Slashdot Mirror
Spyware in Audio Galaxy
LintMan and a zillion other people wrote in about the story on Portal of Evil discussing spyware bundled with Audio Galaxy that seems to be even more nasty than usual. Others have written about it as well - there's Counterexploitation and Wired stories. Frankly, we're kind of bored by all these spyware/shareware stories (don't people learn?) so we let it sit around in the submissions bin for a few days, until, say, a slow Saturday night.
Does AudioGalaxy's EULA have anything interesting to say about this? Like the license in Windows Media Player that says Microsoft has the right to erase your hard drive if they want?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
It isn't really a surprise to me about the spyware in Audio Galaxy, I've heard people talk about how it should be classified as a trojan rather than a piece of software. MusicCity's Morpheus is by far the best spyware free program, but unfortunately there is no linux version. The best part is that it runs on the same network as Kazaa, without the spyware (which doesn't matter since Kazaa has halted downloads of their software anyway). You can find any file you want on it, and I think it is even better than Audio Galaxy.
The future isn't what it used to be.
Hopefully Ad Aware (http://www.lsfileserv.com/index.html) will include it in their list soon, but until then it is an easy remove (http://www.vx2.cc/uninstall.html)
The VX2 software is a single program file in the system directory called VX2.dll.
To remove VX2:
1) From the Control Panel select ADD/REMOVE programs. Select "VX2 RespondMiter" and "Remove".
If VX2 RespondMiter is not present:
2) Close all internet explorer browsers.
3) Search your "C" drive for VX2.dll
4) Delete VX2.dll
If the system does not permit the file to be deleted proceed as follows.
5) Select "Start" and then "Run" and type "regedit"
6) Find the and delete the entry named "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662}".
7) delete the {00000000-5eb9-11d5-9d45-009027c14662}entry.
8) Reboot computer.
9) Search your "C" drive for VX2.dll
10) Delete VX2.dll
It seems to just plug itself in IE, so as usualy Netscapers are pretty safe from this one....for now.
Cave, wreck, and deep diver.
... that if J. Random Hax0r writes and distributes a piece of software that collects information clandestinely from computers on which it's installed, he gets his door kicked down and everything with a byte of RAM or potential for magnetic storage confiscated, his life ruined, and possibly sent to prison
but
when a barely legitimate distributor of file sharing apps produces a "product" with these same attributes, there doesn't seem to be a great presence of Federal law enforcement at its place of business?
Another proud carrier of the $rtbl flag
This story is not very timely, as the entire issue has been resolved for at least a week now. Audiogalaxy did include the VX2 spyware in their application, was thoroughly lambasted for it, and finally gave in to user complaints and removed it. The current version of audiogalaxy available on their website has no spyware in it (or at least no VX2 spyware, and no mandatory-install spyware; it might still include Gator or something as an optional install, I haven't checked).
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
OK,
- B
http://www.bradheintz.com/
- updated
Agreed, this is a huge advantage that the linux desktop has that no one seems to mention. In Linux, apps don't generally take over my mime types, install spyware, or my personal favorite, insist on putting "neatpp" in C:\progra~1\company name\neatapp\neatapp.exe.
....
Sometimes I sit there and tell myself, "Good thing your company puts all its products in a folder named after your company, that way I can easily manage the multitude of apps that you guys provide." After a while, my Program files looks like a freaking billboard
I HATE software that does this. Especially when 90% of windows applications believe that they deserve and absolutely must have an icon in the system tray. Even better is when they don't put the icon in the startup folder, so you have to go Registry hunting. Anything by Real does this. "By closing MemoryLeakLauncher Plus, you could lose some of the great features of the Real Player." Fuck off and die Real.
The Linux desktop may not have some of the "great applications" that you see in windows, but I have yet to see a linux app that maximizes its install, hiding my taskbar with that dumb blue screen, and insisting on stealing focus. This is the desktop that people think we should emulate? No thanks.
Good thing my Windows bozen have ad-aware.
A system based on software libre (free speech software), on the other hand, is much less likely to have spyware. First of all, since there are "more eyeballs" looking at the source code, people who make libre software are less likely to add features to the software which the end user may not like. Second of all, the mindset behind making libre software is different than the mindset behind gratis software; there is more desire to give people features they want and less desire to make software which has undesirable features to increase one's bottom line.
While I do feel that propritary software works better than libre software for many things, such as video games, I am glad that I have a system that is over 90% libre software; this minimizes the chances that there is undesirable spyware on my system.
This may be why the editors are reluctant to post spyware stories; people using software libre instead of proprietary software do not need to worry about this kind of thing.
- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
I prefer Open Source because of this sort of trojan/spyware apps on closed source. I admit I don't examine every line of the source code before I compile it but I tend to trust it more just because everything is out in the open. I'm sure there has been cases where even open source app had some questionable hidden code but I bet it's exposed fairly quickly. I just think it's one more positive aspect of Open Source.
This is interesting.... For a site dedicated to "news for nerds" and" stuff that matters" they hold a story back untill a slow newsday(night) to post it. Now as a Windows/linux/Beos user the Windows third of me wants to know when some program is installing what amounts to a data harvester on my machine, whether or not a story which followes the same path as this one has already been posted, I still would like to know what new programs are out there taking my info.
perhaps Slashdot should put up a bi-weekly "security update" in order to address these issues which do not warrent a full post.
Scott Cassaday
Agreed, this is a huge advantage that the linux desktop has that no one seems to mention.
...No one gives a shit about linux on the desktop.
If linux on the desktop held as many users as say, Windows, I can guarantee there would be just as many spyware and generally rude apps.
The only thing linux is relatively immune from (assuming you're not a dumbass that always runs as root) is viruses.
Linux is just as vulnerable to spies and trojans, it's just there are so few desktop linux users that it's not even worth it for someone to write them.
You're only immune because no one has targeted you.
C-X C-S
spyware/shareware
Spyware has nothing to do with shareware. You may not like the shareware business model but please do not associate it with spyware. Spyware can be distributed under all business models. Yes. Spyware could even be distributed as Open Source on a mass-market Linux distro since many users never recompile. If Linux is ever mass-marketed on the desktop by AOL, I expect to see such things happen. It will work because most users don't read security journals and won't bother to recompile.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
If you're unfortunate enough to be running Windows. You will need to protect yourself.
Lavasoft is helping you wage your war against the marketing droids. Support them! Let them, and the rest of the world, know that you won't stand for these kinds of privacy intrusions.
Support lavasoft in their mission, buy their stuff!!
[Disclaimer: I do not work for them, I just like my rights granted by being human.]
This thing was really nasty with how much it spies on a user's everyday activities, and I was surprised that slashdot didn't report it sooner. There's the word of a very dubious company's word that they'll purge any bank account numbers that they accidently collect from keylogging your online forms to get them before you submit over an SSL connection, but they might as well be storing and mining all of the email you write to people.
Spyware aside, shouldn't it be illegal to infect^H^H^H^H^H^H install software on someone's computer without their knowledge? My computer is MY private property, and sneaking little programs onto it is tantamount to trespassing.
I mean, would anyone put up with someone putting little "Buy Hood(tm) milk" ads in their refrigerator all the time? Or how about little spycams hidden away on your bookshelf? This case isn't much different.
[PowerPoint] is a tool for capitalist presentation
Looking up "Maurice O'Bannon" in Google, we find that name associated with a major Internet fraud case in Nevada and California involving $37 million of phony credit card charges which resulted in jail time for some of the participants.
Uh oh. Spyware from people involved with credit card fraud is big trouble. This needs to be followed up with law enforcement.
The whiny bitching about when will people learn is ludicrous. Wah wah Windows users ought to use Linux because it is a million times more better than everything. Fuck that. Alot of these shareware/spyware schemes are complete asshole tactics and could affect Linux users too if anyone gave a shit about them.
I recently rant into a nice little spyware program called winad (wnad.exe) which somehow ended up on the machine (nothing has been installed on the system in eight months) and would hook into IE and launch pop under windows at random when IE was sitting idle viewing a web page. My only guess is some ActiveX program loaded it onto the system from a website somewhere. This program disturbed me a bit because it got onto the system and though didn't do any damage it had the potential to. For elitist Linux users who think they're hot shit, the same thing can be done (though limited to a user's access privileges). It would annoy the piss out of alot of people to have $HOME rm -rf'ed. The whole invasion of privacy in the name of advertising crap is a blow to the whole freedom to roam thing the web is all about. Thinking you're a badass because you can compile a kernel doesn't mean you're somehow better than somebody else who doesn't compile their kernel. It gets real old real fast.
I'm a loner Dottie, a Rebel.
Well according to the Wired story given above, AudioGalaxy stopped including it due to unpaid bills of Onflow Corporation, who were including it in their third party add-in to AG Satellite. It wasn't removed because of any complaints, although perhaps there wasn't much opportunity to react to complaints anyway.
If this is true then I guess it could mean that AudioGalaxy didn't know what they were including at the time, which I don't personally think is an acceptable excuse but it might explain why the installation opt-out screen allowed opting out of other third party spyware but didn't even mention this one.
Luckily the story's not completely past its use-by date, since there are lots of people out there who still have vx2.dll installed. I found it on my windows partition the other day when I saw the story on k5.
I got much more info back than him. Just have to use the correct whois server.
Registrant:
vx2 (VX52-DOM)
po box 27103
Las Vegas, NV 89126
US
Domain Name: VX2.CC
Administrative Contact, Technical Contact, Billing Contact:
vx2 (D25000-OR) vx2org@hotmail.com
vx2
po box 27103
Las Vegas, NV 89126
US
212 255 1008 fax: 123 123 1234
Record last updated on 05-Oct-2001.
Record expires on 31-Jul-2003.
Record created on 31-Jul-2001.
Database last updated on 26-Jan-2002 12:04:00 EST.
Domain servers in listed order:
NS1.VX2.CC207.246.124.6
NS2.VX2.CC207.246.124.7
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
And this time, it isn't "Let's get him!"
Okay, I was just chatting with my teenage cousin on Kazaa, and that got me thinking. Her father is a lawyer (a defense attorney). She doesn't have Audio Galaxy, but I bet some lawyer, somewhere, has a kid who installed Audio Galaxy on their home machine; and I bet they sent work related web-based E-mail.
If I'm right and if this person can be found, surely you can subpoena Mindset to get logs of what they did with the information. IANAL myself, could you do anything else to them? The guy at www.cexx.org evidently spraypainted Blackstone's entire server pink - is that evidence that your legal communications could have been compromised? Is this stuff that cexx found utterly inadmissable?
Failing that, there are lawyers here. Set up a scheme to make Mindset/whoever they actually are defend themselves in court - if 100,000+ people really installed this software, they have to have something they're not remotely supposed to have.
Anyway - read the last bottom of the cexx story - it has the missing pieces of the story on HellPortal.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
We know nothing about VX2," Merhej said. The VX2 program file (called vx2.dll) was part of an advertising graphics enhancer made by the Onflow Corporation, he said. Audio Galaxy offered the Onflow program as part of its software package from Oct. 1 through Nov. 4, 2001, Merhej said. The partnership was cancelled due to unpaid bills.
Onflow is the worst company I have ever dealt with.
Our company (which shall remain nameless) used onflow technologies in our product for about 2 years. They paid us for the first few months of operation, but when they owed us a total of about $30,000, we received a letter claiming they had lost overseas investments, and they couldn't pay us.
Funny enough, it look like they are still in business.......
What controls 90% of the desktop market?
I don't mean what do you think should control 90% of the market but what actually controls it? Like it or not Windows is out there. The average Windows user doesn't understand what is running on their machine.
Also, following the purchase of a MS product (!!!), it is far easier to develop for Windows than other platforms like Linux and Beos. If you disagree then build a full Visual Basic program from scratch on Windows and the same program on Beos/Linux etc... If you think it's easier on other platforms then you have never built a reliable and properly bugtested program using VB. I'm not trolling - it's very much the truth - Microsoft have done some great things with their API and in my opinion its very very sharp HOWEVER I am not ofcourse dismissing the shortcomings that are inherent in an MS operating system.
MS have very useful features available for Spyware programs. Every part of the PC, be it data, configuration or otherwise is easily accessable (which would be forbidden in the case Linux's more stringent - and more mature - permissions system - this is a GOOD thing!!).
You have to think like a competitor - if you aim to target the majority of your user base who are you going to develop your spyware for? Linux users? Beos? MacOS? Be realisitic. You are trying to MAKE money. I'm not saying that money can't be made out of the others but Windows HAS a large established user base - which ofcourse is why they are scared of any alternatives. If you are a major contender in the OS business then sure - Linux support is important - but if you are a services provider etc.. where is YOUR market?
This is some food for thought - think about why Windows has more spyware... think about operating as a true commercial entity. Again - I'm not trolling - I'm being realisitic. If I direct my company to make software for large distribution my choices are clear and simple - PostgreSQL/MySQL Linux backend OR comparable other product/OS and VB Client frontend - there is no way my frontend at this moment will be written in anything else (except maybe Java - but that depends on the user base).
User base is virtually EVERYTHING if you are trying to EAT.
A Las Vegas address with a Manhattan phone number? Weird...
There is a reference to joshua@abram.com on the ;-)
"contact" page at vx2.cc. This is the whois
from vx2.org. coincidence? I think not.
go get him
Registrant:
Abram, Joshua (VX54-DOM)
444 east 57th street
New York, NY 10022
US
Domain Name: VX2.ORG
Administrative Contact, Billing Contact:
Abram, Joshua (FSQYHRRZLI) joshua@abram.com
444 east 57th street
New York, NY 10022
US
212 255 1008
What f*ing box!?!?
Spyware that transmits anything you put into a form (web-based e-mail, credit card information, address information) back to its parent company, as well as the usual tricks of recording every webpage you visit and adding banner ads to webpages you visit bores you?
I would've thought that a program attached to a major P2P program that records your credit card data and sends it to a shady company that no one knows anything about would be sort of important. If it were a group of self-described crackers that did this, it would probably be really big news. But because it's a corporation, just like all the others, it gets passed over?
Every small Microsoft security hole that no one has even exploited yet is big news, but corporations stealing credit card numbers and reading every bit of a person's e-mail apparently does not mean much. It wasn't even mentioned in the /. blurb.
Having worked at Audiogalaxy this past summer, I can assure you its not the case that they meant to bundle this, it had to have happened by accident.
Its bundling goes against their views of making all bundled software opt-in, meaning the user must check a little box to opt-in otherwise the default setting is to not install bundled stuff.
After reading the wired article, I think its pretty understandable how this slipped past the guys at Audiogalaxy. The spyware mentioned is just one little file vx2.dll. Since it came with onflows advertising software, To the guys at AG it must of looked like it was a dll that onflow dynamically linked their code to. It just goes to show you how sneaky companies like vx2 are. I bet spyware companys just try and sumberse themselves further like the parasite they are, and just go tag their BS onto legit dll's.
Knowing how the folks at AG are they'll be taking a fine comb thorough their bundleware to maintain that opt-in philosophy.
So how is that relevant? If I drive my car into someone and kill them, but I was asleep at the wheel, does that mean that I am therefor innocent of any wrongdoing? Nope.
After reading the wired article, I think its pretty understandable how this slipped past the guys at Audiogalaxy.
I say judge them by their deeds not thier intensions - Audiogalaxy is in the business of distibuting software. How the crap can they not know what they are distributing? And if that is truly the case, it is thier problem.
My Karma: ran over your Dogma
StrawberryFrog
It's not so much the fraud possibility that concerns me, since I think it's at least reasonable to assume that most companies won't go out of their way to break the law so obviously.
I'm more worried about the fact that they might be storing it at all. Whenever another company stores personal information about me, it means that I'm required to trust someone else to look after it properly. For every other entity who has personal information about someone, there's another entity that it can be stolen from.
VX2 has been trying hard to go unnoticed but even if they hadn't, why should anyone have to assume that the security on their system won't be cracked? Even if it does seem that they're taking reasonable precautions, nobody should feel obligated to trust them.
All it takes is for one wrong person to get bulk personal information and do a little data mining, and five years from now your name, address and estimated income could be on a regionally sorted list being sold on the black market.
I've just run Ad-aware on my Windows configuration,
and I'm just glad that I don't seem to have caught
anything.
This kind of spyware is at least as dangerous as
any worm or virus I've heard about. I think Norton
and McAffe will have to extend their products /
product lines.
It may be bad popping up ads when you're surfing the web, but what about just whenever. That's what happened on my system.
I, like Chet & Eric of the linked article do support programs having internal ads to support themselves as free software. However, monitoring users behavoirs is another story -- that's your computer and most contracts (as I have heard from a lawyer friend) cannot "sign" that away; for example your landlord cannot include a clause stating he has the right to monitor your mail, who you talk to, etc. and by living in the property he owns, you forfeit those rights, and if you do not agree with them you cannot live there. Well, folks, this is exactly what most of these programs are having you agree to. The fact is, they're illegal contracts. You cannot gather personally identifiable information (it's identifiable because they are able to deliver targeted advertisement thus they must have a system to know who you are) if you signed the rights away or not.
I have accepted that companies do this and there really isn't a way of getting around it (heck, I don't really care what they do with the info, I'm not going to buy something from any ads they use and that'll be my contribution). So I have tolerated these commercial bombardments. That is until something strange happened.
All of a sudden while I would be at my desk in the same room (this is at work mind you), I would notice activity on the monitor. Going over to look at it, I would notice an ad window had mysteriously popped up, when no programs were running and I hadn't been using the computer for hours. In the morning I typically had several windows to close after the nights ad-popping fun.
Thinking it was a web site which some how introduced a popup delay, I dismised it at first. But it got worse. It was impossible to work on a Word document without having an ad popup and steal focus from my document. I also came to the realization when you close a browser window, its process ends and thus a delay javascript wouldn't work.
I finally decided that it must be some program launching these ad windows. Searching the running process list, I noticed an interesting program happily running. Savenow was the culprit. This program was actually popping up windows on my personal desktop, on my computer (yes, I do own it) and collecting web browsing data in the background, even when its associated product wasn't running! Deleting the savenow executable, I was free of the ads yet outraged of how this company violated my privacy and my computer, and also comprimised the security of my employer. What if they could learn something about our project based upon my web browsing habits and sell that to another company?
After that incident, I went in with a resource editor on every single ad-supported program on my computer and removed the ad resources. I also installed ad-blocking software. Still though, I do occassionaly get ads and various brandings. I have since persuaded my boss to let me put my Linux box on the network, but still, how long until we see these ads and tactics on Linux? How long until these ad programs start embedding ads in your paid for software, or interfacing with your printer driver to print a banner ad out on every page?
The point I'm trying to make is I am all for advertising and realize it does support free products quite nicely, but when it invades my privacy and makes me sign illegal contracts, I get angry. Anyone would. And something should be done about it. I don't have the resources, I can only not buy the products they force on me and put a dent in their success rate thus no ads. But someone with the resources and time should go after these bastards.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
Someone PLEASE sue these jerks for wiretapping.
It's defined as someone who:
Knowingly intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire communication
Since the information they are aquiring is information which is sent out over the web, (I.E. a URL, albeit represented in a slightly different form) this kind of suit should stick.
This kind of behaviour sticks of wiretapping to me. Please sue.
-me
i submitted this story to /. last sat (1/19)...no story, ended up rejected. no loss to me. karma caps are there for a reason.
i checked my machine, but wasn't infected. i figured as much since i run ad-aware occasionally.
i forwarded the info to my buddies (mostly non-tech guys, music lovers, etc.): guess what - 3 out of 5 of them were infected and had no clue what "spyware" was.
"Stuff that matters" can be interpreted many ways, not so narrowly to "matter" only to people who understand root and have a linux box.
the elitism on this site sometimes gets real, real old. thanks Palaptine for your post. you are correct and the rest of these people are trolls.
kinda sad, huh?
/* Half alive and half dead too, work is for suckers and the sucker is you. - "Half-life" by Local H*/
Now THAT'S quality journalism.
Speak truth to power.
I mean, any program I run will have right to do pretty much *everything* (Since I'm lazy I usually run as admin too, shoot me). The problem is there's an all-or-nothing mentality in Windows that creeps me out. I wish Windows had some kind of "learning mode" just like my firewall, not just a run/don't run program. I know I could create a unique user for that program, with mostly the rights I want, but it's not nearly enough.
I want to control what directories it can act on (I.e. limit them to C:\Program Files\, limit their registry options (deny takeover of extensions, allow changing other programs' editions) etc etc., if it can steal focus, talk to other programs, go fullscreen, how it can talk to other machines on the net (ok the winxp firewall might be a start). And I mean in real-time, not having to set up all in advance and have the program crash on me if it's not enough. And this doesn't have to be default or anything, I just wish that us powerusers could assist windows in not getting fucked up.
Kjella
Live today, because you never know what tomorrow brings
-Legion
The Nevada Secretary of State Corporation Search gives us.
- President:MAURICE O'BANNON
Checking "vx2.cc" with Network Solutions WHOIS:Address: PO BOX 27103
LAS VEGAS NV 89126
- vx2 (VX52-DOM)
The post office box addresses match, so the Nevada VX2 Corporation is the correct business.po box 27103
Las Vegas, NV 89126
US
Domain Name: VX2.CC
212 255 1008 fax: 123 123 1234
"Maurice O'Bannon" is mentioned in several legal documents related to the J.K. Publications scam. In that case, O'Bannon was on paper an officer or director of several dummy Nevada corporations which were fronting for a multimillion dollar phony credit card billing scam operated by Kenneth Taves of Malibu, CA. (Mr. Taves is currently Inmate #12289-112 at the Los Angeles Metropolitan Detention Center). O'Bannon, though, appears to be some guy in Nevada who just signed whatever was put in front of him. In the judge's words [large .PDF] "Maurice O'Bannon had an informal agreement with Nevada Corporate Headquarters, Inc., an incorporator, to act as a nominee for their client-corporations and sign whatever documents Nevada Corp wanted him to sign."
The judge was bothered by O'Bannon's actions, but the FTC didn't have enough evidence that he had control of or profited from the scam to put him away.
The J.K. publications scam involved obtaining a database of 3.6 million valid credit card numbers and charging them small amounts each, supposedly for use of a porno site. The mess involved offshore bank accounts in the Cayman Islands and Vanatu, but much of the money has been recovered. Company names involved were JK Publications, Inc., MJD Service Corp., Netfill, N-Bill, Webtel, Billing On Line, Fun On Line, and Discreet Bill.
We're not at the bottom of this yet, but it looks very suspicious.
Here's a plug for AGstreme, which I switched to after I heard about this latest round of spyware nonsense. It's a GPL AudioGalaxy client replacement, which a boatload more features. My favorite: it can read CDDB entries and then request download of one or more tracks from a given CD. Pretty darn cool:
http://www.ractive.ch/gpl/AGStreme.html
Can your IM do this?