware. In all likelihood, the profile owners don't even know these videos are doing this to their visitors. The end result is an Adware affiliate effectively removing himself from the distribution chain and letting kids promote these videos instead, in a strange example of viral marketing gone wrong." -
An Interview with 180 Solutions
Paperghost writes "Here's a great interview between Jimmy Daniels and an anonymous ex-employee of 180 Solutions, who portrays the company as being somewhere between turmoil and meltdown. There's so many notable quotables it's scary, but here's one that really sets the tone: 'Shutting down these rogue distributors turned out to be a lot more difficult than they expected though. When you lose them, your daily installs go down drastically and the revenue goes to hell. The layoff in September could be laid directly at the feet of this effort.'" -
Zone Alarm Vs 180 Solutions: Zango hooks?
Sub-Seven writes "Found at Vitalsecurity.org, they detail how a Microsoft MVP pulled the Zango file to pieces, and discovered some interesting facts about exactly what a "simple" fun and games application does to a machine that its running on. Hooking into Windows OneCare and Microsoft Antispyware? What's that all about? " -
IE Vulnerable to Cross-Browser Spyware Attack
An anonymous reader writes "The Register reports that Firefox can be used to infect IE on Windows. By visiting a malicious site with Firefox, a user can infect their install of Internet Explorer. Other alternative browers may expose the same vulnerability. The article quotes the CTO of ScanSafe as saying that '[j]ust switching away from IE does not give adequate projection. Now that Firefox and other alternative browsers have a toehold in the market the hacking community will get busy exploiting the vulnerabilities that exist in any complex browser.'" VitalSecurity's report points out that this vulnerability can (only) affect Windows users who use Sun's Java Runtime Environment. -
Invisible Malware Install 65MB Large
Paperghost writes "Words fail me with this one - don't have the .NET framework on your PC to utilise the adware maker's technology? No problem, they'll download it for you without you knowing. The problem is that it's a sixty-five megabyte install." From the article: "...the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size. But I'm actually understating the amount of space used when installed, as .NET can total up to 100MB." -
Invisible Malware Install 65MB Large
Paperghost writes "Words fail me with this one - don't have the .NET framework on your PC to utilise the adware maker's technology? No problem, they'll download it for you without you knowing. The problem is that it's a sixty-five megabyte install." From the article: "...the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size. But I'm actually understating the amount of space used when installed, as .NET can total up to 100MB." -
Will Zango Ever Clean Up Their Affiliates?
An anonymous reader writes "Since the FTC fined Zango $3 Million dollars for deceptive installs, security researchers have made a seemingly endless amount of finds with regards dubious Zango affiliates and business practices. Hot on the heels of the fake Youtube videos discovered by Websense earlier in the week comes another foray into Myspace for Zango, via a program of (extremely) limited functionality being spammed across Myspace profiles with the overall aim of people downloading Zango Adware. The program's EULA is also highly suspect, giving the company behind the program the right to spam messages to whoever they want, whenever they want, install Adware whenever they choose and lay the blame of these spam messages entirely at the feet of the end user should the service being used to spam complain about it. In the face of mounting evidence, when will Zango actually hold their hands up and admit their affiliate program is actually still as poor as it ever was?" -
Will Zango Ever Clean Up Their Affiliates?
An anonymous reader writes "Since the FTC fined Zango $3 Million dollars for deceptive installs, security researchers have made a seemingly endless amount of finds with regards dubious Zango affiliates and business practices. Hot on the heels of the fake Youtube videos discovered by Websense earlier in the week comes another foray into Myspace for Zango, via a program of (extremely) limited functionality being spammed across Myspace profiles with the overall aim of people downloading Zango Adware. The program's EULA is also highly suspect, giving the company behind the program the right to spam messages to whoever they want, whenever they want, install Adware whenever they choose and lay the blame of these spam messages entirely at the feet of the end user should the service being used to spam complain about it. In the face of mounting evidence, when will Zango actually hold their hands up and admit their affiliate program is actually still as poor as it ever was?"