Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojans and Popups and Slimeball Business

Posted by CmdrTaco on from the remember-when-the-net-was-polite dept.

Selanit writes "Salon.com is reporting on a company which exploited a vulnerability in an old but common version of Internet Explorer's Java engine to install spyware on the visitor's machine. " It's a pretty in depth story showing the lack of respect that some companies have. My favorite part is that the guy who denies any knowledge of the trojan popup is named 'Frank Bigott'.

10 of 269 comments (clear)

  1. Actually by CaptainZapp · · Score: 4, Informative
    You can cough up 30$ a year (50$ for 2) and enjoy Salon in its entirety and completely ad-free.

    I'm aware, that this doesn't necessarily sit well with a lot of people here, but wtf...

    --
    ich bin der musikant

    mit taschenrechner in der hand

    kraftwerk

    1. Re:Actually by benjymous · · Score: 4, Informative

      Or just install Mozilla which has pretty decent popup prevention (i.e. it still allows the popups that result from a user click, but not the ones that pages generate on load/exit/etc)

      --
      Help me! I'm turning into a grapefruit!
    2. Re:Actually by benjymous · · Score: 3, Informative

      Preferences -> Advanced -> Scripts and Windows and uncheck "Open unrequested windows" (and any others that take your fancy)

      --
      Help me! I'm turning into a grapefruit!
  2. Re:That would explain why he didn't get it by Nos. · · Score: 3, Informative
    wwws1.com was the intended address

    Yup, like I said, I have a log full of lame server entries for wwws1.com -> translation, the program was sending her to wwws1.com and my DNS server when doing the resolving was reporting the fact that the DNS for wwws1.com is not setup correctly.

    Who said anything about www.s1.com?
  3. Ad-aware by DeadSea · · Score: 5, Informative

    Ad-aware is a Windows program from Lavasoft that will remove spyware from your computer. It is freeware. There is also a plus version available for a fee that will run in the background and prevent spyware from being installed.

  4. You should sue by kryzx · · Score: 3, Informative
    You really should consider going after them in court. There are currently no federal laws restricting spam, but many states have laws.

    Investigate your state laws here: http://law.spamcon.org/us-laws/index.shtml

    Some of the states allow quite significant damages, for example, California law allows "damages of $50 per message, up to $25,000 per day, or its actual damages, whichever is greater."

    If you are in a state with anti-spam laws you could really lay a hurtin' on them, and might even collect some dough in the process. (Although, given that we know they are unscrupulous, collecting will not be easy.)

    Here are some other resources:
    http://smallclaim.info/
    http://www.spamcon.org/
    http://www.aboutspam.com/
    http://http://www.cauce.org/about/resources.shtml

    --
    "I don't know half of you half as well as I should like, and I like less than half of you half as well as you deserve."
  5. Re:Microsoft, security and Java... by Rogerborg · · Score: 5, Informative
    • Isn't it odd that the only Java security exploit to be used in the wild is in the VM produced by Microsoft that didn't obey the Java spec.

    Yeah, I posted it elsewhere, but it bears repeating that the "Microsoft® virtual machine (Microsoft VM)" is not a Java Virtual Machine (JVM, the old name), and Microsoft are no longer allowed to call it that after being bitchslapped around a few courts by Sun. Let's keep the Microsoft VM and the Sun JRE clear and distinct in our minds.

    --
    If you were blocking sigs, you wouldn't have to read this.
  6. Re:Microsoft, security and Java... by Steveftoth · · Score: 2, Informative

    Sun sued Microsoft for extending the spec, not for a bad implementation!

    If you look at that MS was doing to the Java APIs (not the language or VM), you will see that they tried to get people to write code to their APIs that tied people to their MS x86 Java Platform which was against the agreement they had with Sun.

    Netscape just had a bad implementation of Java.

  7. ActiveX Backdoor by Animats · · Score: 3, Informative
    It's in the "ActiveX Backdoor" that Microsoft put in their VM. Microsoft lets Java programs load ActiveX controls, presumably so that Java programmers can be induced to create programs that won't run on non-Windows platforms. As Microsoft says,

    The Microsoft virtual machine (Microsoft VM) contains functionality that allows ActiveX controls to be created and manipulated by Java applications or applets. This functionality is intended to only be available to stand-alone Java applications or digitally signed applets. However, this vulnerability allows ActiveX controls to be created and used from a web page, or from within a HTML based e-mail message, without requiring a signed applet.

  8. Re:Yeah, well Mozilla sucks because... by EvilOpie · · Score: 2, Informative

    Actually, to answer your question, it's not too hard to get java working on mozilla. It just takes an extra step. I have it working here and I'm using mozilla 0.9.9

    First, go to Sun's Java page, and download their SDK for Java. Then run their installer and install that on your system. The next step is to go to the bin directory in the location where you just installed Java, and copy all the .dll's to your mozilla plugins directory. Then close (if it's running) and restart mozilla. After that, java support should work for you.

    --
    -Through the server, over the router, off the firewall... Nothing but 'Net!