Morpheus Hijacks Browsers For Affiliate Links

An anonymous reader submits: "According to this news.com article, morpheus (aka streamcast) has begun silently installing a browser plugin on its users' machines that basically hijacks the web browser even when not running Morpheus. An afflicted browser will sense if a user is going to visit a shopping site like Yahoo! or Amazon, and secretly send them to a different site instead and then redirect them from this site to the user's intended destination. The user will not be aware that this is happening... however the site doing the redirecting will benefit because they are set up as an affiliate partner and will get a commission on the backs of the user. On a horrible scale of 1 - 10 for sleazy business practices, I rate this a 9. Comments?"

Scary

[EvilAlien]

What else is peer-to-peer software silently borrowing?

Trillian password files perhaps?

Re:Scary

[mcrbids]

That's not all. Try searching for "system.dat". That's the Windows System Registry. There, you can get names, passwords, Install codes, all kinds of neat stuff. Hit Gnutella or Morpheus. Do a regex to get the keys, etc.

That's scary.

Re:Scary

[supermoose]

The last time I ran a peer-to-peer client, the darn thing went and stole all my music! =)

Re:Scary

[Anonymous+DWord]

You'd care if it was tied to something like, sayyyy, Passport, and let you shop online because you've "verified" your identity. But you'd never do anything like that, right? How 'bout your parents? Or your friends that don't know anything about why they should care?

Re:Scary

[Crass+Spektakel]

I always share /dev/zero, that does the job. If they still insist on "share more" then I also share /dev/random. :-)

Re:Scary

[WWWWolf]

Except that according to stat, /dev/zero and /dev/random both have size of 0...

nighthowl:~$ perl -e 'print -s "/dev/random", "\n";'
0

Besides, what's easier to report with a long type: "zero size" or "infinite size"? =) Sure, it'd be neat to return LONG_MAX...

Re:Scary

[thing12]

The best any program can do is hide the passwords if they want to allow auto-login. It just can't be done any other way. You can get auto-login passwords MSN, AOL, and ICQ all by going through the registry or configuration files. Trillian could encrypt the files, but then you need to enter a password when Trillian starts. Maybe that's a small price to pay for a little bit of added security, maybe it it's not worth it to most people.

I encrypt my Trillian directory and run it as a user that has the ability to read those files. And likewise I run all file sharing programs as a user that has no permissions at all except for their own directories. Windows 2000/XP aren't so bad :-) at least they give you a process model that's similar to *nix.

Re:Scary

[Zeinfeld]

What else is peer-to-peer software silently borrowing?

There are a bunch of overlapping issues here. One is the politician problem. Many people want to vote for politicians who are going to serve their personal self-interest best. This raises the problem that the self-interest of the politician is rarely that of the voters, particularly if they are elected. So politicians who make a bid for public support on the basis of self interest alone are likely to believe what they preach and serve their personal self interest exclusively.

The problem of spyware appears to be almost unique to P2P software. This might be coincidence, P2P just happened to get hot at the same time that the Internet bubble burst and Internet business models turned Hobbsean. On the other hand it appears more likely that people who write software whose primary purpose is to help people steal music have no moral qualms about exploiting their users as well.

A second set of problems comes from the fact that P2P pretty much cuts itself off from most of the traditional Internet business models. Post Napster no P2P company can make money from any business model that requires them to maintain a central server or long term business relationships with other companies.

The thread contains many posts that attempt to dispute the claim that Morpheus is doing anything bad. The debate tactics used suggest that it is FUD from the Morpheus self justification dept. There are plenty of posts saying 'the poster hasn't read the article, Morpheus is not stealing referals', only that is precisely what the article accuses Morpheus of. This is not about collecting information about users.

On the legal side I don't imagine that this is a sustainable business model. There is no way that Amazon and the other companies are going to want to pay people for intercepting referals from other sources. Depending on the circumstances if an affiliate is collecting money by misrepresentation the actions may constitute fraud.

The other main issue is of application security. Here the only significant difference between Linux and Windows is that Windows being more popular makes it a more attractive target for scumware. Linux has to consider the problem since if Microsoft develops a defense the scumware folk will attack Linux next on the 'bear principle' - I don't have to outrun the bear, I just have to outrun you.

There is a hook in IE to disable all third party plug ins. The problem is that this is the big switch approach. What there should be is the ability to select which plug ins are enabled. Windows really should not have so many under the covers switches for installing software. I recently found that one of my machines had been infected by comet cursor, I have no idea when. Checking the Windows registry to find out if you have spyware reminds one of Arthur Dent's difficulty finding out about the plans to build a bypass through his house.

The problem with the big switch is that Adobe Acrobat is pretty useful. Macromedia flash is also useful in limited circumstances. I like the animations on Slate, but the new breed of annoyance ads have led me to disable it. There sholuld be a switch to allow plug ins to be enable on a site by site basis. Unfortch, the security zone mechanism does not do this as yet.

Re:Scary

[lkaos]

Oh and real men use regedit.exe

I don't think I even need to commit on this...

Re:Scary

[matrix29]

The skinny of the news is a file called BPBOH.DLL that comes with the MORPHEUS PREVIEW version and carries the nasty little bugger that is causing CONSTANT browser crashes right now on my system. LAVASOFT's AdAware has a program called REFUPDATE which includes the killer for this little spyware nasty. The downside is RefUpdate is SUPPOSED to be aware of BPboh.dll, but didn't find it on my system as per Lavasoft's mirror page. So search the BPBOH.DLL and delete the nasty crashing bugger.

The nasty is made by a sleazy firm called Wurld Media, Inc. (They spelled it "Wurld" not "World")

Here's a snippet of the bastard.
rdxr020305.dat (which appears on my desktop)
bpboh.dll (the offending file)
bpboh2.dll (not on my system but in the hex dump)
www.rdxrp.com
www.maplehollow.com
www.rdx rs.com
www.inmotiongolf.com
/rdxr020304.dat
/bp boh.dll
about:blank werule
\winbpupd.exe
www.sephora.com
http://www.sephora.com
(Who wants to boycott Sephora's "we'll make you look like a prostitute" makeup selection? I don't wear it, but who would?)
http://www.sephora.com/help/about_sephora.jhtml?lo cation=contact

www.shop.barnesandnoble.com
www.barnesandnoble. com
http://www.barnesandnoble.com
(Who wants to boycott Barnes&Nobles now for foisting crappy spyware on us? I sure do! By the way, MAKE CERTAIN you let them KNOW what we feel about spyware please.)
http://www.barnesandnoble.com/help/customer_servic e/morehelp.asp?userid=199PI1EZ1Y

Go to this nasty crapware website and share how you feel about their little spyware games please.
http://www.wurldmedia.com/
Their email address for contacting them is
corpcom@wurldmedia.com

Or use their snail mail address:
WURLD Media, Inc.
63 Putnam Street
Saratoga, Springs, NY 12866
Telephone: 1-518-691-1100
Fax: 1-518-691-1180
(Oh... let me think for a moment about what kinds of FAX pranks exist...)

Re:Scary

[Decimal]

What else is peer-to-peer software silently borrowing?

Well, Morpheus is "borrowing" Gnucleus' source code to switch over to Gnutella. What really bothers me is that not only did they not consult with the Gnucleus authors first, but they also didn't tell Morpheus users that they had switched networks. Suddenly the Gnutella network has been flooded with tons of unhappy Morpheus users who only know that it's much harder to transfer files than it was in the last version. The only place MusicCity has publicized it's use of the GPL code is in the program's "about" box, and in a few text files in the same directory the program. The closest the webpage comes to acknowledging the change is under the improvements list: "More files".

Well of course, we can't expect them to advertise for the competition. Would you keep using Morpheus if you knew it was actually Gnucleus with ads, hijack-ware, and a big M stamped on it?

more links

[kritikal]

here's arstechnica's forum about it:
http://arstechnica.infopop.net/OpenTopic/page?a=tp c&s=50009562&f=174096756&m=9220974704

violate referer terms

[monkeyserver.com]

So this is based on zero knowledge, but I would guess that that violates the terms of referership (is that a word), considering that fact that that "partner" did not actually refer you to the site.

I think a list should be compiled and reported, I would guess that places like yahoo and amazon could file criminal, if not at least civil, suits against such cheaters. It wouldn't surprise me if they did too, just to make a point, and to try not to jade users to the system....

any thoughts? that's a dumb question this is /.

Sleezy, but no point in Morpheus anymore anyway.

[Raskolnk]

Now that Morpheus is just a hacked-up (or down ;-) version of Gnucleus, there's really no point in using it anyway. I don't see what it provides that Gnucleus doesn't, other than annoyance.

Great Comments

[shogun]

Oh this is promising, I load up this news article and theres a total of 3 comments posted under it, all of which are below my threshold, I assume all of which are first posts. But anyway back on topic.
I've heard of sneakyness not far off this already. It seems some of the other P2P file sharing programs also like to install sneaky plugins which do things from reporting your every url visited up to popping up windows with ads in them on encoutering certain keywords. Very nasty and can also incur a performance hit.

Okay..

So Kazaa, the premeir FastTrack client, begun to bundle spyware.

Great, I can deal. I switch to Grokster.

Grokster begins to bundle spyware.

Fuck. Switch to Morpheus.

Morpheus bails from FastTrack, and switches to Gnutella.

Fuck again. Switch back to Grokster, use AdAware.

See that Morpheus, who explicitly claimed that it contained "No Spyware of Any Kind" engage in this type of practice?

I can only laugh at the pitiful wreck that the company/corporation-based P2P programs have become.

Re:Okay..

Okay, so where are you expecting company/corportation based P2P software to make their money? They have to make something somewhere to continue to operate.

The thing is, I'm not expecting the c/cp based P2P software manufacturers to gain revenue.

Typically, when a product or service is available for free, and another one is put on the market at a non-zero cost, unless there's some type of luxury association attached to the product or service that's non-free, people are going to go with the free choice.

Now, we have these 3 companies, all of which make their software available for "free".

Their only source of revenue is the companies who want them to attach their bits of software to the application. How could they ever hope to make money elsewhere? Nobody would buy the product if it's available on the market. Likewise, who would subscribe to it, if a free alternative is available? Really, their only other option is to develop some type of value-added service to make consumers choose their platform over the free ones.

What could they possibly include as a value-added service? I can't think of anything.

And at the same time, the people who get pissed off with these companies go off, and create something like Kazaa Lite, and undermines your entire company's lifeline.

Re:Okay..

[muffen]

http://www.project-insomnia.com/grokster.html Has a link to a site with a fake cd_clint.dll to make it think Cydoor is there :)

This is excellent!! Thanx a lot!! :)

That's really clever..

[DuncanMurray]

Business 101 - try really , really hard to piss off your customers

Re:That's really clever..

[tempest303]

Business 101 - try really , really hard to piss off your customers

"customers"? As in, one who buys things from you? I thought the whole idea of Morpheus, et al, was that no one ever paid for anything anymore. ;p

Re:That's really clever..

[aanantha]

Ah, but the point is that the Morpheus user isn't the customer. The Morpheus user is the product that is sold to these advertisers, the real customers. The Morpheus software is bait.

I like it.

[Neck_of_the_Woods]

The truth of it is this could be seen as a virus. It is just a profitable one. They will get smacked on this one as soon as it comes out in the light of day.

Re:I like it.

[squaretorus]

Not meaning to piss on the flames here - but how is this any different from Burger King opening an outlet in a cinema, or Alders opening a shop in an airport - I have to walk further around these things to get to my cinema screen / plane!

I don't have to buy from them - but its costing me shoe leather (or trainer rubber) and calories to avoid them!

This is just a sound business principle being implemented in a new commercial arena. If you use comercially oriented software you'll end up seeing sites you didn't want to - no getting around it.

What is the driver here? People actually buy stuff when they get spammed, redirected, BIG ad'd. Who are these people? I've only ever bought one thing on the back of a spam - and that was an animal book on special offer at amazon!

Re:I like it.

[muffen]

The truth of it is this could be seen as a virus.

You could not be more wrong. This is nothing like a virus. A virus is defined as a piece of code that replicates. Since this does not follow the definition, it is NOT a virus.

Re:I like it.

[Frank+T.+Lofaro+Jr.]

How about a Trojan. That fits.

Also, is there any could we use the DMCA against this? Perhaps by saying they are getting access to data copyrighted by us?

The DMCA is an evil law - but perhaps it could be used for good.

well in all honesty

[theCURE]

What you don't know can't hurt ya. Most people will still get up and go to work the next day. The crud is going to come down the line, when it waterfalls into a much bigger problems with worse results.

Man-in-the-middle attack

[AtomicBomb]

Man-in-the-middle attack is the only phrase that flash across my mind... I have no way to check the identity of the "referer".

You can call me a paranoid. Each time when I need to buy stuff online using credit card. I will reboot to a cleaner "environment" -- a clean copy of OpenBSD or something similar. God knows who the hell the various windows plugins are doing..

Corrections and notes...

[Cutriss]

An afflicted browser will sense if a user is going to visit a shopping site like Yahoo! or Amazon, and secretly send them to a different site instead and then redirect them from this site to the user's intended destination.

The final destination is more or less the same. The difference is the intermediary. Morpheus isn't stopping me from going to Amazon by instead redirecting me to Borders.com...They're just stealing referral dollars.

Honestly, though...I wonder how long it'll be before these online vendors lock out Morpheus' referral IDs, or even worse, deny the connections altogether (since the most recent source IP will be Morpheus' proxy, not your own).

And I assume that if there's a pre-existing Referral ID, Morpheus will strip it out and replace it with its own. Doesn't this constitute actual monetary theft?

Re:Corrections and notes...

[Coward,+Anonymous]

how long it'll be before these online vendors lock out Morpheus' referral IDs, or even worse, deny the connections altogether (since the most recent source IP will be Morpheus' proxy, not your own).

It doesn't sound like it uses any kind of proxy, an IE plugin redirects you to another website which redirects you back to amazon/yahoo/whoever so the morpheus machine isn't the one connecting to the vendors, they're just telling your machine what url to request from the vendor. I would be very surprised if vendors honor the comissions "earned" through this method.

Re:Corrections and notes...

[Cutriss]

Technically, by earning referral dollars by referring purchases that they didn't actually have a hand in, they're at the very least stealing from the retailers. That's no different than taking commission on a retail sale you didn't actually make. And, if it's inserting referral IDs to make money, I doubt it's going to leave existing ones intact. To quote Star Trek II:

McCoy - "Suppose this device were to be used where life already exists..."
Spock - "It would presumably destroy such life, in favor of its new matrix."

Re:Corrections and notes...

[cyberformer]

It could make a huge difference to small Web sites that rely on referrals to defray bandwidth costs. Linking to relevant books on Amazon (or bn) can often make more than banner ads. If a significant proportion of users have Morpheus installed (not an unreasonable assumption), the other referring sites could go under.

I know I'll be checking that any referral programs my Web site participates in aren't on Morpheus's hitlist, and switching to a competitor if they are. I expect others to do the same, thus giving retailers like Amazon a real incentive to make sure that they don't pay anything out to Morpheus.

Re:Corrections and notes...

[markmoss]

At an absolute minimum, they are stealing from the user's bandwidth -- because to go to Morpheus and then to Amazon (say) is certainly going to take more bytes transferred, and more time, than going directly.

Re:Corrections and notes...

[WNight]

Amazon could download Morpheus, install it, and go to their own site from referrer's pages. Any time the referrer ID doesn't match the page they came from they log another of Morpheus's IDs. Then they lock that account out.

I'd read the article...

[Rayonic]

But I keep getting redirected to ZDnet somehow!

It's scumware...

[ckkoh]

This belongs to a new breed of nusiance known as scumware. Check out http://www.scumware.com for more info.

Re:It's scumware...

[I+Want+GNU!]

And here's a clickable link for the lazy: http://www.scumware.com :-)

Re:What else do people expect?

[coene]

in simple, they arent. lets see...

1) they dont make software, the license it (or now, in the case of gnucleus, steal it).

2) they install bullsh!t spyware everywhere they can

3) they have sleazy management and software developers who know how to use MFC app wizard and modify icons

4) they violate every good business practice known to man

In my book, that does not constitute a software development company.

On a scale of 1 to fucked...

[MattRog]

Morpheus is totally fucked.

Been waiting for this...

[Suicide]

Honestly, I had the idea for this a while ago while talking with a friend. I've been waiting for someone else to implement it. Its not that much different than those sites that collect and list internet deals, in the hopes that you'll follow their links and they'll get the referer fee, Like this one.

While I personally see this as a bad thing, since they do it behind the users back, I would probably have no objection to installing something similar for slashdot. I don't exactly feel the need to subscribe, but I would have no objection to them collecting a referrer fee off of my internet purchases.

Re:Been waiting for this...

[Xero]

Its not that much different than those sites that collect and list internet deals, in the hopes that you'll follow their links and they'll get the referer fee, Like this one [slickdeals.net].

It is totally different than the sites that provide lists of internet deals. These sites refer customers to a site that the consumer most likely would not have gone to if they had not known it was the lowest price. Sites that list internet deals deserve the referall because that is the reason the refered site sold the product. Morpheus has nothing to do with why that consumer went there and thats why it is nothing at all like the internet deal sites. And furthermore, these deal sites don't covertly install a plugin to get all the referalls, they simply have links on a page and provide a service to consumers.

Wow, I never knew

[smoondog]

I guess this is why I entered cnn and ended up on slashdot.

So your saying the only way to make

[Vicegrip]

money is to lie and do dirty stuff if your software is free?

Somebody needs to inform Redhat.. apparently nobody told them.

Or better yet: Company X is dishonest. Company X makes product Y. Therefore all companies that make product Y are dishonest.

You, sir, are a moron.

Who this really hurts

[dytin]

This isn't that bad really for the user, Yahoo and Amazon will give a commision to somebody anyways. What really annoys me is that this hurts all the other websites in the world. If I give a legitimate referal from my site to Amazon, then I should get the commision, not Morpheus. If this becomes common practice, then it will effectively kill the way that business is done on the web, and in the process take out a ton of small websites that are struggling to stay alive out there.

Re:Who this really hurts

[Dynedain]

This isn't that bad really for the user, Yahoo and Amazon will give a commision to somebody anyways

WRONG!!!!! - What's happening here is when a user types in amazon.com, Morpheus redirects the request through their amazon referrer page. Hence, amazon is now paying out referals that it otherwise would not have. Direct navigation does not incurr referal fees, only refered navigation

Re:Who this really hurts

[pauldy]

Half a clue will tell you the money to pay those refferal fees aren't comming out of the pockets or salaries of the Executives at amazon or yahoo. It's comming from increased costs for products and services via their site. Guess who pays for products and services on their sites.

Point this has a large impact on the way advertising is done on the internet. The whole idea that the software was free and no one is hurt by them doing this is without merit. The other that people only use morpheus for piracy also lacks any substance.

Re:Who this really hurts

[jgerman]

Insightful my ass. This is an invasion of privacy pure and simple. If it was an integrated browser in the Morpheus client, that's one thing. But if I were to write a virus to do the exact same thing, I'd be prosecuted if I was caught. Why is ok for a corporation to do something that is a criminal act for an individual?

Re:What else do people expect?

[Rayonic]

how else are the developers supposed to make money?

Any... other... way... possible.

excellent!

[duncanIdaho.clone()]

"With these plugins, I'll take over the WORLD!"

At least it's easy to disable

[Tremblay99]

Under "Tools" -> "Internet Options" -> "Advanced" deselect "Enable third party browser extensions" and reboot. Even if the .dll responsible for the redirection, bpboh.dll, is installed, it won't be able to run.

Re:At least it's easy to disable

[Dynedain]

of course that turns off flash, shockwave, java, possibly windows audio support, quicktime, real, vrml, and a whole slew of other things you might have running and actually want

Re:At least it's easy to disable

[bombom]

Thus disabaling the most useful thing about IE, the google toolbar!

Re:At least it's easy to disable

[Malcontent]

"Tools" -> "Internet Options" -> "Advanced" -> deselect "Fraud""

I think that would disable your entire windows.

Re:At least it's easy to disable

[GoRK]

No it doesn't. Browser extensions aren't the same thing as plugins like flash/shockwave/etc. that handle files based on a mimetype (or file extension - stupid microsoft). Browser Extensions change the behavior of the browser itself - They are things like the Google toolbar and that Alexa piece of crap. There are some useful ones too that do things like block ads and kill popups. I have Extensions turned off and I can still see flash just fine. Sadly, I can no longer kill popups or ads so easily in IE anymore. Oh well... for all these settings and extensibility, we still can't control the levels of access that scripting languages have to or system or selectively allow certain programs to run.

I think IE is scumware.

Re:At least it's easy to disable

[scrytch]

Thus disabaling the most useful thing about IE, the google toolbar!

Installed it, found it had no keyboard accellerator, uninstalled it. Dragged a google shortcut onto my desktop, bound it to ctrl-alt-g. Now I have a google shortcut without a toolbar I have to aim for (I use mousekeys, having to click on something is a monstrous pain in the ass)

Dear Watson . . .

[loraksus]

And what, pray tell, is a fucking 10?

I think someone is being a little um. . . friendly to these jerks. Not that the warez leech kiddies don't deserve it.
Bah

Re:Dear Watson . . .

[bonzoesc]

A 10 is when it takes control of your computer, prints out ads, and has your AIBO tape them up all over your house. It paints your walls with company logos, tapes over your Star Trek tapes with infomercials, fills up your TiVO with the same, and replaces all your vinyls with Britney Spears CDs. It will kick your puppy and attack your kittens. It converts your children to Scientology and steals your beer.

Re:Dear Watson . . .

[SomeoneYouDontKnow]

Good Lord, man, that sounds like what some people I knew in college might have done, except that they would have used New Kids on the Block and Debbie Gibson CDs.

Oh wait, it's Deborah Gibson now. Sorry Debbie.

Has anyone asked Amazon about what they think?

[shri]

Has anyone asked Amazon what they think about this practice?

From what I can see on their website ..

To protect the integrity of the reputation of Amazon.com Associates as well as the Amazon.com brand name, you may not promote your site via certain forms of indiscriminate advertising, commonly referred to as "spamming." Accordingly, you may not promote your site via unsolicited commercial e-mail (UCE), postings to non-commercial newsgroups, or cross-postings to multiple newsgroups at once. In addition, you may not promote your site in any way that effectively conceals or misrepresents your identity, domain name, or return e-mail address.

If I were Amazon, why would I pay 10-15% margin to someone who has not really promoted the product, but has hijacked the links?

They also probably violate this portion of the operating agreement.

We may reject your application if we determine (in our sole discretion) that your site is unsuitable for the Program. Unsuitable sites include those that: promote sexually explicit materials promote violence promote discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age promote illegal activities include "amazon" or variations or misspellings thereof in their domain names otherwise violate intellectual property rights

Re:Has anyone asked Amazon about what they think?

[fonebone]

promote sexually explicit materials ... otherwise violate intellectual property rights

well morpheus isn't really a website promoting anything, but more like a search engine. google links to shopping sites even though you can access porn links with it, and i guarantee they don't consider google an innapropriate website.

nonetheless, i think you're right that amazon would never be okay with this. i think, though, that their usage policy probably would have overlooked such an abuse, purely because it's actually quite inventive. I think it's the most clever idea since the AllAdvantage cheating programs. Don't you wish you could get ahold of this program, set it up for your amazon reseller account, and install it on the computers of your friends and family? i mean, it's not like it makes a real difference to anyone, except that their friends make a couple of easy dollars.

Vendors taking liberties with your configuration

[Bruce+Perens]

TurboTax and Quicken install advertising icons on the user's desktop. A whole bunch of Windows applications do that, often icons for Internet providers, but in the case of TurboTax and Quicken they install icons for banks.

These folks really must think that they own the user once the user buys their product, becuase even a "respectable" company like Intuit doesn't seem to have any problem with monkeying around with the private parts of the user's computer for their own purposes. Certainly those icons are paid placements.

Bruce

It's called FRAUD

[erc]

If I were Amazon, I'd be going after both the affiliates and Morpheus - this sort of thing is called fraud...

I knew it!

[Dynedain]

I saw something doing that (wierd long url and instant redirect) when I was browsing, esp. when I went to register.com.......I figured some piece of software I had was doing it (figured it was DivX 5 though).....now I know

Another reason...

[NanoGator]

... I use Opera. Although if too many people start using it, I'll haveta find something else.

Re:What's a 10?

[chronos2266]

If this is a 9, I'd hate to see what the submitter considers a 10.

Microsoft.

Re:What else do people expect?

[rjamestaylor]

It's free software after all, how else are the developers supposed to make money?

Yeah, I mean it's not like they aren't providing a service. I mean they're helping people get their music for free, 'cause, you know, music is just digital but programs are, well, they have themes and skins and stuff.

Oh, the irony. Someday I suppose Morpheous will join the BSA and enforce their rights to takeover your browser. That'd be cool.

Sigh...

[Anne_Nonymous]

More evidence that people suck.

Unauthorized Access

[libertynews]

If I were a user of Morpheus I'd be looking at filing charges for cracking my computer and using it for unauthorized activities. Companies conducting business like this need to be naild HARD. Teach them a lesson and make an example of them.

And what about the programmers who wrote this 'feature'? Who are they? I wouldn't be opposed to blacklisting them, or at least smearing their names across the headlines. This is sleazy and unethical and shouldn't be tolerated by the rest of us 'respectible' programmers.

Brian

Like KaZaA?

[Xenex]

Reminds me of a report about KaZaA around the middle of last year. The TopText 'spyware'added yellow links to some words in Internet Explorer. I never dealt with it first-hand, but it sounded very annoying.

Is Morpheus' latest effort at all related? It seems to be based around thr same idea, however the idea of being redirected sounds worse. For exanple, does it work that if you type say, http://www.google.com, you arrive at AltaVista?

What is it with crappy (ex)FastTrack networks and I-can-believe-it's-not-trojan software?

you reap what you sow

[LiquidPC]

On a horrible scale of 1 - 10 for sleazy business practices, I rate this a 9.

Almost as horrible as stealing Intellectual Property from musicians?

Re:you reap what you sow

[kubrick]

I would have thought Morpheus users were stealing intellectual 'property' from record companies, who had already stolen it from the musicians.

Just remember, 'Property is theft' (Proudhon).

Are you insane?

[ergo98]

If software which does this sort of sleezy tactic put as a clear, easily obvious disclaimer "You are indirectly paying for this by allowing us free reign over your PC", then I'd wager that about 5 people on the planet Earth would actually install it. Instead, however, companies that do this sort of tactic either sneak it in entirely unintended, or they hide the details 40,000 words deep into a EULA which they know that no one reads, all the while promoting their "free" software. Why stop at redirecting the browser though? I mean surely there's some worthwhile nuggets of information on that harddrive somewhere that could be sold to the highest bidder. All's fair in the land of free software, right? (Why say just free though? Using this "anything goes" justification, anyone who believes that they are providing a more valuable service than they are charging can go nuts)

This sort of activity is atrocious, and I don't see how these people aren't facing the same punishment as the Kevin Mitnicks and Melissa virus writers are. Without any doubt there is a serious need for either a technical solution (one could say that it exists by way of Java : Sandbox every application to ensure it has no rights outside of its little world. The .NET Framework supposedly offers this but I wouldn't trust it until its evaluated and proven) or a legal solution. It's obvious that a "Dirtier-than-thou" cat fight is taking place with every sleezy vendor out slimeballing the next.

mozilla.org

[mark_lybarger]

go there, get your copy today! this has got to have some lawyers in a frenzy, but really when you're the crack dealer selling to HS kids, is someone really going to suddenly pay attention now that you're lacing it with some heroin?

No...Thats...

[Robber+Baron]

...Business 101 - try really , really hard to piss ON your customers!

Sad, but not new

[ziriyab]

I saw something similar a few weeks ago. A friend asked me to take a look at his computer. He had started getting bombarded with porn ads for no reason. I fired up his IE and found out that his home page had been switched to a site that redirected him to his old home page, but not before popping up a bunch of porn windows. The process was invisible to him.

What's worse is that it had somehow also managed to make it impossible to change his homepage from within IE (the fields were grayed out.) After a quick registry hack he was porn free

Anyway, as long as there's a way for people to make money off the swiss cheese that passes for software security, they're going to do it. The sad thing is most people don't know how to stop these things. The sadder thing is that most people don't remember a time when the internet wasn't about making money (when people were boycotting web sites with banner ads) and don't think there's much wrong with these tactics.

Re:after reading that article...

[graveytrain]

Indeed, the article painted a much different picture than that given by /. It seems to be that this whole issue is actually reversed -- the browser doesn't visit a commerce site in the background - it visits a 'counter' site when you visit a commerce site.

>Thus, when a file swapper visits a site such as
>Radioshack.com, eBay.com or a handful of others,
>their computer visits a separate site behind the
>scenes before loading the final destination site.
>Those separate servers, run by marketing
>companies including Be Free, count how many times
>Morpheus users stop by.

This isn't exactly what the headline lead you to believe...

So don't use IE...

[jdreed1024]

I should get some mod points for that subject :-)

Seriously though, the article says it can only affect IE. This makes sense, given that it's easier to do sneaky things in the registy and elsewhere which, while invisible to the user, will cause drastically different behavior in parts of the operating system, like IE.

Aren't you glad you use Netscape? Don't you wish everyone else did?
(apologies to the old Dial ads)

Re:What else do people expect?

[Mr_Matt]

I won't even be suprised when they start inserting ads into your fave linux distro.

Aaaugh! That'd be the end of the world! Oh no, wait, I have the source code to my fave linux distro, I'll just take those ads right back out.

Ah. Problem solved. You were talking about...stupid?

Sheesh. :)

More browser scumware, and how to remove

[heretic108]

While visiting astalavista to, um, get a serial number that I'd previously lost from a program I'd bought, I followed a link to a site http://www.cracks.am. When I clicked on the link to download the serial, a dialog popped up asking for my permission to install a program from C2 Media, and certifying that the program had a certificate from Verisign.
Stupidly, I clicked yes, and promptly regretted it. A whole day of browser abuse followed.
* My desktop got taken over by an 'affiliates' homepage
* My desktop got swarmed with icons for adult and gambling sites
* If a site took a long time to load, or got a 404, my browser would end up at the portal http://www.lop.com, part of the 'affiliates' network.
The program didn't leave a listing in the add/remove window. It wasn't in c:\program files.
It had buried itself deep into my windows folder.

Instinctively I searched my disks and registry for lop.com and removed all references. No cure. My browser still kept going to lop.com.

My only cure was radical action. I ran Win2k in a VMware box with disks set to non-persistent. Immediately before saying 'yes' to the installation, I ran the 'InCtrl' install tracker program. Thank God for InCrtrl - after the install was done, I had a list of all files added by this nasty piece of scumware, and had the utmost pleasure in removing it once and for all.

Slashdot should do something similar.

[CaptCanuk]

Screw subscription based system for Slashdot. Just make up interesting articles and put them in the headlines and get the company involved to pay for being a referrer. Slashdot viewers would see great articles like this: Windows XP Home Page: Which Edition Is Right for You? and Target's Deal of the Week. In return, Microsoft and Target pay $0.01 a hit or something. CmdrTaco could retire in a few days!

It's like hijacking hits, but with the slashdot effect.

I just uninstalled Morpheus...

[wadetemp]

...both the original version and the preview. Good ridance.

Exceeds authorized access

[Animats]

Somebody really needs to file Federal criminal charges on this. This clearly "exceeds authorized access", as defined in the Federal computer crime law.

Re:What is the plus side to using Morpheus?

[Ian+Peon]

Heh... I wonder what website a Morpheus user would find himself at if he clicked here.

Bearshare does this too

[rufusdufus]

Installing Bearshare also installs two secret spyware apps. One of them does a similar redirection, but is especially evil because it bypasses firewalls like ZoneAlarm. More information about this at cexx.org/newnet.htm and lots of related stuff at the root cexx.org

Re:Bearshare does this too

[mr3038]

Installing Bearshare also installs two secret spyware apps.

Yeah, but I was able to figure this out! The dialog in question presented during installation has following checkboxes:

• BearShare
• BearShare Desktop Icon
• SaveNow
• New.net Domain Names
• Desktop Shortcuts: Links to Great Products
• n-CASE Ad Delivery System

Simply uncheck everything else but BearShare and there's no spyware. To be honest, if you couldn't figure out which of those you need then I'd suggest you to sell your PC and purchase Xbox or PS2 instead.

("Secret spyware" that was mentioned contains New.net and SaveNow)

Delete Morpheus

[Von+Rex]

First, they took an open source app, Gnucleus, and repackaged it as their own, adding nothing while actually degrading the software by adding popup ads.

Second, they started banning from their chat room anyone who mentioned this fact and posted the url to Gnucleus.

Now, they're installing scumware in order to control your browser for their own profit even while you're not using Morpheus.

Anyone left who still wants to argue with me about whether or not Music City is a company of degenerate sleazebags? Anyone who still disagrees with me that the proper course of action is to delete Morpheus and install Gnucleus immediately? (at least until something better comes along).

BHO Files

[ImaLamer]

I hoped the Morpheus name would help gnutella network along but maybe not...

... although I have installed this "Preview Edition" I ran a piece of software and could find no BHO files other than Norton's and Adobe's.

So... my question is where is the spyware?

Re:BHO Files

[ImaLamer]

Better yet,.... send me where in the source code the spyware is.

Probably not acceptable to Yahoo, eBay, etc.

[letxa2000]

My guess is that this will quickly be eliminated. Regardless of whether the users are happy about it I seriously doubt Amazon, eBay, Yahoo, etc. are going to be willing to pay Kaza any money for referals that they didn't really generate.

This is like spammers embedding banner images in their spam and getting paid every time someone opens the email just because the banner was loaded. It's just running the meter and the entity being screwed is the website that is paying them a referral fee.

The article, in one part, reads: "Griffin said the technology is simply taking the old affiliate referral program to a new level. Most of the referrals will happen inside the Morpheus application itself after the new version is launched with a commerce section, he said."

Yeah, right. Most of the referrals will clearly be a result of their sneaky browser add-ons, not because anyone really pays attention to the commerce section of a P2P client. Heck, P2P users generally get as much as they can for FREE--not exactly the target market of much of anyone.

other software installed

[vlauria]

For you windows users, I noticed that Morphesus also installs a program called BDE under "\%Windows%\BDE", and it installs a Registry Key under:

"HKEY_LOCAL_MACINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run".

This key loads the program at startup. The program appears to be some sort of video codec/player.

How to disable Morpheus redirects

[Dynedain]

After reading this article (and noticing redirects being performed on my system - i thought it was something else, not morpheus) I downloaded this utility: BHO Cop which is designed to search out these nasty browser-attached proggies and allow the user to disable them. I found the culprit: bpboh.dll put out by Wurld Media, who, according to their inadequite website, claim the primary goal of their business is to help companies be profitable (very ambiguous, don't you think?).

Well, I disabled the .dll w/ BHO Cop, relogged in (WinXP) and low and behold, when I go to amazon.com, I end up at the root page rather than a referal page deep in the system.

So - download and run BHO Cop now! who knows what else you might find (Acrobat seems to have dumped something as well)

Re:How to disable Morpheus redirects

[Dynedain]

Wait, it came back (not the "plugin", the redirects). Morpheus is going to be unistalled...I'll post an update.

Re:How to disable Morpheus redirects

[Dynedain]

Yep, the original article at Newsbytes confirms the software is bpboh.dll by Wurld Media

My removal was successfull, just make sure to completely reboot (instead of relogging on)

Lavasoft's AD-AWARE will Remove this thing for ya!

[EMR]

goto http://www.Lavasoft.com and download ad-aware and the latest ref update and have it remove all your spyware from your computer..

Download Limewire!

[MillionthMonkey]

Limewire is good. But don't download its Windows installer- that has spyware in it! Instead: install a JVM on your computer, then go to Limewire's page for alternate OS downloads, select "other" as your operating system, and run it using the JVM, without all the crap they bundle in. Most spyware is Windows-specific.
Yeah, it's a shame that P2P only became popular recently, in the age of the MP3. If it had been invented 10-20 years earlier, with RFCs, and had the stature of, say, FTP, people would be thinking of it as a fundamental part of the Internet. Instead we have this horrible situation, where anyone who uses a P2P client is presumed to be a freeloader or a criminal. P2P deserves better than a bunch of spyware-loaded clients that block each other's users from their own networks.

Method to remove Morpheus spyware

[jonearth]

The new Morpheus marketing program is based on a technology called browser helper objects (BHO), which attach themselves to Microsoft's Internet Explorer browser

The Morpheus spyware is just a .dll that will be loaded every time your Internet Explorer starts. It is registered in the windows registry.

So this bho spyware can be removed by using bhocaptor . Bhocaptor displays all bho that are registered within windows registry. So, what you need to do is to select Morpheus bho(a .dll file) and then deactivate it.

As bho is an Internet explorer technology, those who are using netscape or mozilla should be immune to this spyware.

Grab a pal, it's /. analogy hell!

[teamhasnoi]

Well, here goes.

This like you asking a guy for directions to the "Stop and Rob", but he gives you directions to his brothers store, "Grab and Run". His brother lets him live in the basement of his house, because he sends lots of business to the "Grab and Run".

You wanted to get some YooHoo but the "Grab and Run" doesn't have any, and you were going to shoplift it anyhow.

Doubly pissed, you report the "Grab and Run" to the authorities (you saw a rack of VCRs in the back room, making copies of Asian snuff films.) The cops come and arrest the owner and throw his ass in jail.

After looking up the address of the "Stop and Rob", you head over there. The brother of the now jailed owner sees you, beats you to the ground, and takes your wallet. In your wallet is an I.O.U. from your boss to an employee that works in the same row of cubes as you. Your wallet is gone, and so is your mugger, so you get up and run over to the "Stop and Rob".

You ask to use the phone, and while the clerk is hitting on some drunk chick with a feather boa, you steal your bottle of YooHoo.

1. Before anyone responds to this, I might add that this analogy is far better than all the "I buy a Ford; they won't let me play my radio" analogies, on so many levels. Also, this post is not offtopic! It is a comprehesive analysis of the current Morpheus situation. Thank you. You may return to your duties.

Oh dear...I really should have renewed my domains.

[Bowie+J.+Poag]

And to think I actually -owned- streamcast.org for a while. Yeesh.

Re:anyone use the BHO cop?

[Dynedain]

I just did to remove this....

checkout my post on it: 1 post before you

It worked well, and even told me the name of the dll so I could go delete it myself

From the Download Page

[Screamer49]

Taken from download page of Morfeus:

"This ad-supported software includes technology that will serve banner advertisments through the program interface. Morpheus also includes BuyersPort, a shopping portal that may log your IP address, track surfing habits online, and share aggregate user information to third parties. For more information, please refer to BuyersPort's privacy policy."

spyware, how to tell?

Ok, we know that morpheus is spyware. Would anyone mind telling me how to find that out? I have a few programs that i would like to test and see if they are whispering behing my back

Re:No problem for me

[mlk]

And you have installed Morphous on your net-unaware computer? :)

Mail Sent to EFF, CAFE

[plaidfishes]

I have sent the following message to Robin Gross of EFF.

Dear Ms. Gross

I am writing to express my concern that my attempts to financially support EFF have been stolen by Morpheus and similar companies. I have long been careful to use the Amazon Affiliate Button on your front page for all of my book purchases. I have felt that doing this combined to support what I believe in simply and effectively. Since my purchases have been well over $1000 per year for at least the last two years, I know that it has to have been worth at least some money to EFF.

It has recently become apparent that Morpheus et al. have been placing software such as TopText and other scumware on users machines. These programs have the sole purpose of rewriting affiliate links. This effectively redirects the financial benefits of these links to the scumware operators. To put it bluntly, this is theft, no different than if they had taken the affiliate checks and written their own names as payee.

I have supported the EFF for years. I supported Morpheus partly because of EFF's support of them. But I am frankly disgusted by this turn of events. As the Director of the Campaign for Audiovisual Free Expression, and a staff attorney for EFF for Fair Use and Intellectual Property, I believe that you may well be the single best person to let them know they have gone too far. To take a principled stand on Fair Use is one thing. To pump ads to users while using the software is also perfectly legit. To actively steal revenue from other people, companies and organizations, even after the user has supposedly removed the software, without notice is simply beyond comprehension.

Sincerely

Walter Williams

Excuse me...

[metacell]

... but this is a storm in a waterglass. I must point out what the article actually said and didn't say.

The article said that StreamCast will:

1. Redirect users to another site to collect usage statistics before sending them to the site they wanted to go to. This might be seen as invading people's privacy, but no personal data will be collected, merely usage statistics.

2. Put up a shopping section in Morpheus. That sounds perfectly legitimate to me.

3. Put referrals to online stores inside the browser window in some unspecified manner.

Please note that 1) and 3) are two separate points. They won't redirect you to another site when you're trying to go to Amazon.com, and then claim the referral bonus. The redirection is only for collecting usage statistics.
And the referrals inside the browser window have nothing to do with the redirection.

There's nothing in the article saying that StreamCast will hijack other people's referrals.

There's nothing in the article saying that StreamCast will pretend to refer people to sites (like Amazon.com) when they go there themselves.

Re:Excuse me...

[AnalogBoy]

Slashdot requires sensationalism such as this to keep up it's reader base. I propose one of the following is true:

1) The editors are complete and total idiots.

2) The editors are actually brilliant businessmen who know how to tool their audience into a frenzy, keeping them addicted to the forum, where they return to the page every x minutes/hours to continue their bitching/arguments/debates/conversations/firstpost ing/trolling to their hearts content all the while racking up $$ in ad revenue.

I'll let you be the judge.

Re:Excuse me...

[metacell]

"The editors are actually brilliant businessmen who know how to tool their audience into a frenzy, [...] all the while racking up $$ in ad revenue."

Aha, so it's not really StreamCast that collects ad revenue through sleazy business practices, it's the Slashdot editors!

The conspiracy goes deeper than I thought...

(Just joking here, AnalogBoy. Your point is valid. A lot of the Slashdot articles are way too sensationalist.)

Re:Excuse me...

[Elvis+Maximus]

There is a third possibility:

3) The editors started this thing on a whim and lucked out when it became popular enough that they could make a living doing it. But they're not professional editors, publishers, or fact checkers, and they're not particularly interested in those things. And with a few thousand people critiquing every story, no amount of sloppiness goes unnoticed.

Just throwing it out there.

let's play with this...

[gregor]

I played with a few URLs, and here's my findings:

www.ebay.com

links to http://www.qksrv.net/image-280514-220264, which has an instant redirect to pages.ebay.com. I played with this in netscape 6.2 and lynx, and they still directly put me towards www.ebay.com. There is definitely redirection occurring here.

www.amazon.com

links to http://www.amazon.com/exec/obidos/subst/home/home. html/104-9801158-34639, while netscape and lynx go similar (but not the same) page in the same sub-directory tree. I'm not sure if there's a url redirect occurring here.

www.barnesandnoble.com

In IE, goes to http://service.bfast.com/bfast/serve?bfmid=2181&so urceid=21425507&categoryid=rn_home, then redirects towards a barnesandnoble.com redirected address. Netscape and lynx still go straight the low level barnesandnoble.com address. There is also definite, blatant redirection occurring here.

So, there you have it- out of just three simple checks, Morpheus went and screwed with two of them. I'm getting this crap off my machine and installing a better gnutella client.

Re:let's play with this...

[sfe_software]

Hm, this invalidates my previous conclusion. I thought maybe this was being blown out of proportion, and I figured by "referer" they simply meant the HTTP_REFERER was being mucked with.

However, I know that "qksrv.net" is (IIRC) Commission Junction, which tracks affiliates. Note btw that CJ's functionality relies on your browser setting/sending cookies to a third-party server (something all non-IE browsers let you disable), but that's beside the point.

Every day I find more reasons I'm glad I stopped using Windows and MSIE...

Re:Sleezy, but no point in Morpheus anymore anyway

[ender81b]

Exactly. Why the hell are people using it anyways? Go here to download the spyware free and opensource version.

What Happened to "No Spyware"?

[dugless]

Didn't Morpheus' just recently (as in last month) contain a prominent "no spyware" logo?

That sure didn't last long.

Delete the plugin

[Otis_INF]

The plugin is likely to be found in the directory:
\winnt\downloaded program files\
where al the IE plugins are stored. I don't know the correct filename, but you should first de-register it from the registry by using regsvr32 /u filename and then delete it from the dir.

Even easier

[Arker]

Download IEradicator and get rid of that POS for good.

Item 3 is the problem

[plaidfishes]

TopText is KaZaA's version of this mess so I assume Streamcast is doing basically the same. Specifically, it reads the HTML coming through and does two things. First, any link to an affiliate program it recognizes gets rewritten so that the referal ID is TopText's NOT the site which provided the link and content. Second, the text is searched for keywords which are then rewritten to be links again with a refer ID for TopText. This is the source of the so called Yellow Text links.

The first one is theft pure and simple. The people like me who write the site are trying to get paid by putting the link there. KaZaA, Morpheus etc are simply stealing scarce and hard earned money from others. The second activity might barely be legit but not likely. For example, if I linked "Buy your books at BN" with my referal ID and TopText then grabbed "books" to point it at Amazon, I have still been robbed.

If my sites didn't make at least some money off the links, they would disappear when the hosting bills come around. For all the screaming about /. subscriptions, how bad would it be if all the ad revenue disappeared because Morpheus and KaZaA stole it? Now think about all of the free sites out there trying to live off the referal ads. They will all die if scumware like this becomes standard.

Re:Taking food from the mouths of starving childre

[rudy_wayne]

"Shopping sites in general, as well as many other public sites that depend on referral revenue to operate will lose money as a result of this,"

What utter nonsense. A business is supposed to make money by selling a legitimate product or service. If a significant portion of your revenue comes from "referrals" and not from the sale of a legitimate product or service, then you deserve to go out of business.

Re:Sleezy, but no point in Morpheus anymore anyway

[Suppafly]

there are native gnutella clients that run natively under nearly every operating system.. its kinda dumb to run one under wine when you can run it natively.

the next step for morpheus...

[mardoen]

... will certainly be the one where the company sues everybody stating these obvious facts in public message boards (like slashdot).

kchhrr.

You are missing who this really hurts.

[Chetmurray]

To hell with the idiots downloading porn or warez.

This affects website owners. Many small websites make ends meet by their affiliate links. This will steal that money away. This is one of the few way small webmasters can make money - short of begging.

And aren't we all sick of the virtual begging cup by now? Don't let the last legit way for sites to make money be destroyed. Sites that don't have traffic for banner ads sales, need these sales. They need this income. If this takes off, it will wipe out small sites everywhere.

As an example, look at http://www.gonegold.com

Informative helpful website. IGN pays them squat. But they do make money on their affiliate gaming links. Take them away and who will pay the site's bandwidth? That is the real issue, that is the real fight. And for some smaller sites, this really is a fight for their survival.

By the way- what is the implications that the only thing you have to agree with when installing morpheus is the gnu license. their is no mention of this spyware(even though it is installed).

Chet

This is the same issue...

[wedg]

...that comes up all the time, particularly with reguard to virii and warez. If you can't trust the software - don't install it. When you run any .exe in Windows, you accept that you do not know that it is going to do - at all! It may format your hard-drives, and mail all your porn to your mother.

So, if you don't want all the crap, don't use software you can't trust. How do you know if you can trust it? Well, you could audit the source code and compile it yourself. You could write the software yourself. Or you could get the software maker to sign into a legally binding contract which says that their software will not do anything but its primary intended use (for Morpheus, this would be stealing music), and that they must disclose everything that it's going to do to your computer. Fat chance of that.

What do I do? I run Linux. I only login as a unpriviledged user (I have access to my home directory, that's all.) All the software I install I only install into my home directory (again, as the unpriviledge user.) I'm the sole user of my machine - I don't need to be putting it in /usr/local for others, so I never need to log in as anything but that unpriviledged user.

The security then isn't perfect, but strangely enough, most open source projects don't include spyware/scumware of any sort. So I don't worry about it.

Running any priviledged executable is the ultimate shrinkwrap EULA, saying, "I give you permission to do what ever you want to my computer." We'd all be a little better off if people were more paranoid about their computer - but if they don't mind untrusted software messing around, who am I to stop them? Maybe we'll get lucky, and the next version of Morpheus or Kazaa will automagically lock out any user that downloads it. That would provide a nice lesson. Would it be a virus? Well, you chose to download it and run it yourself. So, I say no.

What do you think?

You need to see this spyware crap at it's worst.

[grundie]

I'm a sysadmin in a large call centre which used to tolerate a certain amount of personal use of it's computers. One of the main helpdesk requests to the IS department had was for ghosting's of computers which had been so f**cked up by various bits of spyware. The worst offender by far was Save Now, getting it to uninstall was a pain and even when you did think it was gone, it would reappear sooner or later. We firewalled the Save Now website and any addresses the app connected to to and rather than die after 2-3 attempts the plugin would thrash the firewall contiuously trying to make a connection. We also came across a particular nasty spyware app which had no visible front end but would randomly redirect you to a porn site, thankfully we had Super Scout installed which blocked 99% of porn sites. However this didn't help the poor employee who unknowingly had this crap on his PC as he though he was going to be sacked for looking at porn (we have always had a very, very tough line on porn).

Most of the spyware on the computers was not intentionally installed which is what made it worse. The last straw for us was when we discoverd a Win98, 1ghz Pentium with 256mb RAM and a fast hard drive taking 15 minutes to start as it was loaded with so much spyware/plugins/rubbish and they all wanted to start simultaneously, running a packet sniffer on that particular machine showed that spyware was using over half the bandwidth available. We locked down the network after that barring access to anything known to inolve file sharing, plugins, spyware etc. However there is an interesting side note, we had a retained lawyer with IT specialisms, aparently the UK Computer Misuse Act makes it illegal to alter the contents of a computer without getting the users authority, which was interesting.

It's bad enought these spyware app's stealing money from deserving small websites and let's face it users as well. You just need to see the damage they can do to networks and computers as well, I can see a lot of sysadmins becomming very angry if these sort of applications get more sneaky and nasty in the way the operate.

Re:Time to check the facts.

[sfe_software]

Maybe I'm reading it wrong, but I took 'refer' to mean simply the HTTP_REFERER header:

...StreamCast can make it look like it is referring traffic...

That simply sounds like, due to a meta or Location: redirect, the browser sends their website as the HTTP_REFERER, thus appearing that they are "refering" traffic, not using an affiliate/referral program.

I could well be wrong... but my first reaction was the less paranoid conclusion. I'm sure if they were actually hijacking affiliate links there would have been a lot more fuss about it by now.

Show me a clean P2P program.

[Bender+Unit+22]

I have played with a couple of them.

Limewire has spyware/adware hardwired into the program, at least in the Windows version. Re-apearing Reqistry keys shows this.

Seems to be possible to run BearShare without all the snooping. But 3rd party crap is included and you must be careful not to get it installed..

A bit offtopic but still on the subject of spy/adware.

Now even my Logitech comes with a lot of crap that when you try to install their drivers, you have to read carefully right to the end what the diaglog boxes says and even after avoiding all their "helpful" programs there seems to be one or two programs running in the background that you can remove without it having any impact on the functions of the mouse like the webwheel etc. witch by the way will have a date with my packet sniffer one day, I'd be surpriced if they didn't do some monitoring.
That Logitech was really too much, they REALLY tried to shove a lot of junk down your throat. Which made med loose the last ounce of respect for the company. I am a user who knows what to look out for, but I'll bet that 99% of the mouse buyers just answers yes to it all.

Re:Show me a clean P2P program.

[Graspee_Leemoor]

"witch by the way will have a date with my packet sniffer one day"

Hey, this is slashdot. Lots of people have dates with packet-sniffers. Hell, lots of the readership *are* packet-sniffers.

graspee

I suggest

[jgerman]

...that everyone who's running Windows pull this little proggie down from cnet:

BHO Cop 1.0

I ran it this morning and don't seem to have bee infected by their fraud so I don't know what the BHO looks like that belongs to Morpheus, but this app looks pretty helpful.

Re:Morpheus is crap

[Queuetue]

PS. EMI report today that due to falling profits, they're laying off 1800 people. That's eighteen hundred people who have lost their jobs, because of shit like Morpheus allowing easy piracy..

Right. Either that, or the fact that the economy is in the toilet and people aren't buying CDs. We're not really sure which. Let's allow the media empires to make some broad-reaching laws that limit consumer control just in case that's what the cause is.

First, using anyone's work without compensating them in the manner they dictate is immoral and illegal. Software, music, art, etc. PAY FOR THE MUSIC YOU LISTEN TO. Hopefully, pay the artist directly. If necessary, pay thier broker or distributor. But pay, or don't use the work.

Second, listening to music doesn't cost anyone anything. It just doesn't provide the revenue expected. If I just didn't listen to music, would that be costing those people jobs? I can't be held accountable for the effects of NOT buying something, can I?

If EMI cared about those 1800 people, they would take a 10% salary reduction across the executive level. I doubt they did. In reality, I assume the market is slower, technology is better and LESS PEOPLE ARE REQUIRED to do the same job than last year. If you don't need personnel, you let them go.

Re:Gnucleus - no Linux version.

[EpsCylonB]

As I've said before, 95% of the readers of Slashdot are just wanna-be Linux users, who use Windows cos, Oh, using Linux on the desktop is just too tricky in todys world.
Can't someone port it to KDE/Gnome?

If your such a real hardcore linux geek, and better than 95% of the slashdot readership then surely you would be able to port it to linux yourself.

Re:you get what you pay for.

[Graspee_Leemoor]

A web browser or an ftp client allow you to steal music and porn. Blank paper and a pen allows you to steal sheet music, books etc.

There is nothing illegal or wrong about p2p software, it's just another way of transferring information.

graspee

how do I see if IE has this "BHO" installed?

[BroadbandBradley]

I work support for an ISP and gets LOTS of calls abou not being able to browse because of these types of apps, like webhancer....webhancer shows as a running program whagent...how do I see if a customer has this new marketing helper installed/running?

at the end of the day, it's great to go home and fire up my mozilla browser, sometimes it feels real good to be unsupported.

Re:Vendors taking liberties with your configuratio

[Jester99]

There's a difference, though.

In Intuit's case, they're trying to be helpful with targetted ads ("If you need a tax program, maybe you need a bank -- try this one") and they're obviously being open about it. Shortcuts on the desktop do not bug me. Highlight - click - drag - delete. (And ideally, this should be lowering the price of the software... fine by me.)

What does bug me is when a program silently installs something named 'cdload.exe' or some other important driver-sounding thing in the background which randomly pops up IE windows every 30 minutes or so, and really confuses the heck out of me (especially when I didn't have IE running in the first place!).

To me, "monkeying around with the computer" really means surreptitiously installing boot-time-start daemons which consume resources and spy/spam/etc actively, not just throw a few links around....

That's the difference between scumware and just selling "sponsored links".

I rest my case

[rossjudson]

See Fair Software Installation here on SlashDot. This is just the tip of the iceberg -- many, many applications will do this kind of thing. You CANNOT rely on the "good will" of software authors any more. There must be a technical and legal framework in place to prevent these kinds of abuses.

A sense of proportion

[Sebbo]

In the world that gave us the Bhopal disaster, the Sonny Bono Copyright Extension act, and the conditions of migrant farm workers, I have trouble rating browser redirection more than a 4.

Re:Wait Until the ISPs Install It

[MaggieL]

This is the slippery slope you step onto starting with "it's OK for an ISP to implement a web cache".

Why an ISP should be permitted to modify, redirect or do *anything* to your traffic other than move it to its destination escapes me. I heard lots of handwaving about how OK it was from my ISP when they installed a webcache, but it was basically a load of hooey intended to justify degrading my service and pocketing the profits they made from doing so.

I do not trust Morpheus

[DavidBrown]

I installed the latest version of Morpheus, and like the bad Internet citizen I am, I did all I could to limit file sharing. In fact, I deleted every directory off the shared directory list. Yes, I fully admit to being a hypocrite who downloads stuff and doesn't share his own.

So what happens? After running Morpheus for a couple of days, I note from Zone Alarm that I've uploaded about 600Mb through Morpheus. How? The hell if I know. Maybe by deleting all of the shared directories Morpheus decided I wanted to share my entire hard drive.

What was uploaded? I have no idea. If were paranoid this would frighten me.

An now someone says that Morpheus can redirect my web browser. Shudder.

I'd like to see you do better!

[Sloppy]

Fuckin' picky judges! The Morpheus people work hard on this, and still you leave them with bitter disappointment. What does it take to get a perfect ten?!?

I've seen that...

[BLKMGK]

Read the license closely - you agree to have your search page, your home page, and your favorites HiJacked when you install that crap! In my case the ActiveX applet was NOT signed by a cert that my browser trusted. Needless to say I skipped their "download applet" and went elsewhere. Lot's of P0rn sites are popping up dialogs asking to be made your home page - on one case I saw the dialog had been modifed to say "click yes to proceed". I didn't fall for it but I know someone who did...

A woman I know who has several young kids did a search for "puberty" and when following a link she got into a pop-up site. She must've hit "yes" to one of the dialogs because her homepage was now smut - not that the "Yes" button has default focus. She was in tears by the time I got her straight, she was deathly afraid her kids would see that crap before she could get it fixed. (sigh) Some of this stuff is REALLY sleazy and it's getting worse...

I now use Serials2K instead of going to Asta when I need a number. It has the added bonus of allowing you to input your own serials and store them in an encrypted format. Can be ported to a Palm too!

How to write your very own scumware

[TheTomcat]

Documentation on Browser Helper Objects (BHOs) at MSDN.

S

errm Not seen a single instance

[Archfeld]

of redirect since I installed the preview client.
BHO Cop as well as Ad Aware do not find anything.
There were a couple of things I replied no to and I did a custom install.

Re:Vendors taking liberties with your configuratio

[j7953]

These folks really must think that they own the user once the user buys their product

Well, maybe that's because they effectively do own the user? Operating systems are still designed around the idea that any application has all priviledges the user running it has. This is a good idea if you have small tools -- e.g., cat may read all the files that I have read permission on. When you have larger applications, like a complete office suite, this solution is somewhat less good. Once the user installs software from the internet, this design is a fundamentally flawed one.

Users expect that e.g. on a UNIX system, cat will only read files, and therefore it is a perfect idea to let cat read all files that the user has read permission on. The user's perception will be "I may read this file," when technically it is actually "software I run may read this file."

As soon as the user installs software that does things they don't expect, because the software doesn't advertise all of its functionality, this model breaks. Most users won't even find out, and if they did, they'd probably ask "why is Morpheus allowed to do this?" The user will no longer have the perception that he is doing things, and will have to realize that actually it is the software doing things. The operating system however is still designed around the idea that everything the sofware does was intended by the user. (No, I don't have an idea for a better design.)

Re:What else do people expect?

[jred]

Yes, you do have the source, and you could remove the ads. I wouldn't. Knowing that most linux users hate ads almost as much as paying for anything, I can't imagine a linux distro putting ads in unless it was absolutely necessary. If they need the money that bad, and I'm using their "free" product, I'll look at ads. Even click on some.

Maybe that'd be a decent way to differentiate between d/l iso & boxed sets.

So anyway, smarty-pants (since we're resorting to name-calling). How would *you* make money off a free product that no one pays for? I love Linux, and try to support it in any way I can. And I doubt any *theoretical* distro ads would be spyware.

Whatever.

Re:Sleezy, but no point in Morpheus anymore anyway

[athakur999]

Are there any Linux clients that support multi-source downloading other than that hideous blob LimeWire?

That's my main reason for trying to get Gnucleus working under Wine :)

Speaking of which, Bartok, how'd you get it to work? Did you have to copy any native DLL's, etc? I can get Gnucleus to come up, but the search bar is missing... It's not much use without that :)

Re:Sleezy, but no point in Morpheus anymore anyway

[zmooc]

It's not even a clone - it's a fork. They didn't even bother to rename the directory in which the source is - it's called gnucleus2 or something:P

Re:You need to see this spyware crap at it's worst

[TheAwfulTruth]

Uh... any competent network admin would be using the 98 administration kit to lock down all client machines on the network so that no software cannot be installed and run without the admins permission (The IEAK works the same way for IE).

I hear of "networks" having this problem and I'm flaberghasted. Whose running these things? This is a non issue if the IT department actually did their jobs!

Why Can a Plugin Even Do This?!?

[Royster]

I want plugins that will display content that the basic browser does not. The browser should pass unrecognized content to the appropriate display engine and provide it a wondow to draw into and the plugin should display the content in the window.

WHY CAN THE PLUGIN ALTER BASIC BROWSER FUNCTION?

This has got to be a huge security hole just waiting to be exploited.

Diversion of affiliate link = loss of free content

[markwelch]

By "hijacking" the affiliate referral links from content-based web sites, Morpheus and other "parasite-ware" seek to remove one of the few remaining revenue sources for content sites, and thus it directly threatens the availability of certain types of free content on the internet.

If it looks like c|net is taking a stand in this article, perhaps it's because c|net's reporters will lose their jobs if c|net can't generate income through affiliate links. Note that many of the banner and button ads you see on c|net and other web sites (probably including Slashdot) are actually affiliate links -- the site is not getting paid unless sales are generated and tracked to the content site.

When Morpheus or any other app checks the URLs and replaces other affiliate codes with its own, Morpheus is trying to take revenue from someone else, without providing any benefit to the consumer or anyone else.

The good news is that most affiliate managers refuse to pay commissions to any "affiliate" who uses "predatory methods" like this. The affiliate managers realize that smart affiliate sites won't do business with any merchant who pays the "hijackers" in this situation.

The bad news is that if the hijacker replaces the affiliate link, even if the hijacker does not get paid, there is no way for the sale to be credited to the "real" affiliate. The hijacker is also likely to mis-manage the multiple redirects that often happen when a link passes through two or more ad servers (common with affiliate links that look just like paid banner or button advertising).

In the end, if these predatory software tools become more pervasive, content providers will lose all incentive to provide "free" content on the internet.

This issue is not unique to "predatory browser add-ins." Other content providers are threatened with loss of "the benefit of their bargain" in other ways. For example, that the TV networks have battled hard to discourage marketing of TiVo and ReplayTV as "commercial skippers" because if too many people find ways to skip TV commercials, then the advertisers won't pay the rates, and the networks eventually won't be able to spend $10 million on the next episode of "E.R."

Maybe, in the end, we just won't have advertising-supported content like we do now. Certainly, the current revenue model isn't working to pay the salaries of content producers: even with intrusive pop-up and pop-under advertising, and rows of banners and buttons, big content sites often earn net rates of a few pennies per thousand visitors, and some earn only a few mils (tenths of a cent) per thousand visitors. Those earnings might be enough to cover the server and bandwidth costs, but not to pay a single part-time reporter's salary.

So maybe in the end, the only free content will be sponsored directly by big corporations, who have good reason to pay to control the content and viewpoints of the news we read.

Or maybe some of us will break down and start paying for web content, if only someone would come up with some workable mechanism to allow micropayments (payments of a few mils or a penny to view a web site for a day, or to read an article).

Re:buts its open source

[Scoria]

Heh heh, it's only open source because they've modified the Gnucleus client to contain the Morpheus artwork and assorted "hidden functionalities" (I doubt that they'd distribute them as open source if they were attempting to obscure them from the public's view). The Slashdot editors accepted a pseudo-fabricated story at the beginning of the month with information about how Morpheus PE was a GPL violation. Apparently, Streamcast had not yet made the source available.

This Has To Be Illegal...

[SkewlD00d]

This is tantamount to theft and fraud. Musiccity.... what a bunch of pr0n-ad-spyware warez-mongers. Then again, blame the people that install these closed-source spyware progs. As they say, know what you're installing lest you pickup a virus.

1 - 10 scale

[I+am+Jack's+username]

> On a horrible scale of 1 - 10 for sleazy business practices, I rate this a 9 -- anonymous reader

10: fucking over billions of people (living and yet to be born) by sacrificing their only habitat for short term financial gain
9: torturing people and supporting psychotic murdering tyrants
...
much, much lower: some scum suckers leaching a few dollars with a Trojan horse

Re:What else do people expect?

[Mr_Matt]

d'oh - I mistyped. IIRC, you're the name-caller here...I believe the word "stupid" is yours as well. My use of the word was intended to show that putting ads in Linux wouldn't confound all of those "stupid" free software advocates out there, and that in fact, they weren't so stupid. As I read my original post, I see that I didn't make that very clear. My bad. But anyways...

So anyway, smarty-pants (since we're resorting to name-calling). How would *you* make money off a free product that no one pays for?

I dunno, I do actual work for a living. Try asking Red Hat, though - they do a pretty good job without putting ads in Linux. (How would that work, BTW? Instead of Tux in the console framebuffer, a pr0n banner? Product jingles when you grep() something? Easily blockable ads on Slashdot? Oh wait a minute...:)

Whatever

Han Solo - "Sorry about the mess" *flips coin* :)

Re:You need to see this spyware crap at it's worst

[grundie]

We do use the lockdown kit and have done for quite a while, initially to randomly monitor client machines for dodgy stuff then later to lock machines down. Unforunately it just does not work! Plus there is the social engineering of this scumware which takes advantage of users naievity to make them think the app is of real benefit to them and mentions phrases such as "Will work behind most firewalls" or "This plugin can bypass you network security setting which sometimes blocks innocent programs like this". The sad fact is scumware programmers write their software to bypass security mechanisms sysadmins put in place. We now simply rely on a good old fashioned firewall and signed agreement that says if you install unauthorised software you'll be out the door.

Re:You need to see this spyware crap at it's worst

[scrytch]

You seem to be operating under the impression that the competent network admin is the entire IT department. It's really easy to crucify the IT department as a bunch of bumbling incompetent fucks, but I can just about guarantee that the techs will want your head after they have to personally service every special request from every user to get this or that item installed. You can sit on your righteous high horse all you like, but once you try to force it into reality, you'll learn real fast that policy decisions have real and unintended consequences.

Admining a couple linux boxes does not make you an IT division.

Re:Lavasoft's AD-AWARE will Remove this thing for

[FlacoFuerte]

I have the newest version of lavasoft and it didn't detect it. Morpheus' little redirect fairy wreaked all kinds of havoc on my comp when I used norton firewall to restrict access of the website they send you to- www.inmotiongolf.com. Once I restricted it, xp froze completely and after rebooting, it would freeze everytime once imapi.exe loaded. After a few hours of figuring out what the hell just happened, I reinstall my firewall, uninstall the superevil morpheus, delete c:\windows\bpboh.dll, c:\windows\rdxr020305.dat, and c:\windows\system32\rdxr020305.dat. System clean, no more spyware, no more crashes, and I hope whatever ad wizard decided to throw that little component into the new Morpheus drowns in a pool of his own vomit or better yet stops by my place so I can beat him about the head and neck with my keyboard.