Trojans and Popups and Slimeball Business

Selanit writes "Salon.com is reporting on a company which exploited a vulnerability in an old but common version of Internet Explorer's Java engine to install spyware on the visitor's machine. " It's a pretty in depth story showing the lack of respect that some companies have. My favorite part is that the guy who denies any knowledge of the trojan popup is named 'Frank Bigott'.

I wonder if this is true...

[Marx_Mrvelous]

There are a few things about the article that don't seem to make sense, aside from the basic premise and the guy's name. Is this another internet rumour that slipped into the press? Anyone have real-live experience with this?

Re:I wonder if this is true...

[Parsa]

Actually I just got off the phone with my mother about this because I was working on her work computer last week because of these viruses. She wasn't sure where they had come from and when I did a search on the Internet for them there were a lot of differing ideas on their origin.

What's kinda scary is the network admin wouldn't do anything to help. Norton Antivirus would say it had been quarantined but after she reboots all the processses are still listed in her Task Manager. I just forwarded this on to her to give to the admin so maybe he can take care of this now.

Re:I wonder if this is true...

How come the link to the story CRASHES
Opera 6.01 on windows ? , is it trying to do something it shouldn't ?

Re:I wonder if this is true...

[vrmlknight]

yup we had to clean off 20-30 computer from this atleast now i know where they got it from...

Re:I wonder if this is true...

Yes it is true. I just removed that virus yesterday! Also did you check the links to Sarc.com and Mcaffee.com? They verify the viruses purpose.

Did you read the article?

Re:I wonder if this is true...

Seems Volton took the software we wrote and did some "not-nice" things with it. It is very much true and I sure hope Ron Penna, Mike Osborn and Kevin Smith burn in hell for it!

Not a good day for M$ on Slashdot

[Tensor]

First a virus uses a worm that exploits a vulnerability in Outlook and OE to spread.

Now this.

Ouch.

Re:Not a good day for M$ on Slashdot

[spencerogden]

Please define: A Good day for M$ on Slashdot.

Re:Not a good day for M$ on Slashdot

A Good day for MS on /. : Any day that there is no MS related news.

Re:Not a good day for M$ on Slashdot

• Commander Taco comes out of the closet with respect to his secret preference for Windows.
  
• the cultural tide turns, and people start overgeneralizing about everybody on slashdot being a microsoft apologist.
  
• the free software community has to organize an astroturf campaign in order to get exposure.
  
• license audit at the geek compound scores badly-needed revenue for redmond
  
• everybody adopts newspeak definitions for "innovation", "choice", and "standard" en masse.
  
• linux community decides it would be better if every process ran as root, inspiring authors of malicious code to jump ship.
  
• World corporatocracy declares anti-MS speech illegal.
  

Re:Not a good day for M$ on Slashdot

A day when all of the linux zealots wake up and realize that all of the fanatisism is pointless. You can work on free software without being blinded by religion. Want proof, look at the freeBSD crowd. I would respect the GNU crowd if they would just shut the fuck up about every little flaw in commercial software and concentrate on actually produce something worth using (funny how most of the quality OSS projects, Apache, FreeBSD, etc, don't give a damn about Stalman's little crusade).

Re:Not a good day for M$ on Slashdot

[spencerogden]

Who says that people involved with Linux care about Stallman's crusade?

Ah, the irony

[Faust7]

I love how the article is titled "The Pop-Up Ad Campaign from Hell"--and you get a pop-up when you first visit it. Also a nice Flash ad delay when you hit Back. Yep.

Re:Ah, the irony

[buzzbomb]

Mozilla is your friend.

Edit > Preferences > Advanced (Scripts & Windows) > Unclick "Open unrequested windows"...and any other shit that irritates you.

Re:Ah, the irony

[peddrenth]

"...and you get a pop-up when you first visit it"
Not if you're using Galeon, you don't!

"Also a nice Flash ad delay when you hit Back"
Again, not in Mozilla or in Galeon, which both "skip over" redirect pages when you click the back button.

Anyway, if you just open all the stories in a new tab, you don't need to use the back button, you can just close it when you're done reading.

Block the OnClose macro, and you can even enable javascript on the site without having to worry!

Am I paranoid?

Re:Ah, the irony

[Tackhead]

> I love how the article is titled "The Pop-Up Ad Campaign from Hell"--and you get a pop-up when you first visit it. Also a nice Flash ad delay when you hit Back.

Really? Funny, I never saw that. Of course, I don't do Javashit. Or Flush. Gee, it really sucks to be in the dark ages, maybe I should upgrade... tomorrow. :)

Re:Ah, the irony

Anyway, if you just open all the stories in a new tab

Yeah but too many sites change their links to something like:

<a href="javascript:openPopUp('popup.html')">link </a>

instead of using onClick="openPopUp('popup.html')" which breaks your attempt to open the link in a new tab/window.

Am I the only one who hates this????

Re:Ah, the irony

Mozilla Hates Java! Java is my friend. So, Mozilla is not my friend.

Re:Ah, the irony

[ZanshinWedge]

Yes, very odd. Oh wait, I didn't see anything like that.

Maybe my settings are broken for stuff like that.

Maybe they're broken intentionally.

Re:Ah, the irony

[mixbsd]

What's wrong with using: link?

Talk about making things more complicated than they have to be!

Re:Ah, the irony

[SilkBD]

I use opera, It denies popups. Some sites break, but that's why I hit f12 and accept for a brief period of time while a visit that particuilar site. Too many sites look like crap in Mozilla, so far Opera rules. As for be ashamed of dening sites their ad revenue. I laugh in your general direction. If you're going to get money from annoying us with intrusive ads, crappy flash, or other means of removing control of our browsing experience... then I simply give you the finger, and say no.

Re:Ah, the irony

Because you can't size the popup window or remove the browser header/footer bars.

Re:Ah, the irony

Wow!!! You're hilarious!!! I bet you don't use "INTERNET EXPLODER"!!! You tired cocksucker whapping your dad's wang with your eager tongue then fishing the corn out of poppy's shit doing your crap assed job at Wendy's thinking you'll make it someday because you installed RedHat on your computer.
Time for rape!

Microsoft, security and Java...

[MosesJones]

Isn't it odd that the only Java security exploit to be used in the wild is in the VM produced by Microsoft that didn't obey the Java spec.

Now a cynical person would say that this would enable Microsoft to point at Java and say "Java is insecure" but of course I'm not a cynical person and I'm sure it was purely an accident.

Re:Microsoft, security and Java...

Come on. Netscape's engine didn't follow the Java spec. In fact, it had more violations that Microsoft's engine.

Look who Sun chose to sue. Hmm...

Re:Microsoft, security and Java...

[kneeo]

The easiest way to get shot is to carry a gun -- Atticus Finch

Are you sure that carrying a gun is the easiest way to go shot? I mean, where do you carry it? In a bag, in your pocket, or maybe a holster. If Im just carrying it, how would someone else know I have it to shoot me. Oh, maybe it will accidently go off and hit me. Im sure there are faster ways of getting shot rather than just carrying it and waiting for it to go off or waiting for someone to shoot me b/c I have a gun.

Re:Microsoft, security and Java...

the only Java security exploit to be used in the wild

No, it's not odd that the only Java security exploit to be used in the wild is in the only JVM that is used in the wild.

Re:Microsoft, security and Java...

[knulleke]

I wonder if it's in the specs that java must be slow. It seems to be implemented that way on all platforms.

Re:Microsoft, security and Java...

Pick up a copy of To Kill A Mockingbird and read the quote in context. You'll get a big plus in that it's quite a good book and it got you away from your computer for a while!

Re:Microsoft, security and Java...

[Schnapple]

and it got you away from your computer for a while!

Yes but if you leave your computer and go into public you might get shot!

Re:Microsoft, security and Java...

[benjymous]

Not if you don't take your gun

Re:Microsoft, security and Java...

Bytecode is slower than native execution. That's why we have GHz processors.

Re:Microsoft, security and Java...

Wow, dude that's a really lame troll, no effort at all.

Do some research and find useful things to troll about.

Learn to read the linux kernel source and troll about how much it sucks(which is does).

later,
kneel n' bob

Re:Microsoft, security and Java...

[Rogerborg]

• Isn't it odd that the only Java security exploit to be used in the wild is in the VM produced by Microsoft that didn't obey the Java spec.

Yeah, I posted it elsewhere, but it bears repeating that the "Microsoft® virtual machine (Microsoft VM)" is not a Java Virtual Machine (JVM, the old name), and Microsoft are no longer allowed to call it that after being bitchslapped around a few courts by Sun. Let's keep the Microsoft VM and the Sun JRE clear and distinct in our minds.

Re:Microsoft, security and Java...

[Steveftoth]

Sun sued Microsoft for extending the spec, not for a bad implementation!

If you look at that MS was doing to the Java APIs (not the language or VM), you will see that they tried to get people to write code to their APIs that tied people to their MS x86 Java Platform which was against the agreement they had with Sun.

Netscape just had a bad implementation of Java.

Re:Microsoft, security and Java...

Not if you don't take your gun

Which is complete bull shit. My friend was killed two years ago and he didn't carry a gun. He was killed by two niggers trying to jack his car. They said it was the easyest way to get him out of it. If he had a gun he might have had a chance.

fuck you.

Re:Microsoft, security and Java...

[Mr.+Shiny+And+New]

I detect a troll here. Sorry, but the article you linked to does not support the statement that Java was created to allow pedophiles to find pictures of little girls on the 'net.

Besides, the problems of a creator of a technology do not make the technology good or evil. Sheesh.

Re:Microsoft, security and Java...

it amazes me how quick the heathens are to defend these sick pedo fucks.

Re:Microsoft, security and Java...

Earth to dumb fuck, this security vulnerability was found in ALL VMs and MS was the first to patch theirs. A cynical person might say you are ignoring this fact because of some juvinile desire to rant against MS. I am a cynical person.

Re:Microsoft, security and Java...

Would you microsoft idiots please stop linking through the treeview? They have software that sends you here.

http://www.microsoft.com/library/shared/deeptree /b ot/bot.asp?dtcnfg=/technet/treeview/deeptreeconfig . ml

At least provide a text link along with it so that I can easily concatenate the string.

http://www.microsoft.com/technet/security/bullet in / S00-075.asp

Remember to remove the spaces when you cut and paste.

Re:Microsoft, security and Java...

[newerbob]

I AGREE.

Java == PEDOPHILE

Plain and simple.

Re:Microsoft, security and Java...

The bug in MS Java was because they modified the VM to allow Java applets to run ActiveX controls, and forgot to check for the signature/trustedness hack that MS added to try to make them "secure".

MS is amazingly clueless on security issues, this is just one example.

Re:Microsoft, security and Java...

the one witht he most money?

The line gets thinner

[ringbarer]

How is this type of cancerware distinguishable from a virus that spreads by exploiting security vunerabilities?

It seems that all the Klez and Chernobyl kiddies have gone and got themselves some venture capital, and are turning their malware into a business.

Re:The line gets thinner

Does not self replicate. This is automated cracking.

Re:The line gets thinner

[startled]

Thinner? Thinner my ass! "How is this type of cancerware distinguishable from a virus that spreads by exploiting security vunerabilities?" It's not! The state's AG should be prosecuting these guys as we speak. I certainly hope he does; maybe he's just gathering evidence or something.

This is definitely illegal. There is no thin line here-- it is unauthorized, malicious, and destructive modification of someone else's box. I hope these fuckers get nailed.

Re:The line gets thinner

[RollingThunder]

Well, technically, there is a line.

Klez, CIH, etc, all spread themselves as 100% self-contained packages, and all it takes is one slip to have it "escape" - which gives you a bit of weasel room.

This grungeware requires servers to connect to, which means concious ongoing support.

IMO, that's worse than virus writing - although it at least provides a single point of killing it off.

What if...

[xenotrope]

The interviewer calls him "Mr. Bigott" and then:

Frank Bigott: "Excuse me, but it's pronounced 'Bee-GOH'."

Re:What if...

Thank you, Mrs. Bucket.

Re:What if...

[freeweed]

Well, considering how effective viruses and other exploits have been on the Windows platform, I'd think it'd be pronounced "Beeg-lawg-Oh".

Re:What if...

[glitch!]

The interviewer calls him "Mr. Bigott" and then:

Frank Bigott: "Excuse me, but it's pronounced 'Bee-GOH'."

Well, assuming that the sound of his name has anything to do with anything, the double 't' at the end prevents it from being silent. I assume that you are trying to apply French pronounciation rules here.

My question is why the apparent joke about this name. I rememberback in 7th grade, one of my friends found a picture of a truck or van with "Fucker" painted on the side. It was a German company, I believe, but we sure had a lot of laughs over that one. Ha! Ha! Boy, isn't that funny! I think we all got tired of it by the time we were in 8th grade, though. Maybe it was a part of growing up.

So...

This is, what, the 999th article about how bad/sloppy Microsoft's products are? Or is this the 998th article about slimey business practices.

It's so hard to keep track and the champaign has hardly had time to age.

Obligatory: I don't us IE and I disable Java whenever possible.

Finally...

[Jonboy+X]

...a good reason to use an Applet.

Re:Finally...

Actually there are good reasons to use an applet. Hoverbuttons and crap like that are not among them.

Re:Finally...

[sith]

Or an apple :)

Um..

[xtermz]

...Call me naive, but why isnt that states attorney general investigating this company? This is nothing short of corporate sponsored hax0ring.

I didnt see any mention in the article of somebody lodging a criminal or even civil complaint.

I think a big reason these companies get away with this crap is that nobody takes them to task for what they are doing...

Re:Um..

What makes you think the CA AG's office isn't investigating? The article only said they (understandably) refused to comment on the case:

Susan Henrichsen, deputy attorney general for the state of California, declined to comment on specifics of the IntelliTech situation. But she noted that downloading software onto someone's computer without permission is tantamount to hacking.

"If, on top of that, you track people with spyware with the intent of selling the information, that goes way over into unfair and deceptive practices. It's really pretty appalling," she said.

Re:Um..

[ocelotbob]

...Call me naive, but why isnt that states attorney general investigating this company? This is nothing short of corporate sponsored hax0ring.

from the article:

Susan Henrichsen, deputy attorney general for the state of California, declined to comment on specifics of the IntelliTech situation. But she noted that downloading software onto someone's computer without permission is tantamount to hacking.

Sounds like the AG is looking into them. They probably are just getting their ducks into a row for a criminal case. With tech crimes like this, they don't want to make any mistakes and let someone go free who would have otherwise gone to jail.

Re:Um..

[gotak]

Cause they are busy fighting terror else where in the world. :P

Just wondering...

[chazzf]

I take it this applies only to Microsoft's implementation and not to Sun's Virtual Machine? Not that Sun's is any more stable...(I run Win98 SE, and it dies on me all the time).

Re:Just wondering...

[unixmaster]

Try to run it on a real operating system.

Re:Just wondering...

couldn't have said it better... there is NOTHING windows 98se is better for over 2k/xp. if you think games will run better, think again. i run sun's vm under xp, never ever had a problem.

Re:Just wondering...

[Methuseus]

I've never had Sun's JVM crash on me, except for the one time I tried to use pointers . . .

How Exactly

[KingKire64]

Do people like this sell thier soul to satan? I would like a Cray Computer Im considering selling my soul for it... but i guess satan is backed up with these Popup Companies

Re:How Exactly

[ThePilgrim]

Sir,

With refrence to your order CR12345778092

We are sorry to tell you that your order is in a holding queue.

As you will be aware all transactions require the primaries signiture signed in triplicate in BLOOD.

Unfortunatly you seam to have taken this to mean the blood of any conviniant human near by.

We require the signature to be in your blood.

We are sorry for the delay this missunderstanding has caused and look forward to taking possession of your soul at the earlist.

Yours,

B. L. Z. Bub

Head of Customour Resources

Hell

r-e-s-p-e-c-t

[resonator]

It's a pretty in depth story showing the lack of respect that some companies have.

Are you refering to the lack of respect Microsoft has for those who use their products? :)

Re:r-e-s-p-e-c-t

[gfxguy]

I have to take issue with this. I really hate MS, believe me, but the fact is they (as well as a lot of bad things) make products that are user friendly and have lot's of features that, if not abused, could make a much nicer computing experience for everyone.

It is their problem that people are abusing it, but it's not their fault people are abusing it. I compare this to the luxery of having a convertable - it'd be really nice if it weren't so damned easy to break into, but it's not the car makers fault it happens - they just need to work on a way to help prevent it. And the fact is that people LIKE convertables - it's a feature.

The sad fact is that while MS is horrible about securing their products, it's the crackers and punks and phreaks that make it difficult for everybody. Sure, I'm approaching this from an existentialist point of view - not particularly realistic - but you have to blame the people that are maliciously taking advantage of a problem as well the company that fails to correct it.

It's crackers fault I have to spend my money and time protecting against break-ins. Even if you are well protected, these people steal my money and waste my time and that latter part is unforgivable. Yes, I feel the same way about the people who make it necessary for my house and car to need locks and an alarm system. I know it's reality, but those are the people I blame for making it reality.

Ok, now I'm venting, pardon the rant. I like dogging MS as much as the next guy, but the people who are violating your privacy are the ones that need your antagonism.

Re:r-e-s-p-e-c-t

[gmack]

Personally I blame both sides.. on one hand you have some idiot taking advantage but on the other MS should have considered the security implictions before a lot of those features were shown the light of day.

i like this assumption

[igottheloot]

"Try this: Thousands of unsuspecting visitors to a family entertainment site are discovering a cornucopia of unwanted, potentially malicious software on their computers--"

yeah, ok... i bet people running an old version of ie, visiting a family entertainment site, really figured this out on their own.

One thing

fuck them

mod story as -1, troll

...or -1, flamebait

'scuse my language, but

[eples]

From the article:

• Flowgo
• eUniverse
• IntelliTech Web Solutions
• KoolKatalog
• Volton Technologies

WHO THE FUCK ARE THESE PEOPLE?! Never heard of a single one of them - figures they'd be polluting the Internet.
Shouldn't these shitty companies have DIED last year?!

Re:'scuse my language, but

[hagardtroll]

Yes. The .com weenies who are still struggling to survive are doing it with questionable ethics.

You notice as available VC goes down, the number of pop-ups, subscriptions and sleazy sites go up.

I like to think that eventually the sleazy and make-abuck-quick companies will finally go under, and the web will be more like it was before. A communications medium for PEOPLE to communcate, rather than a giant catalog that consumers can shop from.

I can dream.

Re:'scuse my language, but

[kubrick]

I can dream.

A lot of the large media companies would be happier if no other competition existed for people's attention. A lot of the recent legislation is aimed not only at controlling the means of media consumption, but also the means of media production.

In ten years, it could be illegal to put up a web site or run an ISP without arranging content licensing and censoring (like, say, Iran or China).

Don't like it? Get active about it.

You can dream, but the reality gets more and more like a nightmare each day. :(

Re:'scuse my language, but

[jmoriarty]

Volton Technologies

WHO THE FUCK ARE THESE PEOPLE?! Never heard of a single one of them

Back in the '80s I think these guys made some giant robot dogs that could combine into a mega-robot. I guess Spam is a more effective weapon than that giant sword.

Re:'scuse my language, but

[Steveftoth]

It used to be that you had to have an IQ of greater then 100 to actually even USE the internet.

Maybe that's why the internet was so much better before the Homer Simpsons of the world decided to get on the internet.

Re:'scuse my language, but

[generic-man]

I have decided to start boycotting the inter-net, due to the proliferation of people who I consider "stupid" and "lusers." Also, it has come to my attention that some inter-net sites use advertising, a tactic which I consider to be morally offensive.

As a result, I have decided to start a tele-phone-based communications portal. If you would like to join, please dial 415-498-1177 with eight data bits, one stop bit, and no parity. After carrier is detected, press ENTER to receive a log-in prompt.

Thank you for continuing to be on the cutting edge of communications.

Re:'scuse my language, but

just be cause your smart doesnt mean your not stupid. I have seem PLENTY of 'smart' people fall for the stupidest schemes and LOOOSE alot of money at it.

Re:'scuse my language, but

[Xenographic]

From the article:

* Flowgo
* eUniverse
* IntelliTech Web Solutions
* KoolKatalog
* Volton Technologies
>>>>>>>>>>>>

Drat, Voltron is in on this too???

If you get infected by all the spyware, do they combine into one massive, privacy-invading program and take over your computer to fight giant monsters (uhhh, I dunno, maybe Mozilla?) or something? :]

That would explain...

[Nos.]

all those lame server on wwws1.com entries in my log files. My girlfriend's computer got hit by this, and I cleared it out (eventually). Funny, guys who can write these programs to monitor everything you do on the 'net, but can't setup DNS properly.

Shouldn't this count as a computer crime?

[swinginSwingler]

Maybe I'm just talking out of my ass, but, a web-site that just "installs" a program on my computer unbeknownst to me seems not too unlike me sending company X an email that "installs" a program on their computer unbeknownst to them. Yeah, IANAL and all that bull.

Re:Shouldn't this count as a computer crime?

[RatOmeter]

I think so. In fact, I'll be surprised if we do not see this going to court. If any of the affected PC's belong to a fortune 500 or larger company, I can nearly guarantee it. What I think should happen is that a class action suit be filed on behalf of all of the common people who were affected.

Heck, I'm sure if I the same exploits to upload even 1 teeny-tiny file to a PC, let's say, at a local bank. Guaran-damn-tee I'd be in lockup the next day.

The company behind this needs to be more than bitchslapped. They're going down.

I heard trojan..

and it reminded me to go buy some more, cause I don't want to catch anything from Cowboy Neal tonight...

Block Flowgo at SMTP

[toupsie]

Flowgo has been a burr in my britches for quite a while. It appears that everyone of my e-mail users gets "newsletters" from Flowgo. About 30% admit to visiting the Flowgo site but swear up and down that they did not request the newsletter. At first, I tried to be nice and contact Flowgo and ask for them to remove my employee from their newsletters (its easier than trying to instruct them to do it). Got back no response. At first I was shocked that Flowgo would not remove them. So after giving them a week, I went into my Postfix configuration and blocked off any e-mail from Flowgo. That was 5 months ago. Still today, I bounce 50 to 100 messages from Flowgo from my mail server. I noticed that several blackhole lists are doing the same now.

There has to be a solution to this sort of problem. About the only way I could get Flowgo to stop SPAMMING my mail server is to call up a buddy of Tony Soprano to break their knees because Flowgo doesn't care and I have never, ever, ever been able to get one of my elected officials or law enforcement agency to pay any interest in Unsolicited Commercial E-Mail. Its not like Flowgo is hiding its behavior either. It should be easy to get them but no one that matters or has the power, gives a damn about this huge waste of bandwidth.

Re:Block Flowgo at SMTP

[buss_error]

I've had FlowGo blocked for almost a year. I still bounce mail from them to the tune of several dozen a day. Perhaps it's time for an RBL nomination? SPEWS, anyone?

Re:Block Flowgo at SMTP

[Skapare]

I've been blocking flowgo and euniverse for over a year. These people are totally slimy, and they haven't figured that mail bounces. These people give the human race a bad name.

Re:Block Flowgo at SMTP

Heh..
you could always change it to forward all emails from their domain to the administrative address for their domain. Make them read their own spam =)

Re:Block Flowgo at SMTP

[toupsie]

I've been blocking flowgo and euniverse for over a year. These people are totally slimy, and they haven't figured that mail bounces. These people give the human race a bad name.

Hey, how dare you even compare a Flowgo employee to a human being! Its an insult to human beings. I agree, these people are slimy. The only way they will be stopped is by the law or an (un)fortunate act of God. If several of us are bouncing their e-mails for 5 months+, they just don't give a damn. It obviously doesn't hurt them financially to send out e-mails that bounce. I assume they are reporting only what they send out to clients, not what is received. That might be an avenue to attack Flowgo. Like Capone being busted for tax evasion, you might to have to hit Flowgo with something outside their normal crime. Since a lot of their e-mails are being bounced and they don't care that they are being bounced, it would be a decepetive trade practice for them to sell to clients the ability to e-mail a certain number of Internet Users knowing full well they can never reach their target audience because of SMTP blocks and RBLs.

Just a thought, I still like the idea of breaking knees to solve a problem like this. Its just more up close and personal. Tony Soprano, where are you when I need ya, baby?

Re:Block Flowgo at SMTP

[BlueUnderwear]

you could always change it to forward all emails from their domain to the administrative address for their domain. Make them read their own spam =)

This helps. I had to do this last year when Bellsouth just wouldn't kick a joe-jobbing spammer that forged mails in my name. Eventually, I forwarded all the bounces to them (tech support, management, sales, ... and in the end even customers...).

Re:Block Flowgo at SMTP

[Fizyx]

>"Power tends to corrupt, and absolute power corrupts absolutely." -- Lord Acton

"Power tends to corrupt, and absolute power is actually pretty cool." -- Tom Clancy (The Bear and the Dragon)

Re:Block Flowgo at SMTP

[toupsie]

Interesting. Very, very interesting.

Even better than tech support, SALES!

Re:Block Flowgo at SMTP

[Jenova]

Been doing that for a while here too. Lots of bounced mail everyday.

Re:Block Flowgo at SMTP

[rgmoore]

About the only way I could get Flowgo to stop SPAMMING my mail server is to call up a buddy of Tony Soprano to break their knees because Flowgo doesn't care and I have never, ever, ever been able to get one of my elected officials or law enforcement agency to pay any interest in Unsolicited Commercial E-Mail.

Have you considered threatening a lawsuit? I realize that they're not the most popular thing on Slashdot, but when somebody is doing something illegal and annoying they're about your only recourse. Many states now have at least some kind of anit-spam laws, so if you've kept a record of your email asking them to stop sending mail to your users and the mail they've kept sending, you'd have a pretty good case. A nice, polite cease and desist letter sent by registered mail would likely get their attention, and if it didn't a lawsuit for the applicable statutory damages per message certainly would. If your company already has a legal counsel, it wouldn't even cost you anything.

Re:Block Flowgo at SMTP

[toupsie]

Have you considered threatening a lawsuit?

Lawsuit is a good idea. I wish I could but I can't get my corporate council interested in going after a SPAMMER when he has bigger fish to fry for the company. However, I still think breaking kneecaps would be more satifying than legal action.

Re:Block Flowgo at SMTP

[arivanov]

They are located in California which has both suitable antispam laws and antihacking laws.

The lawsuit wil need to be filed by a resident of the state.

Re:Block Flowgo at SMTP

[sharkey]

"Power tends to corrupt, and absolute power is actually pretty cool." -- Tom Clancy (The Bear and the Dragon)

"Power corrupts, and absolute power is even more fun." -- Simon (BOFH)

Big-Boo-TAY

[burgburgburg]

It's John Big-Boo-TAY!!!

Yep - definitely

[BenHmm]

I have.

Many times: it's why I now use Mozilla (well, that and the tabbed browsing and...and...and...) and Ad Aware.

Mostly it seems to be dialler programs for offshore ISPs. Porn, basically.

Use IE unprotected for a while, then run AdAware - it's quite scary.

Re:Yep - definitely

I have no problems with IE because 1) I have Norton AV running in the background and 2) I use the Proxomitron ad-killer proxy. After all that, only the occasional Doubleclick cookie gets by (which gets blasted by a bi-weekly running of Ad Aware).

Re:Yep - definitely

I use Internet Explorer because
1) besides lacking a few features, it still is by far the king of browsers
2) i'm not an idiot running internet explorer 4.0

Re:Yep - definitely

[5KVGhost]

I have. Many times: it's why I now use Mozilla (well, that and the tabbed browsing and...and...and...) and Ad Aware.

Regardless of which browser anyone chooses to use, I'd hope they're more dilligent about updgrading and/or patching than the people in this article were. All browsers have weaknesses and vulnerabilities, both known and unknown.

I've never had anything infect or self-install on my machines, even when I ran without virus scanner for a while. About the worst I've seen are cookies, and they're easy enough to deal with.

Re:Yep - definitely

[gmack]

Or go to top100.org/altlist.com and wonder why your searches are all now going to 2ksearch.com and MSN search is now completly inaccessable. They helfully overwrite c:\windows\hosts and redirect auto.search.msn.com for you.

One really has to wonder what sort of idiot thought that having the abillity to overwrite any file from any random website was a good idea.

It's not even an exploit really.

Re:Yep - definitely

[spunkykuma]

Well, since you switched to Mozilla from IE, you might want to read this.

Re:Yep - definitely

[BenHmm]

ooh - that's nasty.
But it seems to have been fixed. At least in today's nightly build...(2002050608)

Re:Yep - definitely

[inquisitor]

Regardless of which browser anyone chooses to use, I'd hope they're more dilligent about updgrading and/or patching than the people in this article were. All browsers have weaknesses and vulnerabilities, both known and unknown.

A good point, especially as NS6/Mozilla had a very similar security hole themselves, which is why it was FORBIDDEN on the FreeBSD ports tree until they put in an unofficial patch (they're very good at that - icecast, for example, is currently in the same situation and pine has a series of warnings when you try to compile). If you read bugtraq, like I do, you'd also have seen a buffer overflow in the IRC component.

It's very hard to be totally secure, and it's not really fair to denigrate Microsoft when a patch has available for months (viz CodeRed/Nimda), or RedHat when people are still using 5.2.

Re:Yep - definitely

[wedg]

Gods bless Linux.

Instability in their systems.

[Restil]

People first discovered the virus when they noticed crashing and instability in their systems. So THAT'S what causes it. And all this time I just thought it was crappy software.

Yes.. I know... this is Microsoft Bashing. Mod me down.

-Restil

A good day for microsoft would be:

[pommiekiwifruit]

404: This page not available.

Actually

[CaptainZapp]

You can cough up 30$ a year (50$ for 2) and enjoy Salon in its entirety and completely ad-free.

I'm aware, that this doesn't necessarily sit well with a lot of people here, but wtf...

Re:Actually

[benjymous]

Or just install Mozilla which has pretty decent popup prevention (i.e. it still allows the popups that result from a user click, but not the ones that pages generate on load/exit/etc)

Re:Actually

[Krelnik]

> You can cough up 30$ a year (50$ for 2)
> and enjoy Salon in its entirety and
> completely ad-free.

Or simply do what I do. Put *.salon.com in your RESTRICTED SITES security zone, and have all scripting and plugins disabled in that zone. Voila, I never get popups on Salon. Still see some normal ads, but they are tolerable.

This doesnt work with all sites, because some also use Javascript for navigation or other essential stuff, but Salon currently doesn't.

Re:Actually

[aaarrrgggh]

Well, I did pay $50 for two years, and I still got the damn ad! In that sense... I think the parent was spot on...

Re:Actually

[Tsian]

So what, exactly, gives you the right to deny them of funds like that? Now if you simply close the ad and don't click on it, thats one thing, but to never view it....

Re:Actually

[GregWebb]

Didn't last time I tried, or did I tick the wrong option?

I _loved_ popup blocking - totally forgot that some sites did it - but it stopped some stuff from working so I had to turn it off. How can I get this wonderful option to work?

Re:Actually

Pay them to prevent them from exposing me to potentially malicious code? Sounds like extortion to me.

Re:Actually

[ncc74656]

Or just install Mozilla which has pretty decent popup prevention

My ad-filtering proxy (updated block list available through this page) blocks the Flash ad they try to send. Editing the URL in the address bar brings you back to the Flash ad (which gets replaced with a 1x1 transparent GIF by the proxy). You also need to remove the cookies set by Salon and block them from sending any more cookies (the same page came up fine in Lynx when I told it to not accept Salon's cookies). Select Edit|Preferences, select "Cookies" under "Privacy & Security," and click "Manage Stored Cookies." Check "Don't allow removed cookies to be reaccepted later," scroll through the list of cookies, and remove the ones set by Salon (I found two, sent by salon.com and www.salon.com).

Re:Actually

[benjymous]

Preferences -> Advanced -> Scripts and Windows and uncheck "Open unrequested windows" (and any others that take your fancy)

Re:Actually

[SkyLeach]

I just wish I could get the newspaper add-free for what I *PAY* for it.

You know that those $2.00 sunday papers are payed for 10x over by the companies putting ads in them and then they have the fscking nerve to turn around and charge the customer more money to deliver the extra 10lbs of ads.

Give me add-fee paper publications and I'll start reading hardcopy news again.

Re:Actually

hope your kidding, but if not, the newspapers cost is so that you dont grab a stack of them and use them for kitty liners/fish wrap, which would destroy the ad market. by them charging alittle (basically cost of printing) they mostly avoid that, and thus preserve the integrity of the ads, which are what actually pay for the content.

That would explain why he didn't get it

[maggard]

all those lame server on wwws1.com entries in my log files. [...] Funny, guys who can write these programs to monitor everything you do on the 'net, but can't setup DNS properly.

Whoah there quick-at-the-mouth. wwws1.com was the intended address, not www.s1.com. Their strategy worked exactly as intended by providing a reasuring-looking domain.

Re:That would explain why he didn't get it

[Nos.]

wwws1.com was the intended address

Yup, like I said, I have a log full of lame server entries for wwws1.com -> translation, the program was sending her to wwws1.com and my DNS server when doing the resolving was reporting the fact that the DNS for wwws1.com is not setup correctly.

Who said anything about www.s1.com?

LA Based ? CPC 502 applies

[UncleFluffy]

It's about time someone got put away for this sort of crap.

California Penal Code, look for section 502

Re:LA Based ? CPC 502 applies

[dattaway]

By "put away," what methods are you suggesting?

Prison?
Concrete shoes?
In the trunk of a car?
Handcuffed to the floor in a crack house?

Sounds good, but could you be more specific?

Re:LA Based ? CPC 502 applies

[kubrick]

You forgot option E -- all of the above.

Re:LA Based ? CPC 502 applies

I suppose it is possible to do all four at once. A prison can be a crack house, so if we stuffed the offender in the trunk of a car in the prison shop, took one arm out and handcuffed it to the floor, fit him up with a nice pair of concrete shoes, shut the trunk on him (may require effort with his arm hanging out,) and drove the junker through the barbed wire fence (dodging machine gun fire from the prison towers,) into the lake next to the prison... I reckon it would indeed be possible for justice to be served.

Sounds like a lot of work. Anyone up to the task?

Re:LA Based ? CPC 502 applies

[Amazing+Quantum+Man]

Sentenced to watch Barney the dinosaur 24 hours a day...

Of course, that might violate the 8th Amendment.

Re:LA Based ? CPC 502 applies

[arivanov]

The methods used by Philip the IVth in france on the d'Honet brothers. Should be applied to all spammers. Unfortunately the judicial system seems to disagree.

If you do not know french history here is the list:

1. Break all limbs on the weel.
2. Casrate and show the removed offending material to the public
3. Skin alive
4. Dip into boiling oil
5. Hang what is left on a hook upside down
6. Leave for the crows to finish off.

That is of course in public.

It should be enough to do it once for anyone not to think of spamming as a business idea.

Re:LA Based ? CPC 502 applies

[shawnseat]

I would have modded you up had you included this!

Re:LA Based ? CPC 502 applies

[ebmedia]

By "put away," what methods are you suggesting? Prison? Concrete shoes? In the trunk of a car? Handcuffed to the floor in a crack house? Sounds good, but could you be more specific?

...All of the above.

Re:LA Based ? CPC 502 applies

[UncleFluffy]

By "put away," what methods are you suggesting?

I would suggest putting them in prison, with the words "I put something where it didn't belong without asking, please do the same to me" tattooed on their foreheads.

Another reason why choice is good.

[aao-brad]

I think this is the problem with M$ trying to take over the world, so to speak. If all users in the world had to use M$ products and browsers, this kind of thing would happen a lot more. Why? There are a lot of other slimeball businesses out there thinking up ways of doing things, and I bet they'd read this article and wonder why they didn't think of it first.

With that in mind, if the slimeballs knew that they can target one platform / browser (which is the case now as most normal people use IE anyway), they can devise things like this. Personally I use Mozilla, and tonight I'm converting to Linux, so this won't be much of an issue. I just wish more people knew there were other choices out there besides M$, and then they wouldn't fall victim to this.

Re:Another reason why choice is good.

[sillyputty]

This also allows a legitimate software writer to make a piece of software that will work for a high percentage of the market, so it isn't all bad. Besides, if a significant number of people switch to, say Mozilla, then you'll just see the companies like this invest in exploiting Mozilla.

sillyputty

Re:Another reason why choice is good.

[Steveftoth]

Another reason this works is because since everyone runs the same platform, but doesn't update the software to the newest version. These exploits would not work (as well) if everybody went to microsoft.com and downloaded the newest version every day.

It was only a matter of time...

[GnomeKing]

Companies appear to be using more and more dodgy ways to make money from us

Spyware for targetted ads... Scumware for stealing our resources... using exploits to do whatever they like

whats next?
deleting competitors software? (or even worse, dissabling it/making it give incorrect results in such a way that the user doesnt know its been tampered with)
Installing backdoors so they can verify that your not using their software illegaly?

I feel increasingly that we, the consumers, need to have some sort of protected from spyware, scumware, companies who exploit security problems and the next generation of click through "but you signed your kidneys over to microsoft when you bought office!"

Re:It was only a matter of time...

[chiph]

Companies appear to be using more and more dodgy ways to make money from us

It's because they think that no one will catch them at it. "Oh, we'll track their surfing habits by downloading this little control onto their PC. They'll never notice, and we can resell the info for a butt-load of money."

The thing I find amazing is how you can be running a truly useful website, and some banner ad that you're displaying links to software 5 businesses away. Which then downloads spyware onto your loyal visitor's computers. The next thing you know you're getting hate mail and end up on the RBL over something you had no control over. As a website owner, that's a hassle I just don't need, and is probably a contributing factor in the decline of banner ad revenue.

Chip H.

Re:It was only a matter of time...

[swordgeek]

"deleting competitors software?"

Kazaa is pretty close to this: Install it, and the bundled adware deletes your install of Ad-Aware.

"Installing backdoors so they can verify that your not using their software illegaly?"

Whether or not MS is prosecuting, XP has the ability to do this.

"Oh brave new world, that has such people in it!"
*sigh*

Re:It was only a matter of time...

[cicho]

Not Kazaa. RadLight. They've been slapped for this and apparently stopped.

Moore's law makes for bad soul trade.

I bet the guy who sold his soul for an 8088 screams a little louder than the rest when he dropd dead in about ten years.

M$ bought by VA Software

[Tharsis]

although, I admit, all preceding days would have to be pretty bad.

What's scarier

[shawnmelliott]

I don't know what's scarier. This article or that a related article at the bottom of this one talks about our "friend" Fritz who wants to "protect" spyware by defining what's sensitive.

Quote
The second is "nonsensitive" information, and among that will include your name, address, and records of anything you buy or surf on the Internet. Under the act, business can't collect or divulge the sensitive bits without your express consent, but anything classified as nonsensitive can be freely collected and sold at will.
End Quote

The article can be found here

Re:PIM FORTUYN, 54, DUTCH FASCIST, FOUND DEAD

Wasn't Pim Fortuyn one of Jabba's henchmen in Return of the Jedi?

I don't know, was there a rich Cuban cigar smoking ex sociology professor in the film?

happily unsupported

[BroadbandBradley]

as ISP techsupport front line, I hear about this type of stuff all the time. Customers often think the ISP is the culprit and ask us to stop the pop ups. These are the same folks who can't get thier email after messing with firewall settings (not even knowing what a 'port' is). I'm amazed that novice users put up with all that winblows vrus crap. I guess they don't know there's another way to deal with it, until I tell them about Linux.

As a Linux user, my platform doesn't seem to be supported by any of these AdWare/SpyWare applications.

Sometimes it's good to be unsupported, and I think a lot of these novice users might do well on an unsupported platform.
Long live Tux, Defender of the free!

Re:happily unsupported

You want somebody who doesn't know what a port is to go ahead and install Linux? Uh huh....

Genius.

Re:happily unsupported

I installed Linux like your told me to and now I am getting yelled at by people saying my computer is spamming them! The FBI said that I am breaking into government computers and pingflooding a bank! What the hell did you get me in to! All I wanted to do was browse the web and read my email and now I'm getting yelled at because my L-P-R and R-P-C ports are vulnerable to a root exploit. What is a root exploit!? I hate you! I'm going to AOL.

Re:happily unsupported

[doofusclam]

And how do you suppose these people get a linux distro on their pc. Bearing in mind the usual driver issues/incompatibilities etc?

I appreciate the spyware may not be your ISPs fault, and it costs to have people like you on the frontline, but recommending Linux to noobs? Sorry, but the penguin just ain't ready for the AOL masses. You're just helping someone butcher a pc that someone with a clue will have to wipe and reinstall. Are you really advocating the use of an unsupported platform to the sort of people who call your ISP? If you worked for me you'd have been fired by now.

(Unless a distro comes preinstalled, and is only used for AOL - but thats a different story)

seany.

Re:happily unsupported

[BroadbandBradley]

the usual disclaimer is: We don't support Linux, but there are sources of support elsewhere.

I don't know about you but I find Linux is WAY easier to use.

Are we surprised?

[mixbsd]

Don't forget that this happened via Flowgo, spammers extroadinaire, who have no scruples about using the September 11th disaster for their own ends.

Personally, I hope both IntelliTech (misnomer) and Flowgo are prosecuted for this.

That comment is not insightful

[Darren+Winsper]

It's just a statement with no supporting evidence.

Re:That comment is not insightful

[spectecjr]

Hey; don't complain - the same scheme worked for YOUR comment; you got modded up.

Simon

Re:That comment is not insightful

[MillionthMonkey]

>>>Come on. Netscape's engine didn't follow the Java spec. In fact, it had more violations that Microsoft's engine.
>>That comment is not insightful
>>It's just a statement with no supporting evidence.
> Hey; don't complain - the same scheme worked
> for YOUR comment; you got modded up.

He didn't make any statement that needed any more supporting evidence than the post he was responding to.

Re:That comment is not insightful

[spectecjr]

He didn't make any statement that needed any more supporting evidence than the post he was responding to.

If you had written applets between 1996 and 1998 using Netscape's VM, the Sun JVM and the Microsoft JVM at the time, and tried to get the same code working on all three, you wouldn't have needed any corroboration.

One of the worst was that Netscape's VM used completely different Z-Order to everyone else's. Their security manager was different.

I'd come up with more examples, but I've blocked out that awful part of my memory.

Simon

Re:PIM FORTUYN, 54, DUTCH FASCIST, FOUND DEAD

No he was one of the "Gentlemen" in the "Hush" episode in Buffy the Vampire Slayer.

Re:BARBECUED SQUID WITH HOT DIPPING SAUCE (SQUID S

" Coconut milk is easily made if you have a blender or food processor. Boil 1 1/2 cups water. Pour it over 1 1/2 cups of fresh or dry grated coconut. Beat it in the food processor or blender for at least 1 minute. Strain it through a sieve or through cheesecloth"

Mom,
I know that you all are from the midwest and such, but canned coconut milk is readily availible in most liqour stores and specialty food stores. In fact, here in Florida, the damn stuff grows on trees!

You should correct your recipe to reflect that, particulary since this simplifies the preparation by several steps.

This one doesn't...

[ringbarer]

What about the next? How trivial would it be to code up some cancerware that gathers addresses from the victim's address book, and sends itself out to them, hidden in some kind of novelty 'Purple Monkey'-type application?

This situation reminds me of a docu-drama they had on the UK's Channel 4 a few years back, set the requisite 20 minutes into the future, about the ultimate video multicasting 'killer-app' that spread itself across the Internet as a virus. When people wanted to view the video files, they found they automatically HAD the right software without needing to run a complicated install.

Old version of VM/IE?

[ejaw5]

The article said the flaw exists in an old version of the Java Engine of Microsoft's Internet Explorer...

The M$ bulliten linked on the article and here shows that
The Microsoft VM is a virtual machine for the Win32® operating environment. It runs atop Microsoft® Windows 95, 98, Windows Me, Windows NT 4.0, or Windows 2000. It ships as part of each operating system, and also as part of Microsoft Internet Explorer. The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.x and Internet Explorer 5.x contains a security vulnerability that could allow a Java applet, on a malicious web site to take any desired action on a visiting user?s machine.

Now, to me, Windows 2000 / IE 5.x isn't really OLD , considering that the majority of M$ users have IE 5.x. It may not be "new" like IE 6 or XP, but it doesn't mean 5.x is outdated.

Re:Old version of VM/IE?

[RailGunner]

I got hit with it here at work.. running IE 6 on Windows 2000. I don't know if the problem in IE has been fixed, and I don't care. This was the final straw, and I won't be using IE anymore.

Wow!!!

[feloneous+cat]

My day has been ruined! Outlook AND Explorer both can spread virii?

Shit, this is like Microsoft writes bad code or something...

Can this be true or am I just living a nightmare?

Will we end up removing BOTH programs and installing two million candle-power lights to point up into the night sky to symbolize where these two mighty titans once stood?

Will Bush launch a strike against Redmond killing thousands (or putting them out of there misery)?

internet explorer slashdot story icon

[ubiquitin]

This is the first time I can remember seeing a I.E. icon (Mac-style) on a slashdot story. How appropriate that the story is about the most annoying feature of Microsoft's browsing apps: javascript pop-up hell. But seriously, times have never been better for non Internet Explorer browsers: Opera, Konquerer, iCab, Chimera, and Mozilla are all extremely usable at this point.

Re:internet explorer slashdot story icon

[Wyzard]

Actually, I saw a segment about Opera on CNN the other day. I was surprised, and pleased.

Moot licensing?

[Denium]

IANAL but...

If a piece of software *is* malicious spyware, it would be counterintuitive to ask the user to authorize its use and consent to a license agreement.

So -- let's assume that the software exploits the hole and, in the process, causes damage to your machine. Because you did not agree to the usual clickwrap, (software is AS IS, etc etc) could you hold the company liable for this?

Just a thought :)

Re:Moot licensing?

[nuggz]

Good idea, no waiver of incidental damage, could be quite a heavy hit.

Re:Moot licensing?

[A.Soze]

This brings up the question of legality within a contract. If the software could be construed to be damaging to a system, is the contract (license agreement) valid at all? I seem to remember somthing to the effect that, if a contract spells out something illegal in its terms, it ceases to become a valid contract. Wouldn't this revoke all permissions and open the floodgates?

eUniverse traded on NASDAQ

Don't know about the other companies, but eUniverse's (EUNI) site says it is "the largest and fastest growing entertainment orientated network on the Internet. With over 19+ million unique visitors per month, it is consistently ranked as one of the Top 15 Most Visited Properties on the Internet by both Nielsen//NetRatings and Media Metrix"

Speaking of slimeball tactics....

[artemis67]

You may remember that, immediately after Sept. 11, a very popular popup making the rounds was for a game called "Yo Mama, Osama". If you clicked the ad and played the game, of course, it installed a spyware app (don't recall which one).

While technically not any different from the way other spyware are distributed, it still tops the list in my book for the sleaziest thing I've yet seen in spyware, i.e., capitalizing on the emotional turmoil for 9/11.

Re:Speaking of slimeball tactics....

FWIW, it was wnad.exe that was bundled with "Yo Mama"

http://www.newsbytes.com/news/01/171646.html

Re:Speaking of slimeball tactics....

[peddrenth]

the sleaziest thing I've yet seen in spyware, i.e., capitalizing on the emotional turmoil for 9/11

No, respectable people would never do that, would they? Respectable people like, hmmm, THE FBI???

Re:Speaking of slimeball tactics....

Right on and GWB is want doing anything else different?

Haven't people here gotten tired of the constant rhetoric from American politicians about the threat of terror?

This site doesn't offer any proofs but if evern 1/3 is true it doens't sound too good eh?
http://www.globalpolicy.org/wtc/liberties/lib ertin dex.htm

Trojans and Popups and Slimeball Business....

[josquint]

...Oh my!

Trojans and Popups and Slimeball Business
oh MY!!

Trojans and Popups and Slimeball Business
OH MY!!!

*out pops the wicked digital witch of the west*

What bothers me...

[j-turkey]

What bothers me the most, is that Federal Law Enforcement agencies have been going after individuals who crack corprate machines for years -- and hitting them with hard criminal charges (or in some cases, just throwing them in jail without clear or formal criminal charges).

Its clear that the federal government is zealous in its crusade to protect corporate America from "hackers". But who protects individuals from shady companies?

Its also clear that the company behind the trojan popups has engaged in criminal activity...but where the hell is the criminal investigation -- anyone being brought up on charges? At most -- we might see some fiducary damages awarded to someone (but not anyone here -- and not to anybody we know)...but if the feds can throw Kevin in jail -- I want the fuckers responsible for this kind of malicous marketing in jail too...(don't forget spammers either).


-Turkey

Re:What bothers me...

[Amazing+Quantum+Man]

Its clear that the federal government is zealous in its crusade to protect corporate America from "hackers". But who protects individuals from shady companies?

<SARCASM>
Companies and corporations can do no wrong! Just ask Senator Disney^H^H^H^H^H^HHollings. On the other hand, those Evil Unamerican Terrorist Hacker Content Pirates(tm) are a threat to our very way of life!!!!!
</SARCASM>

To comply with the ADA, SARCASM tags have been added for the sarcasm impaired.

look here.

[leuk_he]

the hun It has a warning about exploit a site linked here used.

Investigate this! (warning: lot's of pink images, don't investigate at work).

MS Java extension are to blame

[androidbug]

The extensions MS made to their own version of Java Virtual Machine must be causing these hacks. Since these extensions of Microsoft is not called Java(remember the long lawsuit), it is lame to blame 'Java'.

Re:MS Java extension are to blame

The ONLY reason java is where it is today is because MS decided to use it! Plus I think it is teribly funny that the ONLY company that got what java was about was MS. They got slapped pretty hard. So they said FINE we will make our OWN virtual machine. Its not the language thats cool it is the abstraction thats cool. Plus if it had be some other big companies java vm that was on most peoples desk guess what they would have targeted. What is to blame is that the holes were used for bad reasons. Which is what making sure you have the latest security patches is about. I think it is equaly lame to blame MS. Sun just didnt like MS playing/fighting in the pool. So MS got kicked out. Sun wants only 1 vm. And that vm is theirs. Till MS came along Sun's VM suuuuuuuuuuuuuuuuuuuucked big time. MS did what they did best. They compeated with them and did them one better and then sun did MS one better and so on. Eventually the differences between the companies became too much and Sun did it the Corp American way, they litigated the battle.

Now if someone was to get this 'virus'. And then hack it would it not be interesting to see what sort of CRAP could be fed into the systems of these companies? They are after all ASKING for stuff to be sent in. Since it is YOUR computer they infected they MOST likely want information from YOUR computer. Why not give them information. It just may not be exactly what they expected.

Ad-aware

[DeadSea]

Ad-aware is a Windows program from Lavasoft that will remove spyware from your computer. It is freeware. There is also a plus version available for a fee that will run in the background and prevent spyware from being installed.

Re:Ad-aware

[Schrodinger's+Mouse]

Hear, hear. I've got it running on my parents' Winbox, and whenever I mooch^H^H^H^H^Hvisit I have it clear out all the piggybacking crap my teenaged brother installs. It's a nice little program. Now if only it could knock some sense into the kid...

Re:Ad-aware

[mixbsd]

Original article mentions that the IntelliTech cancerware also disabled the user's firewall, if running, so it wouldn't be too surprising if it also disabled Ad-Aware a-la Radlight's Spyware Media Player.

Wasn't a good day for them yesterday, either

[ackthpt]

I just got peek at the article but it has to be a seriously squirmy moment on the stand for yet-another-ill-prepared-Microsoft-executive-and/o r-witness, as Will Poole couldn't offer a satisfactory explanation why nothing was changed for XP despite the antitrust ruling.

IIRC, "we gotta get it out the door to do our part to help the economy, can't stop now to do the right thing, W.'s counting on us!" -- hmm soft stance of the DoJ... scratch my back, I'll scratch yours? Seems to fit in with the recent pattern of sucking up to industry.

Anyway, RealNetworks (love 'em, hate 'em) gripes are valid, if Microsoft rolls out a "tested and Q/A Approved (the MCSEs all playing solitaire never found any bugs) Final version" and mysteriously competitors products (which you know they've had a keen eye towards making sure all is well) malfunction and look shoddy.

Other than being rich and arrogant, I wouldn't want to be in their shoes.

Re:April 1st

Microsoft could do all manner of cock ups, illegal activities and no one would believe it.

Whats to be done

[martinmcc]

It sickening to here how low some people will go to earn a few extra bucks, but such is the world we live in. The real problem is how to deal with it. Many people like to quote that 'all you need to do is run firewall x and anti-virus b' etc. which is fine for the tech savvy, but as we are all painfully aware, the majority is not tech savvy.

I think using a computer should be though of more like using a car than a calculator - no one would dream of sitting in a car and going for a drive before taking some lessons and getting a license (apart from a joyrider perhaps), yet many people phone DELL-U-WANT, order their box and sit down thinking they will be able to browse away, most getting very irrate when it doesn't work out. People need to realise that to use a computer they need to put in time and effort to learn how to first, which is something not helped by all the AOL type adds saying how easy it is.

Another possible fix I like the idea of is to have a 'safe zone' - The WWW is a large and mostly free place, and I for one do not want to see ANY legislation changing that, whether apparently for the better or not. As anyone who lives in a large city nows, you don't go to the bad end of town unless you now how to handle yourself, people will learn to stay in the safe zone. It could work by having a controlling body which hands out domains (here.sfe etc.). Anyone using this site must sign a rigirous contract of use, forbidding any type of exploitation of the vunerable users. Thus, any company exploiting in the domain will be liable through breach of contract, and leaves the rest of the internet free for those of us who now what we are doing. Systems could come with 'IE-safe', which does not allow browsing outside the safe domain, so only someone who knows what they are doing will be able to download full browser and go to the big bad web.

These solutions are far from perfect, and do leave room for exploitation, but I think the're better than the 'I'm safe, I don't care' attitute, and a bit more constructive than 'lets melt the &"%$ in a vat of acid' solution :).

Re:Whats to be done

Systems could come with 'IE-safe', which does not allow browsing outside the safe domain, so only someone who knows what they are doing will be able to download full browser and go to the big bad web.

I thought they already had that... (at one time anyway)

Re:Whats to be done

- "It sickening to here how ..."
- "I think using a computer should be though of more like using a ..."
- "... AOL type adds ..."
- "Another possible fix I like the idea of is to have a ..."
- "... whether apparently for the better or not."
- "As anyone who lives in a large city nows ..."
- "... unless you now how to ..."
- "rigirous"

etc.

It's also sickening to see how America's school system has utterly failed in your education.

Re:Whats to be done

[martinmcc]

They certainly have failed me, what, with me being from Ireland and all that. Oh well, at least I'm getting a proper education here at slashdot, thanks to the diligents of the ever present AC. Perhaps your proclavity to propagate corrections is a long time urning for perfect, or pehaps it is simply becuase your a dick. Anyway, I eagerly await your correction to this post (I'm not going to spend the time when you so obviously have it).

Cheers!

I've got their cancerware on my computer.

[Anti-Microsoft+Troll]

It's called "Windows Update."

Re:I've got their cancerware on my computer.

[sillyputty]

...and if these people had RUN that, they'd have had the new VM and wouldn't have been affected. But nobody wants to hear that.

sillyputty

Yeah,

coz Salon's going to get Slashdotted. I guess page widening has gotten boring for you, eh?

ReDefinition: Viral Marketing

[mcrbids]

I've always thought that "Viral Marketing" is when you design a product so that use of the product by the consumer promotes the product.

An example of this might be name brand T-shirts..

But this puts "viral marketing" in a whole new light...

wwws1.com

[Tottori]

Yup, like I said, I have a log full of lame server entries for wwws1.com -> translation, the program was sending her to wwws1.com and my DNS server when doing the resolving was reporting the fact that the DNS for wwws1.com is not setup correctly.

Specifically, wwws1.com has two nameservers, ns1.zonesnow.net and ns2.zonesnow.net. But only ns2.zonesnow.net actually knows about the domain. If your nameserver goes to ns1 first, it will report "lame server" then try the other.

Amusingly, the whois information (and hence top-level DNS servers) contain two completely different nameservers, NS1.QUIK-NET.NET and NS2.QUIK-NET.NET. Again only NS2 knows about the domain. This is common with badly configured DNS.

Print version without Pop-Up ad

The main article doesn't seem to display unless your browser makes some effort to load it's ad.
Here's a link to the printable version for those who don't want the page indirected flash ad.

http://www.salon.com/tech/feature/2002/05/07/malwa re/print.html

Just in case Slashdot gets slashdotted!!

from the remember-when-the-net-was-polite dept.

Selanit writes "Salon.com is reporting on a company which exploited a vulnerability in an old but common version of Internet Explorer's Java engine to install spyware on the visitor's machine. " It's a pretty in depth story showing the lack of respect that some companies have. My favorite part is that the guy who denies any knowledge of the trojan popup is named 'Frank Bigott'.

I had GoHip installed from outlook express

[iamr00t]

The only thing I did was look at the e-mail.
That was more than a year ago.

Fortunately they just replaced my homepage and search page in IE. No spyware.

Well, I don't use IE now anyways, but I use Outlook Express to read my Hotmail account.
Now I just turned off preview screen so I can delete spam and stuff without actualy rendering it.

Scary Stuff!

[newerbob]

Fortunately, I run ProximaBob, a pop-up killer that neuters Java and JavaScript from sites that I don't mark as trusted.

I hope this company is held accoutable.

There's another company that's nearly as bad: Real Networks. Ever see how much crap they try to install if you're not paying attention?

Our company now has RealPlayer on its banned list, because we consider it a virus.

Pop ups...

[keep_it_simple_stupi]

I got a pop up "trojan" for ya right here!


Damn there goes my Karma.

Not exactly a surprise...

[ari{Dal}]

it was only a matter of time before some unscrupulous ***hole took advantage of MS's unscrupulous coding to do something like this. The only surprise I got was that it took this long to happen, and is only now getting into the news. While I use IE for browsing, it's just because of things like this that I long ago disabled all active scripting, uninstalled flash, and never installed the MS virtual machine to begin with.

I also block any ad tracking site from setting cookies or sending popups through the nifty 'security' settings. Every time I find a cookie in my temp internet files that I don't recognize, the host automatically goes into 'ad tracking sites'.

Call me paranoid, but if it ain't plain HTML and static images, I don't wanna see it.

Too busy

What makes you think the CA AG's office isn't investigating?

cuz right now thar too busy 'vestigatin the guvnuh and his IT boyz over that Oracle boondoggle

You should sue

[kryzx]

You really should consider going after them in court. There are currently no federal laws restricting spam, but many states have laws.

Investigate your state laws here: http://law.spamcon.org/us-laws/index.shtml

Some of the states allow quite significant damages, for example, California law allows "damages of $50 per message, up to $25,000 per day, or its actual damages, whichever is greater."

If you are in a state with anti-spam laws you could really lay a hurtin' on them, and might even collect some dough in the process. (Although, given that we know they are unscrupulous, collecting will not be easy.)

Here are some other resources:
http://smallclaim.info/
http://www.spamcon.org/
http://www.aboutspam.com/
http://http://www.cauce.org/about/resources.shtml

Re:You should sue

you apparantly have to inform the spammer of your "no UCE" policy first. Kind of hard to do when you cannot actually find/contact them. :-(

Re:You should sue

EASY on every single one they tell you HOW to get in contact with them. They usually are trying to sell something. Well guess what 'Hey I would like to buy but im kinda afraid of this internet thingy, could we talk on the phone? could you send me some literature?' get the idea. If you act like they have hooked you they give you whatever you want and you can tell them off...

Yeah, well Mozilla sucks because...

Non-existant java support: (YOU try installing java and getting it to work, I've tried over 5 times and still I have to "download a plugin".

Plus those pesky tabbed windows take too much getting used to. They look great and all, but like most people I accidentally close the "main" window, thinking I'm closing an opened pane. GRRR!

It's nice for the pop-ups, but PLEASE get java working so I won't have to rely on IE and Netscape for the java stuff on the net

Re:Yeah, well Mozilla sucks because...

[EvilOpie]

Actually, to answer your question, it's not too hard to get java working on mozilla. It just takes an extra step. I have it working here and I'm using mozilla 0.9.9

First, go to Sun's Java page, and download their SDK for Java. Then run their installer and install that on your system. The next step is to go to the bin directory in the location where you just installed Java, and copy all the .dll's to your mozilla plugins directory. Then close (if it's running) and restart mozilla. After that, java support should work for you.

Re:Yeah, well Mozilla sucks because...

Actually with recent nightlies I have had astouding luck with all plugins. Try a good nightly.

i didn't get a popup window

Oh yeah, I am using lynx. :)

Wow....

[Wntrmute]

So what, exactly, gives you the right to deny them of funds like that? Now if you simply close the ad and don't click on it, thats one thing, but to never view it....

Good to see Jamie Kellner's got an account now.

Internet Explorer's WHAT machine?

[Rogerborg]

Correction: the Microsoft VM is not a Java Virtual Machine. It is a Virtual Machine that supports Java. Lest we forget, Sun had to fight long and hard to have a court uphold this. Check out the Microsoft security bulletin about this flaw and note that it is the "Microsoft® virtual machine (Microsoft VM)". Let's not tar JVM's with the same brush.

What about Alchemy's actions?

[nolife]

What about Alchemy's response:

When contacted by Salon on April 26 about reports of malicious code at the IntelliTech sites, Alchemy's vice president Jamie Daquino said his position was Shut down first, ask questions later.

"For someone to get written up as a virus, that's pretty serious. If they're doing what people are saying, it's illegal. We don't want to be associated with that," said Daquino.

I hate to quote so much but this is scary. This is Alchemy's response based on some info from Salon? Without even checking with IntelliTech first they simply "pull the plug"? After reading the articles I formed my own opinion that IntelliTech is complete trash but what gives Alchemy the right to simply pull the plug? I assume they have an official step by step to deal with issues of this nature but they appear to not use them. Alchemy basically states that they don't know what IntelliTech is doing, did not bother to ask, but pulled the plug anyway.

Re:What about Alchemy's actions?

[frost22]

It is a very sensible position. Shut down first, ivestiagte immediately after, then shut down permanent.

Alchemy has every right to pull the plug immediately. You might debate if they have the right to leave the thing unplugged without any investiagtion - but venture to guess they got someone to have a look at the site's code immediatley.

Bust 'em

[Mr+Happy]

If writing viruses can land you jail time (witness the fate of the author of Melissa) then the scum that distributed this code ought to be criminally prosecuted as well.

Its despicable enough to install files onto a user's machine without their consent but to turn off the protection they're relying on is disgusting.

Burn the bastards.

Re:PIM FORTUYN, 54, DUTCH FASCIST, FOUND DEAD

[cmdrtacos_mom]

Too bad, it sounds like someone we need in America. There are far too many brown skin people here.

ActiveX Backdoor

[Animats]

It's in the "ActiveX Backdoor" that Microsoft put in their VM. Microsoft lets Java programs load ActiveX controls, presumably so that Java programmers can be induced to create programs that won't run on non-Windows platforms. As Microsoft says,

The Microsoft virtual machine (Microsoft VM) contains functionality that allows ActiveX controls to be created and manipulated by Java applications or applets. This functionality is intended to only be available to stand-alone Java applications or digitally signed applets. However, this vulnerability allows ActiveX controls to be created and used from a web page, or from within a HTML based e-mail message, without requiring a signed applet.

Re:ActiveX Backdoor

There are also a series of MS built, COM friendly, Java "security" classes that can be used to break out of the VM sandbox. it's very easy to implement and allows untrusted applets to do pretty much anything.

Just call me Pandora

[ArhcAngel]

But with all the fuss here and on a couple of other sites I am finding it hard not to scratch the itch to go over to flowgo and see what all the fuss is about. Somebody hold me back!....HTTP://www.flogo.c....

Re:Just call me Pandora

[ArhcAngel]

Too Late! I got bit by a Gator and an ad for AT&T Wireless.

In Defense of Microsoft...

From reading the article, I got the impression this malware appears to take advantage of old exploits in Internet Explorer. IE with all the patches may not be not be affected by this.

Now excuse me...I feel like I need to take a shower.

Posted AC cause I don't want anyone to think that I would defend M$.

I got hit with this at work..

[RailGunner]

I came in to work the last friday morning and noted that McAfee Virus Scan had found this spyware on my machine. It's actually a bit of a pain to remove, but fortunately there doesn't seem to be any super destructive payload.

However, this did prompt me to do a few things at work, home, parents, in-laws, etc:

1. Check for the spyware

2. Remove all shortcuts to Internet Exploder

3. Install Opera 6.01

4. Install Mozilla RC1

5. Explain to less technologically inclined family that if a page doesn't render correctly in one, try the other, if it still doesn't render correctly, then email the webmaster of the site.

6. Despise Microsoft even more... even though I don't care who knows I visit Slashdot and Drudgereport.com... (though the principle of spyware pisses me off)

White of an Egg

[Roanna]

This comes from a joke, where you talk about
what you do with your finger (poke), and when
you sit in a nice hot bath you soak. In England a fellow is called a bloke. Now what is the white of an egg?

Flowgo/Funstun/Send4Fun use a very similar technique to get users to opt in to their spam lists. When you recieve a typical e-card (and not all of them but enough) there is a link in the first paragraph of the letter for ordinary pick up and a second link for AOL. You get a card from a friend and don't examine the links too closely. Besides the pattern is all the same.

Flowgo/Funstun/Send4Fun make their first link say something like "to see this card and recieve our great newsletter click here." The second link says "to see this card and recieve nothing," click here. Users who read carefully get no newsletter, but how many do?

Of course those who click the first link technically had a choice and are opting in. Opting in to receive a newsletter is not spam.

It's slimey and deceitful but since users technically opt in, I believe it's legal. I've gotten myself off Funstun/Flowgo's spam list twice. It's very easy to forget that the white of an egg is not a yolk.

For card education please visit Solla Sollew
http://nakedmolerat.org.uk/sollasollew It was my attempt at starting my own ladies' group.

Re:White of an Egg

[rgmoore]

As far as I know, though, you can't claim that once somebody has opted in they may no longer opt out. If the email administrator sends a message to Flowgo asking them to stop sending email, those people have now been opted out. At that point, further email from Flowgo is definitely spam, whether the users originally asked to be put on the list or not. That's why keeping records of the time that you asked them to stop sending the company email is so important.

Software nutrition information

[CaptainPhong]

The FDA has strict standards for listing nutrition information on food. A simple, consistant, easy to read, strictly formatted box shows you what's in it and how bad it is for you. IMHO, it works well (even for your average idiot at the grocery store), and is a Good Idea. Would it be so hard to do the same thing for software? Before installing, it presents the user a concise, consistantly formatted box that shows the user what the software does, what files it installs, what services/ports it uses over the internet, what information it collects, stores, uses and shares, and with whom it shares the information. Anybody who creates software that doesn't fit this policy gets heavily fined/jailed/deported/bludgeoned/etc.

Re:Software nutrition information

[BeeShoo]

Unfortunately, that food labeling law is not as effective as you might think (forgive me for going off topic by commenting on this). If a manufacturer includes someone else's product in his own product, let's say adding beef bullion to a company's soup for example, he does NOT have to list any of the ingredients in that 3rd party product. That 3rd party product could concievably contain several ingredients that you're allergic to (or worse), but there is no obligation under the law to list those ingredients. This is done constantly with MSG and NutraSweet (Aspertame).

Back on topic- Odds are that any software law passed would end up including a similar loophole.

Flowgo

[macdaddy]

That's all the farther I had to read. Anything beyond that is pointless. Flowgo is spam and nothing more. I block every single piece of flowgo netspace I can find. I also use the flowgoaway.com DNS blacklist. Block flowgo and you'll be a much happier mail admin.

Re:Flowgo

[mixbsd]

From the original article on salon.com: Online1net.com, along with wwws1.com and KoolKatalog, was summarily unplugged last week by Alchemy Communications, the Internet collocation facility that services New Directions.

Perhaps it would be a good idea if pressure was put onto flowgo's uplink to do the same thing - then we wouldn't need spam bouncers in place :)

Re:Flowgo

[macdaddy]

Problem is, Flowgo/eUniverse has numerous blocks scattered all over the place. Big pain in the ass to coordinate that mass bitch-slapping.

It's ALIVE

[nkrgovic]

How come no one noticed this:there was one a virus. Then that virus has met with anouther virus, they joined their "genes" and created a new one.

More simple they mutated. And I don't mean "mutated" like we usualy call a virus when someone changed it. I mean they did it on their one!!!!

Or, is you prefer it: they had sex...

Anyhow, these two viruses changed themselves on their own. I know that this was "probable" but so was evolution... Let's face it: we are witnessing a new life form being created here, or at least something like that....

THAT THING IS ALIVE!!!!!!!

The moral of this story is...

Don't use FUCKING MSIE!!!

YAFHF

For crying out loud ... not another @#$%^&* hot fix! This MS Java patch is ancient. In Internet time, it's prehistoric.

With Red Hat, I can login to RHN or can run "up2date --list" and find out if there are errata.

Why isn't there an easier way for MS [insert product name here] [insert version number here] users to identify what hot-fixes, security patches, and other miscellany software updates they need? I'll be a hemorrhoidal geriatic if I have to read ./ just to stay informed.

Bullet-proof computing

[freeweed]

Many people like to quote that 'all you need to do is run firewall x and anti-virus b' etc. which is fine for the tech savvy, but as we are all painfully aware, the majority is not tech savvy.

You know, it's precisely this attitude which pisses me off the most out of anything in the computer industry currently. For one thing, the above poster is right - the masses are NOT tech savvy. Nor should they have to be.

Hell, I'm tech savvy as far as that goes. But running a whole host of extra software and/or hardware just because we have weak laws/stupid people is NOT an acceptable answer. Think about it - if, instead of laws making it illegal to shoot people, we just said this:

"If you don't want to get shot, well, you shoulda worn a bullet proof vest and helmet when you went out."

I always shake my head when tech-related issues arise; it's as if people suddenly lose all common sense. I can freely walk down the street (for the most part) in the US without fear of being shot, sure it's a remote possibility, but everyone does and very few people get killed proportionally. Why oh WHY can't we use our computers freely also?

YOU LOST CAVALIER

Patrick Stewert was not a skinhead

That's actually quite a hard one to argue, given any picture or news footage of him. Or will you put a toupe on his head for the funeral?

Henry Clay was not a fascist

There are those who believe all men should be judged equally in the eyes of the law ("justice"). These people wrote the constitution of the French Republic, the USA, etc. Then there are those who believe in removing laws which prohibit discrimination, so not all men are equal in the eyes of the law. This is one of the primary characteristics of a fascist.

You are small and fat, and we will write nothing of your death, your simple existance for which noone bothered to recognize.

The death of myself will never reach the media.

Look! You breath now, and no one cares. What difference, then, comes from your death? Perhaps just another parking space at the local supermarket.

Hm, you sound a lot like a great literary figure, how appropriate that you supported Telly Savalas.

Your post, though a troll, is a joke, as is your life.

My troll was successful. You even admit to being trolled, but you're so full of clever ideas-fuelled inspiration that you just had to reply, didn't you? Hehe.

Long live Samual Jackson, he will be missed.

His booty, like his body, will be bustin', and he will only be missed by everyone such as yourself.

SLAP IT! SLAP IT! OH YEAH!

Brown people, black people, they're all ok, baby.

It's the Islamic mother fuckers that fuck us.

Black made/inspired music is the best, really. Jazz, rock-n-roll, hip hop, blues.

And frankly, nothin' better than slappin' da black booty!

EUniverse...

EUniverse's network is the #6 most traffic'd network on the internet, right behind MSN. They operate flowgo and a bunch of other entertainment sites and create all the flash games and things like killing Osama, etc. They make their money from 1) Collecting and selling e-mails, 2) selling replacement ink catridges, and 3) ads. They are and have been profitable for a long time and have their main office in downtown LA.

Disabled

[phriedom]

Not quite. It disables itself if there is a firewall program running. I assume so that it doesn't get detected. If there is no gatekeeper, then it goes ahead and downloads other programs and installs them. If that isn't malicious intent I don't know what is. It makes sure you aren't watching before it trys something.

How do you block OnClose?

[jerryasher]

I use Mozilla and have it configured through the Advanced preferences not to pop things up. How do I block OnClose or other specific elements of JavaScript?

Re: How do you block OnClose?

[elemental23]

You already have. That setting disables opening new windows onLoad or onUnload. onUnload is what's being used when you see new windows open as you close a different one.

Re: How do you block OnClose?

[jerryasher]

Since I can't contribute (except for bug reports) to Mozilla, I dislike appearing critical, but I wish it were a bit more obvious and configurable what is happening with these Advanced Scripting options. (Or if I could configure them on a site by site basis.)

Yes, I am a TV Junkie. I find tvguide.com invaluable, but tvguide.com uses popups to show a closer look of each show:

closer = window.open("", "CloserLook", opts);
closer.focus();

On Mozilla 0.9.9 the only thing I allow JavaScript to do is to "Open a link in a new Window". This lets me use TV Guide, and keeps almost all other popups away. On Mozilla 1.0RC1, I have to enable "Open unrequested windows". Yikes, if I want my TV Guide popups, I also get all the other pop ups in the world.

So I am still not sure what I need to be doing to get TV Guide to work once more while keeping the junk popups away

Spyware indeed...

[pyser]

When I try to access the Salon article, Opera (NT4, which I have to run here at work) Dr. Watsons. Every time.

DMCA protects viruses like this

How long before one of these Malware authors sues McAffee for reverse engineering their virus/adware/trojan/spyware program.

I would love to see them get trounced by McAffee and see the DMCA get destroyed in the process.

then I'd like to see the author get punished under virus laws.

Affected Systems:

[bill_mcgonigle]

Internet Explorer running on Microsoft Windows

Systems not affected:
Internet Explorer running on Macintosh
Internet Explorer running on Solaris
Netscape running on Windows
Netscape running on Macintosh
Netscape running on Linux
Netscape running on Solaris
Netscape running on BSD
Mozilla running on Windows
Mozilla running on Macintosh
Mozilla running on Linux
Mozilla running on Solaris
Mozilla running on HP/UX
Mozilla running on BeOS
Mozilla running on AIX
Mozilla running on VMS
Opera running on Windows
Opera running on Macintosh
Opera running on Linux

etc.

(they forgot to mention this in the article. Not that any patterns are starting to appear...)

Comet Cursor, Movie Networks, Gator, Bonzi Buddy

[Renraku]

They all try the same thing. They simply start an installer and demand that you click next and that you agree to the EULA (which I don't think is shown, but they assume you've already read it). And Movie Networks tries to disconncet/dial into some CA-based server to download the rest of it. It doesn't even ask, it just says, "Disconnecting to call remote server" or something like that. Good thing I have DSL, or it would have made the call. Companies like that should be sued. It would be like watching a commercial, only to have a product arrive at your house, along with a bill demanding money.

Go team

Keeping Up Appearances!

An Endless Cycle

[Roanna]

This crap with invasive software, opt-in by deception, and just plain garbage is going to go on forever until and unless users get more savvy or those in the know take the time to train them.

I tried some of this last summer with awful
results. I was in a group that is now defunct called the Secret Garden. I think it is now called http://rainbowofhope.tripod.com

I was head of the Support committee which meant we not only made web pages with graphic gifts but we also sent tons of cards.

I got up a good discussion on ecards and I showed my committee a spam trap and explained why it was bad. It was a card an actual member had sent.

The fireworks exploded. The woman who sent the card knew I meant what I said when I said it wasn't her fault.

Another member who had the ear of our Fearless Leader, Jules, did not. She feared she would be at the wrong end of the tirade I was directing at the spam pit, Flowgo.

I explained over and over to Jules the need to make spam traps a public issue and that providing good support means no spam. Jules worried about hurt feelings. I worried about screw ups.

I got through though when I said that the last thing any of us needed was to send a Flowgo/Funstun card to a sick or bereaved member and stick someone who has more than enough stress with the stress of spam.

We began to test card providers by sending cards amongst ourselves. Again, this does not take much skill. I think we would have gone much further if Jules hadn't pulled her cop de tat.

I think people can learn. Sometimes I wish they wouldn't. I'm currently head of RAOK's guestbook committee and lately there has been a huge drop off in the number of guestbook signings. The reason is that Bravenet is no longer as stable as it was precrash. I didn't pick RAOK's guestbook provider. It also throws two to three popups a signing. Signing a Bravenet guestbook just isn't much fun any more.

By the way, I feel about Bravenet the way a lot of you feel about Flowgo/Funstun/Send4Fun. At least the guestbook signers are avoiding garbage.

Alchemy calls kettle black

[rev_doc80]

I love it -- the article quotes Jamie from Alchemy (which is owned by pr0n company Babenet) as saying their policy is shut down first, ask questions later, but witness an article at Wired which discusses the gohip virus Alchemy was installing on peoples computers two years ago!

ObSimpsonsQuote:

[kubrick]

Homer: "Can I have some money now?"

Crap

My dad made the mistake of installing an "xp improvment" program that he was linked to off of a popup...i don't have any information off of what site it came from, but i do know that it preforms a function similar to norton's Clean Sweep, only doesn't do a very good job. I ended up losing half of the shortcuts on the computer. Had to re-install my virus prevention, and Photoshop's UserInterface font is now missing.

In his account, everytime there is a 404 not found, it routes you to Lop.com, which installed a "toolbar" that takes you to lop.com.

moral of the story is don't let other people use your computer. Also, if anyone knows how to restore the quicklaunch show desktop shortcut, i'd be much obliged.

ps. don't go to lop.com

apparently, FlowGo has a FORUM, visit !

http://forums.justsaywow.com/

WNAD.EXE

[BillX]

http://cexx.org/osama.htm

The wnad.exe program initiates connection to www.rankyou.com:80 and other sites, apparently for the purpose of transferring personal information and downloading targeted advertising for later display. According to reports, wnad.exe hijacks the Web browser to display pop-up ads every hour or so. While it is claimed that the purpose of the software is to raise money for the American Red Cross, the suspicious activities associated with
the software tend to cast distrust on these claims.

no, that's not quite how it works

[hawk]

the price of the newspaper covers roughly the distribution cost. The content, printing, staff, profit, etc. come from ads.

However, advertisers won't pay (or at least not nearly as much) to advertise in something free. They take the number of paid subscribers--even if it's only a small amount--as a measure of how many people actually read it.

hawk

Re:no, that's not quite how it works

[SkyLeach]

So why do they charge more for the distribution of the sunday paper? Because it's heavier. Why is it heavier? All those adds.

You are paying to get it brought to you so that you can pay another company (your trash pickup) to haul it away on Monday. :-)

The Computer Misuse Act 1990 (UK)

[Martin+Spamer]

If you live in the UK (or EU) then this is already illegal under section 1 of the Computer misuse act. Since this act is a result of EU Treaty obligations similar legislation exist accross the EU.

This same legislation could theoretically be used against junk emailers.

'The Computer Misuse Act 1990'
Section 1;

1.--(1) A person is guilty of an offence if--
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
(2) The intent a person has to have to commit an offence under this section need not be directed at--
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.
(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.

http://www.hmso.gov.uk/acts/acts1990/Ukpga_19900 01 8_en_1.htm

Salon misreporting on OPPA

Hollings's proposed bill would require customers to be able to opt out of the "nonsensitive" information gathering as well. Salon, for some reason, has chosen to ignore this.