Morpheus Hijacks Browsers For Affiliate Links

An anonymous reader submits: "According to this news.com article, morpheus (aka streamcast) has begun silently installing a browser plugin on its users' machines that basically hijacks the web browser even when not running Morpheus. An afflicted browser will sense if a user is going to visit a shopping site like Yahoo! or Amazon, and secretly send them to a different site instead and then redirect them from this site to the user's intended destination. The user will not be aware that this is happening... however the site doing the redirecting will benefit because they are set up as an affiliate partner and will get a commission on the backs of the user. On a horrible scale of 1 - 10 for sleazy business practices, I rate this a 9. Comments?"

more links

[kritikal]

here's arstechnica's forum about it:
http://arstechnica.infopop.net/OpenTopic/page?a=tp c&s=50009562&f=174096756&m=9220974704

It's scumware...

[ckkoh]

This belongs to a new breed of nusiance known as scumware. Check out http://www.scumware.com for more info.

At least it's easy to disable

[Tremblay99]

Under "Tools" -> "Internet Options" -> "Advanced" deselect "Enable third party browser extensions" and reboot. Even if the .dll responsible for the redirection, bpboh.dll, is installed, it won't be able to run.

Re:At least it's easy to disable

[GoRK]

No it doesn't. Browser extensions aren't the same thing as plugins like flash/shockwave/etc. that handle files based on a mimetype (or file extension - stupid microsoft). Browser Extensions change the behavior of the browser itself - They are things like the Google toolbar and that Alexa piece of crap. There are some useful ones too that do things like block ads and kill popups. I have Extensions turned off and I can still see flash just fine. Sadly, I can no longer kill popups or ads so easily in IE anymore. Oh well... for all these settings and extensibility, we still can't control the levels of access that scripting languages have to or system or selectively allow certain programs to run.

I think IE is scumware.

Has anyone asked Amazon about what they think?

[shri]

Has anyone asked Amazon what they think about this practice?

From what I can see on their website ..

To protect the integrity of the reputation of Amazon.com Associates as well as the Amazon.com brand name, you may not promote your site via certain forms of indiscriminate advertising, commonly referred to as "spamming." Accordingly, you may not promote your site via unsolicited commercial e-mail (UCE), postings to non-commercial newsgroups, or cross-postings to multiple newsgroups at once. In addition, you may not promote your site in any way that effectively conceals or misrepresents your identity, domain name, or return e-mail address.

If I were Amazon, why would I pay 10-15% margin to someone who has not really promoted the product, but has hijacked the links?

They also probably violate this portion of the operating agreement.

We may reject your application if we determine (in our sole discretion) that your site is unsuitable for the Program. Unsuitable sites include those that: promote sexually explicit materials promote violence promote discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age promote illegal activities include "amazon" or variations or misspellings thereof in their domain names otherwise violate intellectual property rights

Bearshare does this too

[rufusdufus]

Installing Bearshare also installs two secret spyware apps. One of them does a similar redirection, but is especially evil because it bypasses firewalls like ZoneAlarm. More information about this at cexx.org/newnet.htm and lots of related stuff at the root cexx.org

How to disable Morpheus redirects

[Dynedain]

After reading this article (and noticing redirects being performed on my system - i thought it was something else, not morpheus) I downloaded this utility: BHO Cop which is designed to search out these nasty browser-attached proggies and allow the user to disable them. I found the culprit: bpboh.dll put out by Wurld Media, who, according to their inadequite website, claim the primary goal of their business is to help companies be profitable (very ambiguous, don't you think?).

Well, I disabled the .dll w/ BHO Cop, relogged in (WinXP) and low and behold, when I go to amazon.com, I end up at the root page rather than a referal page deep in the system.

So - download and run BHO Cop now! who knows what else you might find (Acrobat seems to have dumped something as well)

Lavasoft's AD-AWARE will Remove this thing for ya!

[EMR]

goto http://www.Lavasoft.com and download ad-aware and the latest ref update and have it remove all your spyware from your computer..

Re:Sleezy, but no point in Morpheus anymore anyway

[ender81b]

Exactly. Why the hell are people using it anyways? Go here to download the spyware free and opensource version.

Re:Scary

[thing12]

The best any program can do is hide the passwords if they want to allow auto-login. It just can't be done any other way. You can get auto-login passwords MSN, AOL, and ICQ all by going through the registry or configuration files. Trillian could encrypt the files, but then you need to enter a password when Trillian starts. Maybe that's a small price to pay for a little bit of added security, maybe it it's not worth it to most people.

I encrypt my Trillian directory and run it as a user that has the ability to read those files. And likewise I run all file sharing programs as a user that has no permissions at all except for their own directories. Windows 2000/XP aren't so bad :-) at least they give you a process model that's similar to *nix.