Slashdot Mirror
Spyware in Audio Galaxy
LintMan and a zillion other people wrote in about the story on Portal of Evil discussing spyware bundled with Audio Galaxy that seems to be even more nasty than usual. Others have written about it as well - there's Counterexploitation and Wired stories. Frankly, we're kind of bored by all these spyware/shareware stories (don't people learn?) so we let it sit around in the submissions bin for a few days, until, say, a slow Saturday night.
Hopefully Ad Aware (http://www.lsfileserv.com/index.html) will include it in their list soon, but until then it is an easy remove (http://www.vx2.cc/uninstall.html)
The VX2 software is a single program file in the system directory called VX2.dll.
To remove VX2:
1) From the Control Panel select ADD/REMOVE programs. Select "VX2 RespondMiter" and "Remove".
If VX2 RespondMiter is not present:
2) Close all internet explorer browsers.
3) Search your "C" drive for VX2.dll
4) Delete VX2.dll
If the system does not permit the file to be deleted proceed as follows.
5) Select "Start" and then "Run" and type "regedit"
6) Find the and delete the entry named "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662}".
7) delete the {00000000-5eb9-11d5-9d45-009027c14662}entry.
8) Reboot computer.
9) Search your "C" drive for VX2.dll
10) Delete VX2.dll
It seems to just plug itself in IE, so as usualy Netscapers are pretty safe from this one....for now.
Cave, wreck, and deep diver.
... that if J. Random Hax0r writes and distributes a piece of software that collects information clandestinely from computers on which it's installed, he gets his door kicked down and everything with a byte of RAM or potential for magnetic storage confiscated, his life ruined, and possibly sent to prison
but
when a barely legitimate distributor of file sharing apps produces a "product" with these same attributes, there doesn't seem to be a great presence of Federal law enforcement at its place of business?
Another proud carrier of the $rtbl flag
This story is not very timely, as the entire issue has been resolved for at least a week now. Audiogalaxy did include the VX2 spyware in their application, was thoroughly lambasted for it, and finally gave in to user complaints and removed it. The current version of audiogalaxy available on their website has no spyware in it (or at least no VX2 spyware, and no mandatory-install spyware; it might still include Gator or something as an optional install, I haven't checked).
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Agreed, this is a huge advantage that the linux desktop has that no one seems to mention. In Linux, apps don't generally take over my mime types, install spyware, or my personal favorite, insist on putting "neatpp" in C:\progra~1\company name\neatapp\neatapp.exe.
....
Sometimes I sit there and tell myself, "Good thing your company puts all its products in a folder named after your company, that way I can easily manage the multitude of apps that you guys provide." After a while, my Program files looks like a freaking billboard
I HATE software that does this. Especially when 90% of windows applications believe that they deserve and absolutely must have an icon in the system tray. Even better is when they don't put the icon in the startup folder, so you have to go Registry hunting. Anything by Real does this. "By closing MemoryLeakLauncher Plus, you could lose some of the great features of the Real Player." Fuck off and die Real.
The Linux desktop may not have some of the "great applications" that you see in windows, but I have yet to see a linux app that maximizes its install, hiding my taskbar with that dumb blue screen, and insisting on stealing focus. This is the desktop that people think we should emulate? No thanks.
Good thing my Windows bozen have ad-aware.
A system based on software libre (free speech software), on the other hand, is much less likely to have spyware. First of all, since there are "more eyeballs" looking at the source code, people who make libre software are less likely to add features to the software which the end user may not like. Second of all, the mindset behind making libre software is different than the mindset behind gratis software; there is more desire to give people features they want and less desire to make software which has undesirable features to increase one's bottom line.
While I do feel that propritary software works better than libre software for many things, such as video games, I am glad that I have a system that is over 90% libre software; this minimizes the chances that there is undesirable spyware on my system.
This may be why the editors are reluctant to post spyware stories; people using software libre instead of proprietary software do not need to worry about this kind of thing.
- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
This is interesting.... For a site dedicated to "news for nerds" and" stuff that matters" they hold a story back untill a slow newsday(night) to post it. Now as a Windows/linux/Beos user the Windows third of me wants to know when some program is installing what amounts to a data harvester on my machine, whether or not a story which followes the same path as this one has already been posted, I still would like to know what new programs are out there taking my info.
perhaps Slashdot should put up a bi-weekly "security update" in order to address these issues which do not warrent a full post.
Scott Cassaday
spyware/shareware
Spyware has nothing to do with shareware. You may not like the shareware business model but please do not associate it with spyware. Spyware can be distributed under all business models. Yes. Spyware could even be distributed as Open Source on a mass-market Linux distro since many users never recompile. If Linux is ever mass-marketed on the desktop by AOL, I expect to see such things happen. It will work because most users don't read security journals and won't bother to recompile.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Spyware aside, shouldn't it be illegal to infect^H^H^H^H^H^H install software on someone's computer without their knowledge? My computer is MY private property, and sneaking little programs onto it is tantamount to trespassing.
I mean, would anyone put up with someone putting little "Buy Hood(tm) milk" ads in their refrigerator all the time? Or how about little spycams hidden away on your bookshelf? This case isn't much different.
[PowerPoint] is a tool for capitalist presentation
Looking up "Maurice O'Bannon" in Google, we find that name associated with a major Internet fraud case in Nevada and California involving $37 million of phony credit card charges which resulted in jail time for some of the participants.
Uh oh. Spyware from people involved with credit card fraud is big trouble. This needs to be followed up with law enforcement.
And this time, it isn't "Let's get him!"
Okay, I was just chatting with my teenage cousin on Kazaa, and that got me thinking. Her father is a lawyer (a defense attorney). She doesn't have Audio Galaxy, but I bet some lawyer, somewhere, has a kid who installed Audio Galaxy on their home machine; and I bet they sent work related web-based E-mail.
If I'm right and if this person can be found, surely you can subpoena Mindset to get logs of what they did with the information. IANAL myself, could you do anything else to them? The guy at www.cexx.org evidently spraypainted Blackstone's entire server pink - is that evidence that your legal communications could have been compromised? Is this stuff that cexx found utterly inadmissable?
Failing that, there are lawyers here. Set up a scheme to make Mindset/whoever they actually are defend themselves in court - if 100,000+ people really installed this software, they have to have something they're not remotely supposed to have.
Anyway - read the last bottom of the cexx story - it has the missing pieces of the story on HellPortal.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
We know nothing about VX2," Merhej said. The VX2 program file (called vx2.dll) was part of an advertising graphics enhancer made by the Onflow Corporation, he said. Audio Galaxy offered the Onflow program as part of its software package from Oct. 1 through Nov. 4, 2001, Merhej said. The partnership was cancelled due to unpaid bills.
Onflow is the worst company I have ever dealt with.
Our company (which shall remain nameless) used onflow technologies in our product for about 2 years. They paid us for the first few months of operation, but when they owed us a total of about $30,000, we received a letter claiming they had lost overseas investments, and they couldn't pay us.
Funny enough, it look like they are still in business.......
So how is that relevant? If I drive my car into someone and kill them, but I was asleep at the wheel, does that mean that I am therefor innocent of any wrongdoing? Nope.
After reading the wired article, I think its pretty understandable how this slipped past the guys at Audiogalaxy.
I say judge them by their deeds not thier intensions - Audiogalaxy is in the business of distibuting software. How the crap can they not know what they are distributing? And if that is truly the case, it is thier problem.
My Karma: ran over your Dogma
StrawberryFrog
It may be bad popping up ads when you're surfing the web, but what about just whenever. That's what happened on my system.
I, like Chet & Eric of the linked article do support programs having internal ads to support themselves as free software. However, monitoring users behavoirs is another story -- that's your computer and most contracts (as I have heard from a lawyer friend) cannot "sign" that away; for example your landlord cannot include a clause stating he has the right to monitor your mail, who you talk to, etc. and by living in the property he owns, you forfeit those rights, and if you do not agree with them you cannot live there. Well, folks, this is exactly what most of these programs are having you agree to. The fact is, they're illegal contracts. You cannot gather personally identifiable information (it's identifiable because they are able to deliver targeted advertisement thus they must have a system to know who you are) if you signed the rights away or not.
I have accepted that companies do this and there really isn't a way of getting around it (heck, I don't really care what they do with the info, I'm not going to buy something from any ads they use and that'll be my contribution). So I have tolerated these commercial bombardments. That is until something strange happened.
All of a sudden while I would be at my desk in the same room (this is at work mind you), I would notice activity on the monitor. Going over to look at it, I would notice an ad window had mysteriously popped up, when no programs were running and I hadn't been using the computer for hours. In the morning I typically had several windows to close after the nights ad-popping fun.
Thinking it was a web site which some how introduced a popup delay, I dismised it at first. But it got worse. It was impossible to work on a Word document without having an ad popup and steal focus from my document. I also came to the realization when you close a browser window, its process ends and thus a delay javascript wouldn't work.
I finally decided that it must be some program launching these ad windows. Searching the running process list, I noticed an interesting program happily running. Savenow was the culprit. This program was actually popping up windows on my personal desktop, on my computer (yes, I do own it) and collecting web browsing data in the background, even when its associated product wasn't running! Deleting the savenow executable, I was free of the ads yet outraged of how this company violated my privacy and my computer, and also comprimised the security of my employer. What if they could learn something about our project based upon my web browsing habits and sell that to another company?
After that incident, I went in with a resource editor on every single ad-supported program on my computer and removed the ad resources. I also installed ad-blocking software. Still though, I do occassionaly get ads and various brandings. I have since persuaded my boss to let me put my Linux box on the network, but still, how long until we see these ads and tactics on Linux? How long until these ad programs start embedding ads in your paid for software, or interfacing with your printer driver to print a banner ad out on every page?
The point I'm trying to make is I am all for advertising and realize it does support free products quite nicely, but when it invades my privacy and makes me sign illegal contracts, I get angry. Anyone would. And something should be done about it. I don't have the resources, I can only not buy the products they force on me and put a dent in their success rate thus no ads. But someone with the resources and time should go after these bastards.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
Now THAT'S quality journalism.
Speak truth to power.
The Nevada Secretary of State Corporation Search gives us.
- President:MAURICE O'BANNON
Checking "vx2.cc" with Network Solutions WHOIS:Address: PO BOX 27103
LAS VEGAS NV 89126
- vx2 (VX52-DOM)
The post office box addresses match, so the Nevada VX2 Corporation is the correct business.po box 27103
Las Vegas, NV 89126
US
Domain Name: VX2.CC
212 255 1008 fax: 123 123 1234
"Maurice O'Bannon" is mentioned in several legal documents related to the J.K. Publications scam. In that case, O'Bannon was on paper an officer or director of several dummy Nevada corporations which were fronting for a multimillion dollar phony credit card billing scam operated by Kenneth Taves of Malibu, CA. (Mr. Taves is currently Inmate #12289-112 at the Los Angeles Metropolitan Detention Center). O'Bannon, though, appears to be some guy in Nevada who just signed whatever was put in front of him. In the judge's words [large .PDF] "Maurice O'Bannon had an informal agreement with Nevada Corporate Headquarters, Inc., an incorporator, to act as a nominee for their client-corporations and sign whatever documents Nevada Corp wanted him to sign."
The judge was bothered by O'Bannon's actions, but the FTC didn't have enough evidence that he had control of or profited from the scam to put him away.
The J.K. publications scam involved obtaining a database of 3.6 million valid credit card numbers and charging them small amounts each, supposedly for use of a porno site. The mess involved offshore bank accounts in the Cayman Islands and Vanatu, but much of the money has been recovered. Company names involved were JK Publications, Inc., MJD Service Corp., Netfill, N-Bill, Webtel, Billing On Line, Fun On Line, and Discreet Bill.
We're not at the bottom of this yet, but it looks very suspicious.
Here's a plug for AGstreme, which I switched to after I heard about this latest round of spyware nonsense. It's a GPL AudioGalaxy client replacement, which a boatload more features. My favorite: it can read CDDB entries and then request download of one or more tracks from a given CD. Pretty darn cool:
http://www.ractive.ch/gpl/AGStreme.html
Can your IM do this?