Slashdot Mirror
A New Low for Web Advertisers: Pop-Up Downloads
rizzmanix writes: "I thougt it was strange that I had been getting a lot of pop-up download prompts for the Gator software as I browsed around the web in the recent days. Why were all these sites requiring this Gator thing I wondered?
Well I wonder no more... as apparently advertisers hit a new low by running 'pop-up downloads' instead of pop-up ads. Sneaky, underhanded, nasty and vile."
What's interesting and revealing about Gator's approach is that the well-known Nimda worm spread by injecting popup download code into IIS-served web pages, exploiting a vulnerability in Internet Explorer that caused the user NOT to be prompted before the dowloaded program executed.
Well, for those of us who are forced to deal with an Micro$oft environment, there is some good news. Remember Nimda? It operated in a similar way when it was spread through web-pages, by forcing a download. Internet Explorer had a weakness that allowed this to happen. Now, however, they have the fix in IE 5.5 SP2... might also want to get whatever critical updates there are from the Window$ update site. So if you have that, and the patch for Nimda you shouldn't be forced to do anything. Cancel should always be allowed.
And honestly, people, if you set yourself to automatically accept downloads, you're just asking for a trojan.
Now that you know the defense, let's talk about the offense. Some very respectable Hackers have already created programs designed to kill browser popups. Might I suggest as a new challenge for these ingenius few that a program be created that you can simply set an auto-cancel after a program asks you once to download it (like Gator)?
For those of us without that level of programming ability, I recommend giving these companies that do this a flood of email complaints, expressing just how much we detest the all-time low they have reached. Since so many of us are in the IT or helpdesk field, we're in a unique position in that people believe what we say. If Gator persists in these forced-downloads, then start letting every single one of your customers know that Gator stands a chance of royally screwing up their operating system and compromising their security. If they ask for specifics, look for any bug whatsoever that has been reported, or that you can find in the program, and exploit it like a cheap tabloid. If it crashed one persons system and made them reboot, then it -always- crashes systems... etc.
Of course, I myself would never result to any illegal means, but legal strongarm tactics are very effective when done in mass-quantity. If enough of us get together on this, and enough sand is thrown by enough people, advertisers will eventually get the hint.
Now who's with me?
-The Libra
"Maybe Lisa's right about America being the land of opportunity, and maybe Adil's got a point about the machinery of capitalism being oiled with the blood of the workers." - Homer Simpson
I think we'll only be able to escape the constant bombardment of advertisments (And skript kiddie attacks and all the other comparatively recent crap) by establishing our own network on top of the internet. It's easy to do and we're technically capable of doing it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I've seen sites (cardcentral.net) that use JavaScript to put their own dialog over everything but the Yes/No buttons on the download box. The dialog box appeared to be something along the lines of "Security warning: You are infected with a virus. Clean?"