Trojans and Popups and Slimeball Business

Selanit writes "Salon.com is reporting on a company which exploited a vulnerability in an old but common version of Internet Explorer's Java engine to install spyware on the visitor's machine. " It's a pretty in depth story showing the lack of respect that some companies have. My favorite part is that the guy who denies any knowledge of the trojan popup is named 'Frank Bigott'.

I wonder if this is true...

[Marx_Mrvelous]

There are a few things about the article that don't seem to make sense, aside from the basic premise and the guy's name. Is this another internet rumour that slipped into the press? Anyone have real-live experience with this?

Re:I wonder if this is true...

[Parsa]

Actually I just got off the phone with my mother about this because I was working on her work computer last week because of these viruses. She wasn't sure where they had come from and when I did a search on the Internet for them there were a lot of differing ideas on their origin.

What's kinda scary is the network admin wouldn't do anything to help. Norton Antivirus would say it had been quarantined but after she reboots all the processses are still listed in her Task Manager. I just forwarded this on to her to give to the admin so maybe he can take care of this now.

Ah, the irony

[Faust7]

I love how the article is titled "The Pop-Up Ad Campaign from Hell"--and you get a pop-up when you first visit it. Also a nice Flash ad delay when you hit Back. Yep.

Re:Ah, the irony

[Tackhead]

> I love how the article is titled "The Pop-Up Ad Campaign from Hell"--and you get a pop-up when you first visit it. Also a nice Flash ad delay when you hit Back.

Really? Funny, I never saw that. Of course, I don't do Javashit. Or Flush. Gee, it really sucks to be in the dark ages, maybe I should upgrade... tomorrow. :)

Re:Ah, the irony

[ZanshinWedge]

Yes, very odd. Oh wait, I didn't see anything like that.

Maybe my settings are broken for stuff like that.

Maybe they're broken intentionally.

Microsoft, security and Java...

[MosesJones]

Isn't it odd that the only Java security exploit to be used in the wild is in the VM produced by Microsoft that didn't obey the Java spec.

Now a cynical person would say that this would enable Microsoft to point at Java and say "Java is insecure" but of course I'm not a cynical person and I'm sure it was purely an accident.

Re:Microsoft, security and Java...

[Rogerborg]

• Isn't it odd that the only Java security exploit to be used in the wild is in the VM produced by Microsoft that didn't obey the Java spec.

Yeah, I posted it elsewhere, but it bears repeating that the "Microsoft® virtual machine (Microsoft VM)" is not a Java Virtual Machine (JVM, the old name), and Microsoft are no longer allowed to call it that after being bitchslapped around a few courts by Sun. Let's keep the Microsoft VM and the Sun JRE clear and distinct in our minds.

Re:Microsoft, security and Java...

[Steveftoth]

Sun sued Microsoft for extending the spec, not for a bad implementation!

If you look at that MS was doing to the Java APIs (not the language or VM), you will see that they tried to get people to write code to their APIs that tied people to their MS x86 Java Platform which was against the agreement they had with Sun.

Netscape just had a bad implementation of Java.

The line gets thinner

[ringbarer]

How is this type of cancerware distinguishable from a virus that spreads by exploiting security vunerabilities?

It seems that all the Klez and Chernobyl kiddies have gone and got themselves some venture capital, and are turning their malware into a business.

Re:The line gets thinner

[startled]

Thinner? Thinner my ass! "How is this type of cancerware distinguishable from a virus that spreads by exploiting security vunerabilities?" It's not! The state's AG should be prosecuting these guys as we speak. I certainly hope he does; maybe he's just gathering evidence or something.

This is definitely illegal. There is no thin line here-- it is unauthorized, malicious, and destructive modification of someone else's box. I hope these fuckers get nailed.

Re:The line gets thinner

[RollingThunder]

Well, technically, there is a line.

Klez, CIH, etc, all spread themselves as 100% self-contained packages, and all it takes is one slip to have it "escape" - which gives you a bit of weasel room.

This grungeware requires servers to connect to, which means concious ongoing support.

IMO, that's worse than virus writing - although it at least provides a single point of killing it off.

Um..

[xtermz]

...Call me naive, but why isnt that states attorney general investigating this company? This is nothing short of corporate sponsored hax0ring.

I didnt see any mention in the article of somebody lodging a criminal or even civil complaint.

I think a big reason these companies get away with this crap is that nobody takes them to task for what they are doing...

Re:Um..

[ocelotbob]

...Call me naive, but why isnt that states attorney general investigating this company? This is nothing short of corporate sponsored hax0ring.

from the article:

Susan Henrichsen, deputy attorney general for the state of California, declined to comment on specifics of the IntelliTech situation. But she noted that downloading software onto someone's computer without permission is tantamount to hacking.

Sounds like the AG is looking into them. They probably are just getting their ducks into a row for a criminal case. With tech crimes like this, they don't want to make any mistakes and let someone go free who would have otherwise gone to jail.

'scuse my language, but

[eples]

From the article:

• Flowgo
• eUniverse
• IntelliTech Web Solutions
• KoolKatalog
• Volton Technologies

WHO THE FUCK ARE THESE PEOPLE?! Never heard of a single one of them - figures they'd be polluting the Internet.
Shouldn't these shitty companies have DIED last year?!

Re:'scuse my language, but

[hagardtroll]

Yes. The .com weenies who are still struggling to survive are doing it with questionable ethics.

You notice as available VC goes down, the number of pop-ups, subscriptions and sleazy sites go up.

I like to think that eventually the sleazy and make-abuck-quick companies will finally go under, and the web will be more like it was before. A communications medium for PEOPLE to communcate, rather than a giant catalog that consumers can shop from.

I can dream.

Re:'scuse my language, but

[kubrick]

I can dream.

A lot of the large media companies would be happier if no other competition existed for people's attention. A lot of the recent legislation is aimed not only at controlling the means of media consumption, but also the means of media production.

In ten years, it could be illegal to put up a web site or run an ISP without arranging content licensing and censoring (like, say, Iran or China).

Don't like it? Get active about it.

You can dream, but the reality gets more and more like a nightmare each day. :(

That would explain...

[Nos.]

all those lame server on wwws1.com entries in my log files. My girlfriend's computer got hit by this, and I cleared it out (eventually). Funny, guys who can write these programs to monitor everything you do on the 'net, but can't setup DNS properly.

Re:Not a good day for M$ on Slashdot

[spencerogden]

Please define: A Good day for M$ on Slashdot.

Re:How Exactly

[ThePilgrim]

Sir,

With refrence to your order CR12345778092

We are sorry to tell you that your order is in a holding queue.

As you will be aware all transactions require the primaries signiture signed in triplicate in BLOOD.

Unfortunatly you seam to have taken this to mean the blood of any conviniant human near by.

We require the signature to be in your blood.

We are sorry for the delay this missunderstanding has caused and look forward to taking possession of your soul at the earlist.

Yours,

B. L. Z. Bub

Head of Customour Resources

Hell

Block Flowgo at SMTP

[toupsie]

Flowgo has been a burr in my britches for quite a while. It appears that everyone of my e-mail users gets "newsletters" from Flowgo. About 30% admit to visiting the Flowgo site but swear up and down that they did not request the newsletter. At first, I tried to be nice and contact Flowgo and ask for them to remove my employee from their newsletters (its easier than trying to instruct them to do it). Got back no response. At first I was shocked that Flowgo would not remove them. So after giving them a week, I went into my Postfix configuration and blocked off any e-mail from Flowgo. That was 5 months ago. Still today, I bounce 50 to 100 messages from Flowgo from my mail server. I noticed that several blackhole lists are doing the same now.

There has to be a solution to this sort of problem. About the only way I could get Flowgo to stop SPAMMING my mail server is to call up a buddy of Tony Soprano to break their knees because Flowgo doesn't care and I have never, ever, ever been able to get one of my elected officials or law enforcement agency to pay any interest in Unsolicited Commercial E-Mail. Its not like Flowgo is hiding its behavior either. It should be easy to get them but no one that matters or has the power, gives a damn about this huge waste of bandwidth.

Re:Block Flowgo at SMTP

[buss_error]

I've had FlowGo blocked for almost a year. I still bounce mail from them to the tune of several dozen a day. Perhaps it's time for an RBL nomination? SPEWS, anyone?

Re:Block Flowgo at SMTP

[Skapare]

I've been blocking flowgo and euniverse for over a year. These people are totally slimy, and they haven't figured that mail bounces. These people give the human race a bad name.

Re:Block Flowgo at SMTP

[toupsie]

I've been blocking flowgo and euniverse for over a year. These people are totally slimy, and they haven't figured that mail bounces. These people give the human race a bad name.

Hey, how dare you even compare a Flowgo employee to a human being! Its an insult to human beings. I agree, these people are slimy. The only way they will be stopped is by the law or an (un)fortunate act of God. If several of us are bouncing their e-mails for 5 months+, they just don't give a damn. It obviously doesn't hurt them financially to send out e-mails that bounce. I assume they are reporting only what they send out to clients, not what is received. That might be an avenue to attack Flowgo. Like Capone being busted for tax evasion, you might to have to hit Flowgo with something outside their normal crime. Since a lot of their e-mails are being bounced and they don't care that they are being bounced, it would be a decepetive trade practice for them to sell to clients the ability to e-mail a certain number of Internet Users knowing full well they can never reach their target audience because of SMTP blocks and RBLs.

Just a thought, I still like the idea of breaking knees to solve a problem like this. Its just more up close and personal. Tony Soprano, where are you when I need ya, baby?

Re:Block Flowgo at SMTP

[BlueUnderwear]

you could always change it to forward all emails from their domain to the administrative address for their domain. Make them read their own spam =)

This helps. I had to do this last year when Bellsouth just wouldn't kick a joe-jobbing spammer that forged mails in my name. Eventually, I forwarded all the bounces to them (tech support, management, sales, ... and in the end even customers...).

Re:Block Flowgo at SMTP

[Fizyx]

>"Power tends to corrupt, and absolute power corrupts absolutely." -- Lord Acton

"Power tends to corrupt, and absolute power is actually pretty cool." -- Tom Clancy (The Bear and the Dragon)

Re:Block Flowgo at SMTP

[toupsie]

Interesting. Very, very interesting.

Even better than tech support, SALES!

Re:Block Flowgo at SMTP

[rgmoore]

About the only way I could get Flowgo to stop SPAMMING my mail server is to call up a buddy of Tony Soprano to break their knees because Flowgo doesn't care and I have never, ever, ever been able to get one of my elected officials or law enforcement agency to pay any interest in Unsolicited Commercial E-Mail.

Have you considered threatening a lawsuit? I realize that they're not the most popular thing on Slashdot, but when somebody is doing something illegal and annoying they're about your only recourse. Many states now have at least some kind of anit-spam laws, so if you've kept a record of your email asking them to stop sending mail to your users and the mail they've kept sending, you'd have a pretty good case. A nice, polite cease and desist letter sent by registered mail would likely get their attention, and if it didn't a lawsuit for the applicable statutory damages per message certainly would. If your company already has a legal counsel, it wouldn't even cost you anything.

Re:Block Flowgo at SMTP

[toupsie]

Have you considered threatening a lawsuit?

Lawsuit is a good idea. I wish I could but I can't get my corporate council interested in going after a SPAMMER when he has bigger fish to fry for the company. However, I still think breaking kneecaps would be more satifying than legal action.

Re:Block Flowgo at SMTP

[arivanov]

They are located in California which has both suitable antispam laws and antihacking laws.

The lawsuit wil need to be filed by a resident of the state.

Re:Block Flowgo at SMTP

[sharkey]

"Power tends to corrupt, and absolute power is actually pretty cool." -- Tom Clancy (The Bear and the Dragon)

"Power corrupts, and absolute power is even more fun." -- Simon (BOFH)

Big-Boo-TAY

[burgburgburg]

It's John Big-Boo-TAY!!!

Yep - definitely

[BenHmm]

I have.

Many times: it's why I now use Mozilla (well, that and the tabbed browsing and...and...and...) and Ad Aware.

Mostly it seems to be dialler programs for offshore ISPs. Porn, basically.

Use IE unprotected for a while, then run AdAware - it's quite scary.

Re:Yep - definitely

[5KVGhost]

I have. Many times: it's why I now use Mozilla (well, that and the tabbed browsing and...and...and...) and Ad Aware.

Regardless of which browser anyone chooses to use, I'd hope they're more dilligent about updgrading and/or patching than the people in this article were. All browsers have weaknesses and vulnerabilities, both known and unknown.

I've never had anything infect or self-install on my machines, even when I ran without virus scanner for a while. About the worst I've seen are cookies, and they're easy enough to deal with.

Re:Yep - definitely

[gmack]

Or go to top100.org/altlist.com and wonder why your searches are all now going to 2ksearch.com and MSN search is now completly inaccessable. They helfully overwrite c:\windows\hosts and redirect auto.search.msn.com for you.

One really has to wonder what sort of idiot thought that having the abillity to overwrite any file from any random website was a good idea.

It's not even an exploit really.

Re:Yep - definitely

[inquisitor]

Regardless of which browser anyone chooses to use, I'd hope they're more dilligent about updgrading and/or patching than the people in this article were. All browsers have weaknesses and vulnerabilities, both known and unknown.

A good point, especially as NS6/Mozilla had a very similar security hole themselves, which is why it was FORBIDDEN on the FreeBSD ports tree until they put in an unofficial patch (they're very good at that - icecast, for example, is currently in the same situation and pine has a series of warnings when you try to compile). If you read bugtraq, like I do, you'd also have seen a buffer overflow in the IRC component.

It's very hard to be totally secure, and it's not really fair to denigrate Microsoft when a patch has available for months (viz CodeRed/Nimda), or RedHat when people are still using 5.2.

A good day for microsoft would be:

[pommiekiwifruit]

404: This page not available.

Actually

[CaptainZapp]

You can cough up 30$ a year (50$ for 2) and enjoy Salon in its entirety and completely ad-free.

I'm aware, that this doesn't necessarily sit well with a lot of people here, but wtf...

Re:Actually

[benjymous]

Or just install Mozilla which has pretty decent popup prevention (i.e. it still allows the popups that result from a user click, but not the ones that pages generate on load/exit/etc)

Re:Actually

[Krelnik]

> You can cough up 30$ a year (50$ for 2)
> and enjoy Salon in its entirety and
> completely ad-free.

Or simply do what I do. Put *.salon.com in your RESTRICTED SITES security zone, and have all scripting and plugins disabled in that zone. Voila, I never get popups on Salon. Still see some normal ads, but they are tolerable.

This doesnt work with all sites, because some also use Javascript for navigation or other essential stuff, but Salon currently doesn't.

Re:Actually

[GregWebb]

Didn't last time I tried, or did I tick the wrong option?

I _loved_ popup blocking - totally forgot that some sites did it - but it stopped some stuff from working so I had to turn it off. How can I get this wonderful option to work?

Re:Actually

[ncc74656]

Or just install Mozilla which has pretty decent popup prevention

My ad-filtering proxy (updated block list available through this page) blocks the Flash ad they try to send. Editing the URL in the address bar brings you back to the Flash ad (which gets replaced with a 1x1 transparent GIF by the proxy). You also need to remove the cookies set by Salon and block them from sending any more cookies (the same page came up fine in Lynx when I told it to not accept Salon's cookies). Select Edit|Preferences, select "Cookies" under "Privacy & Security," and click "Manage Stored Cookies." Check "Don't allow removed cookies to be reaccepted later," scroll through the list of cookies, and remove the ones set by Salon (I found two, sent by salon.com and www.salon.com).

Re:Actually

[benjymous]

Preferences -> Advanced -> Scripts and Windows and uncheck "Open unrequested windows" (and any others that take your fancy)

Re:Actually

[SkyLeach]

I just wish I could get the newspaper add-free for what I *PAY* for it.

You know that those $2.00 sunday papers are payed for 10x over by the companies putting ads in them and then they have the fscking nerve to turn around and charge the customer more money to deliver the extra 10lbs of ads.

Give me add-fee paper publications and I'll start reading hardcopy news again.

That would explain why he didn't get it

[maggard]

all those lame server on wwws1.com entries in my log files. [...] Funny, guys who can write these programs to monitor everything you do on the 'net, but can't setup DNS properly.

Whoah there quick-at-the-mouth. wwws1.com was the intended address, not www.s1.com. Their strategy worked exactly as intended by providing a reasuring-looking domain.

Re:That would explain why he didn't get it

[Nos.]

wwws1.com was the intended address

Yup, like I said, I have a log full of lame server entries for wwws1.com -> translation, the program was sending her to wwws1.com and my DNS server when doing the resolving was reporting the fact that the DNS for wwws1.com is not setup correctly.

Who said anything about www.s1.com?

LA Based ? CPC 502 applies

[UncleFluffy]

It's about time someone got put away for this sort of crap.

California Penal Code, look for section 502

Re:LA Based ? CPC 502 applies

[dattaway]

By "put away," what methods are you suggesting?

Prison?
Concrete shoes?
In the trunk of a car?
Handcuffed to the floor in a crack house?

Sounds good, but could you be more specific?

Re:LA Based ? CPC 502 applies

[Amazing+Quantum+Man]

Sentenced to watch Barney the dinosaur 24 hours a day...

Of course, that might violate the 8th Amendment.

Re:LA Based ? CPC 502 applies

[arivanov]

The methods used by Philip the IVth in france on the d'Honet brothers. Should be applied to all spammers. Unfortunately the judicial system seems to disagree.

If you do not know french history here is the list:

1. Break all limbs on the weel.
2. Casrate and show the removed offending material to the public
3. Skin alive
4. Dip into boiling oil
5. Hang what is left on a hook upside down
6. Leave for the crows to finish off.

That is of course in public.

It should be enough to do it once for anyone not to think of spamming as a business idea.

Re:LA Based ? CPC 502 applies

[UncleFluffy]

By "put away," what methods are you suggesting?

I would suggest putting them in prison, with the words "I put something where it didn't belong without asking, please do the same to me" tattooed on their foreheads.

Another reason why choice is good.

[aao-brad]

I think this is the problem with M$ trying to take over the world, so to speak. If all users in the world had to use M$ products and browsers, this kind of thing would happen a lot more. Why? There are a lot of other slimeball businesses out there thinking up ways of doing things, and I bet they'd read this article and wonder why they didn't think of it first.

With that in mind, if the slimeballs knew that they can target one platform / browser (which is the case now as most normal people use IE anyway), they can devise things like this. Personally I use Mozilla, and tonight I'm converting to Linux, so this won't be much of an issue. I just wish more people knew there were other choices out there besides M$, and then they wouldn't fall victim to this.

Re:Another reason why choice is good.

[Steveftoth]

Another reason this works is because since everyone runs the same platform, but doesn't update the software to the newest version. These exploits would not work (as well) if everybody went to microsoft.com and downloaded the newest version every day.

It was only a matter of time...

[GnomeKing]

Companies appear to be using more and more dodgy ways to make money from us

Spyware for targetted ads... Scumware for stealing our resources... using exploits to do whatever they like

whats next?
deleting competitors software? (or even worse, dissabling it/making it give incorrect results in such a way that the user doesnt know its been tampered with)
Installing backdoors so they can verify that your not using their software illegaly?

I feel increasingly that we, the consumers, need to have some sort of protected from spyware, scumware, companies who exploit security problems and the next generation of click through "but you signed your kidneys over to microsoft when you bought office!"

Re:It was only a matter of time...

[swordgeek]

"deleting competitors software?"

Kazaa is pretty close to this: Install it, and the bundled adware deletes your install of Ad-Aware.

"Installing backdoors so they can verify that your not using their software illegaly?"

Whether or not MS is prosecuting, XP has the ability to do this.

"Oh brave new world, that has such people in it!"
*sigh*

Re:It was only a matter of time...

[cicho]

Not Kazaa. RadLight. They've been slapped for this and apparently stopped.

M$ bought by VA Software

[Tharsis]

although, I admit, all preceding days would have to be pretty bad.

What's scarier

[shawnmelliott]

I don't know what's scarier. This article or that a related article at the bottom of this one talks about our "friend" Fritz who wants to "protect" spyware by defining what's sensitive.

Quote
The second is "nonsensitive" information, and among that will include your name, address, and records of anything you buy or surf on the Internet. Under the act, business can't collect or divulge the sensitive bits without your express consent, but anything classified as nonsensitive can be freely collected and sold at will.
End Quote

The article can be found here

Re:Shouldn't this count as a computer crime?

[RatOmeter]

I think so. In fact, I'll be surprised if we do not see this going to court. If any of the affected PC's belong to a fortune 500 or larger company, I can nearly guarantee it. What I think should happen is that a class action suit be filed on behalf of all of the common people who were affected.

Heck, I'm sure if I the same exploits to upload even 1 teeny-tiny file to a PC, let's say, at a local bank. Guaran-damn-tee I'd be in lockup the next day.

The company behind this needs to be more than bitchslapped. They're going down.

That comment is not insightful

[Darren+Winsper]

It's just a statement with no supporting evidence.

Re:That comment is not insightful

[MillionthMonkey]

>>>Come on. Netscape's engine didn't follow the Java spec. In fact, it had more violations that Microsoft's engine.
>>That comment is not insightful
>>It's just a statement with no supporting evidence.
> Hey; don't complain - the same scheme worked
> for YOUR comment; you got modded up.

He didn't make any statement that needed any more supporting evidence than the post he was responding to.

Re:That comment is not insightful

[spectecjr]

He didn't make any statement that needed any more supporting evidence than the post he was responding to.

If you had written applets between 1996 and 1998 using Netscape's VM, the Sun JVM and the Microsoft JVM at the time, and tried to get the same code working on all three, you wouldn't have needed any corroboration.

One of the worst was that Netscape's VM used completely different Z-Order to everyone else's. Their security manager was different.

I'd come up with more examples, but I've blocked out that awful part of my memory.

Simon

Re:r-e-s-p-e-c-t

[gfxguy]

I have to take issue with this. I really hate MS, believe me, but the fact is they (as well as a lot of bad things) make products that are user friendly and have lot's of features that, if not abused, could make a much nicer computing experience for everyone.

It is their problem that people are abusing it, but it's not their fault people are abusing it. I compare this to the luxery of having a convertable - it'd be really nice if it weren't so damned easy to break into, but it's not the car makers fault it happens - they just need to work on a way to help prevent it. And the fact is that people LIKE convertables - it's a feature.

The sad fact is that while MS is horrible about securing their products, it's the crackers and punks and phreaks that make it difficult for everybody. Sure, I'm approaching this from an existentialist point of view - not particularly realistic - but you have to blame the people that are maliciously taking advantage of a problem as well the company that fails to correct it.

It's crackers fault I have to spend my money and time protecting against break-ins. Even if you are well protected, these people steal my money and waste my time and that latter part is unforgivable. Yes, I feel the same way about the people who make it necessary for my house and car to need locks and an alarm system. I know it's reality, but those are the people I blame for making it reality.

Ok, now I'm venting, pardon the rant. I like dogging MS as much as the next guy, but the people who are violating your privacy are the ones that need your antagonism.

internet explorer slashdot story icon

[ubiquitin]

This is the first time I can remember seeing a I.E. icon (Mac-style) on a slashdot story. How appropriate that the story is about the most annoying feature of Microsoft's browsing apps: javascript pop-up hell. But seriously, times have never been better for non Internet Explorer browsers: Opera, Konquerer, iCab, Chimera, and Mozilla are all extremely usable at this point.

Moot licensing?

[Denium]

IANAL but...

If a piece of software *is* malicious spyware, it would be counterintuitive to ask the user to authorize its use and consent to a license agreement.

So -- let's assume that the software exploits the hole and, in the process, causes damage to your machine. Because you did not agree to the usual clickwrap, (software is AS IS, etc etc) could you hold the company liable for this?

Just a thought :)

Re:Moot licensing?

[nuggz]

Good idea, no waiver of incidental damage, could be quite a heavy hit.

Re:Moot licensing?

[A.Soze]

This brings up the question of legality within a contract. If the software could be construed to be damaging to a system, is the contract (license agreement) valid at all? I seem to remember somthing to the effect that, if a contract spells out something illegal in its terms, it ceases to become a valid contract. Wouldn't this revoke all permissions and open the floodgates?

Speaking of slimeball tactics....

[artemis67]

You may remember that, immediately after Sept. 11, a very popular popup making the rounds was for a game called "Yo Mama, Osama". If you clicked the ad and played the game, of course, it installed a spyware app (don't recall which one).

While technically not any different from the way other spyware are distributed, it still tops the list in my book for the sleaziest thing I've yet seen in spyware, i.e., capitalizing on the emotional turmoil for 9/11.

Re:Speaking of slimeball tactics....

[peddrenth]

the sleaziest thing I've yet seen in spyware, i.e., capitalizing on the emotional turmoil for 9/11

No, respectable people would never do that, would they? Respectable people like, hmmm, THE FBI???

What bothers me...

[j-turkey]

What bothers me the most, is that Federal Law Enforcement agencies have been going after individuals who crack corprate machines for years -- and hitting them with hard criminal charges (or in some cases, just throwing them in jail without clear or formal criminal charges).

Its clear that the federal government is zealous in its crusade to protect corporate America from "hackers". But who protects individuals from shady companies?

Its also clear that the company behind the trojan popups has engaged in criminal activity...but where the hell is the criminal investigation -- anyone being brought up on charges? At most -- we might see some fiducary damages awarded to someone (but not anyone here -- and not to anybody we know)...but if the feds can throw Kevin in jail -- I want the fuckers responsible for this kind of malicous marketing in jail too...(don't forget spammers either).


-Turkey

Re:What bothers me...

[Amazing+Quantum+Man]

Its clear that the federal government is zealous in its crusade to protect corporate America from "hackers". But who protects individuals from shady companies?

<SARCASM>
Companies and corporations can do no wrong! Just ask Senator Disney^H^H^H^H^H^HHollings. On the other hand, those Evil Unamerican Terrorist Hacker Content Pirates(tm) are a threat to our very way of life!!!!!
</SARCASM>

To comply with the ADA, SARCASM tags have been added for the sarcasm impaired.

look here.

[leuk_he]

the hun It has a warning about exploit a site linked here used.

Investigate this! (warning: lot's of pink images, don't investigate at work).

Ad-aware

[DeadSea]

Ad-aware is a Windows program from Lavasoft that will remove spyware from your computer. It is freeware. There is also a plus version available for a fee that will run in the background and prevent spyware from being installed.

Re:Ad-aware

[Schrodinger's+Mouse]

Hear, hear. I've got it running on my parents' Winbox, and whenever I mooch^H^H^H^H^Hvisit I have it clear out all the piggybacking crap my teenaged brother installs. It's a nice little program. Now if only it could knock some sense into the kid...

Re:r-e-s-p-e-c-t

[gmack]

Personally I blame both sides.. on one hand you have some idiot taking advantage but on the other MS should have considered the security implictions before a lot of those features were shown the light of day.

Whats to be done

[martinmcc]

It sickening to here how low some people will go to earn a few extra bucks, but such is the world we live in. The real problem is how to deal with it. Many people like to quote that 'all you need to do is run firewall x and anti-virus b' etc. which is fine for the tech savvy, but as we are all painfully aware, the majority is not tech savvy.

I think using a computer should be though of more like using a car than a calculator - no one would dream of sitting in a car and going for a drive before taking some lessons and getting a license (apart from a joyrider perhaps), yet many people phone DELL-U-WANT, order their box and sit down thinking they will be able to browse away, most getting very irrate when it doesn't work out. People need to realise that to use a computer they need to put in time and effort to learn how to first, which is something not helped by all the AOL type adds saying how easy it is.

Another possible fix I like the idea of is to have a 'safe zone' - The WWW is a large and mostly free place, and I for one do not want to see ANY legislation changing that, whether apparently for the better or not. As anyone who lives in a large city nows, you don't go to the bad end of town unless you now how to handle yourself, people will learn to stay in the safe zone. It could work by having a controlling body which hands out domains (here.sfe etc.). Anyone using this site must sign a rigirous contract of use, forbidding any type of exploitation of the vunerable users. Thus, any company exploiting in the domain will be liable through breach of contract, and leaves the rest of the internet free for those of us who now what we are doing. Systems could come with 'IE-safe', which does not allow browsing outside the safe domain, so only someone who knows what they are doing will be able to download full browser and go to the big bad web.

These solutions are far from perfect, and do leave room for exploitation, but I think the're better than the 'I'm safe, I don't care' attitute, and a bit more constructive than 'lets melt the &"%$ in a vat of acid' solution :).

ReDefinition: Viral Marketing

[mcrbids]

I've always thought that "Viral Marketing" is when you design a product so that use of the product by the consumer promotes the product.

An example of this might be name brand T-shirts..

But this puts "viral marketing" in a whole new light...

I had GoHip installed from outlook express

[iamr00t]

The only thing I did was look at the e-mail.
That was more than a year ago.

Fortunately they just replaced my homepage and search page in IE. No spyware.

Well, I don't use IE now anyways, but I use Outlook Express to read my Hotmail account.
Now I just turned off preview screen so I can delete spam and stuff without actualy rendering it.

Scary Stuff!

[newerbob]

Fortunately, I run ProximaBob, a pop-up killer that neuters Java and JavaScript from sites that I don't mark as trusted.

I hope this company is held accoutable.

There's another company that's nearly as bad: Real Networks. Ever see how much crap they try to install if you're not paying attention?

Our company now has RealPlayer on its banned list, because we consider it a virus.

Not exactly a surprise...

[ari{Dal}]

it was only a matter of time before some unscrupulous ***hole took advantage of MS's unscrupulous coding to do something like this. The only surprise I got was that it took this long to happen, and is only now getting into the news. While I use IE for browsing, it's just because of things like this that I long ago disabled all active scripting, uninstalled flash, and never installed the MS virtual machine to begin with.

I also block any ad tracking site from setting cookies or sending popups through the nifty 'security' settings. Every time I find a cookie in my temp internet files that I don't recognize, the host automatically goes into 'ad tracking sites'.

Call me paranoid, but if it ain't plain HTML and static images, I don't wanna see it.

You should sue

[kryzx]

You really should consider going after them in court. There are currently no federal laws restricting spam, but many states have laws.

Investigate your state laws here: http://law.spamcon.org/us-laws/index.shtml

Some of the states allow quite significant damages, for example, California law allows "damages of $50 per message, up to $25,000 per day, or its actual damages, whichever is greater."

If you are in a state with anti-spam laws you could really lay a hurtin' on them, and might even collect some dough in the process. (Although, given that we know they are unscrupulous, collecting will not be easy.)

Here are some other resources:
http://smallclaim.info/
http://www.spamcon.org/
http://www.aboutspam.com/
http://http://www.cauce.org/about/resources.shtml

Wow....

[Wntrmute]

So what, exactly, gives you the right to deny them of funds like that? Now if you simply close the ad and don't click on it, thats one thing, but to never view it....

Good to see Jamie Kellner's got an account now.

Internet Explorer's WHAT machine?

[Rogerborg]

Correction: the Microsoft VM is not a Java Virtual Machine. It is a Virtual Machine that supports Java. Lest we forget, Sun had to fight long and hard to have a court uphold this. Check out the Microsoft security bulletin about this flaw and note that it is the "Microsoft® virtual machine (Microsoft VM)". Let's not tar JVM's with the same brush.

What about Alchemy's actions?

[nolife]

What about Alchemy's response:

When contacted by Salon on April 26 about reports of malicious code at the IntelliTech sites, Alchemy's vice president Jamie Daquino said his position was Shut down first, ask questions later.

"For someone to get written up as a virus, that's pretty serious. If they're doing what people are saying, it's illegal. We don't want to be associated with that," said Daquino.

I hate to quote so much but this is scary. This is Alchemy's response based on some info from Salon? Without even checking with IntelliTech first they simply "pull the plug"? After reading the articles I formed my own opinion that IntelliTech is complete trash but what gives Alchemy the right to simply pull the plug? I assume they have an official step by step to deal with issues of this nature but they appear to not use them. Alchemy basically states that they don't know what IntelliTech is doing, did not bother to ask, but pulled the plug anyway.

Re:What about Alchemy's actions?

[frost22]

It is a very sensible position. Shut down first, ivestiagte immediately after, then shut down permanent.

Alchemy has every right to pull the plug immediately. You might debate if they have the right to leave the thing unplugged without any investiagtion - but venture to guess they got someone to have a look at the site's code immediatley.

ActiveX Backdoor

[Animats]

It's in the "ActiveX Backdoor" that Microsoft put in their VM. Microsoft lets Java programs load ActiveX controls, presumably so that Java programmers can be induced to create programs that won't run on non-Windows platforms. As Microsoft says,

The Microsoft virtual machine (Microsoft VM) contains functionality that allows ActiveX controls to be created and manipulated by Java applications or applets. This functionality is intended to only be available to stand-alone Java applications or digitally signed applets. However, this vulnerability allows ActiveX controls to be created and used from a web page, or from within a HTML based e-mail message, without requiring a signed applet.

Re:Yeah, well Mozilla sucks because...

[EvilOpie]

Actually, to answer your question, it's not too hard to get java working on mozilla. It just takes an extra step. I have it working here and I'm using mozilla 0.9.9

First, go to Sun's Java page, and download their SDK for Java. Then run their installer and install that on your system. The next step is to go to the bin directory in the location where you just installed Java, and copy all the .dll's to your mozilla plugins directory. Then close (if it's running) and restart mozilla. After that, java support should work for you.

Software nutrition information

[CaptainPhong]

The FDA has strict standards for listing nutrition information on food. A simple, consistant, easy to read, strictly formatted box shows you what's in it and how bad it is for you. IMHO, it works well (even for your average idiot at the grocery store), and is a Good Idea. Would it be so hard to do the same thing for software? Before installing, it presents the user a concise, consistantly formatted box that shows the user what the software does, what files it installs, what services/ports it uses over the internet, what information it collects, stores, uses and shares, and with whom it shares the information. Anybody who creates software that doesn't fit this policy gets heavily fined/jailed/deported/bludgeoned/etc.

Flowgo

[macdaddy]

That's all the farther I had to read. Anything beyond that is pointless. Flowgo is spam and nothing more. I block every single piece of flowgo netspace I can find. I also use the flowgoaway.com DNS blacklist. Block flowgo and you'll be a much happier mail admin.

Re:Flowgo

[macdaddy]

Problem is, Flowgo/eUniverse has numerous blocks scattered all over the place. Big pain in the ass to coordinate that mass bitch-slapping.

Re:What if...

[freeweed]

Well, considering how effective viruses and other exploits have been on the Windows platform, I'd think it'd be pronounced "Beeg-lawg-Oh".

Bullet-proof computing

[freeweed]

Many people like to quote that 'all you need to do is run firewall x and anti-virus b' etc. which is fine for the tech savvy, but as we are all painfully aware, the majority is not tech savvy.

You know, it's precisely this attitude which pisses me off the most out of anything in the computer industry currently. For one thing, the above poster is right - the masses are NOT tech savvy. Nor should they have to be.

Hell, I'm tech savvy as far as that goes. But running a whole host of extra software and/or hardware just because we have weak laws/stupid people is NOT an acceptable answer. Think about it - if, instead of laws making it illegal to shoot people, we just said this:

"If you don't want to get shot, well, you shoulda worn a bullet proof vest and helmet when you went out."

I always shake my head when tech-related issues arise; it's as if people suddenly lose all common sense. I can freely walk down the street (for the most part) in the US without fear of being shot, sure it's a remote possibility, but everyone does and very few people get killed proportionally. Why oh WHY can't we use our computers freely also?

Affected Systems:

[bill_mcgonigle]

Internet Explorer running on Microsoft Windows

Systems not affected:
Internet Explorer running on Macintosh
Internet Explorer running on Solaris
Netscape running on Windows
Netscape running on Macintosh
Netscape running on Linux
Netscape running on Solaris
Netscape running on BSD
Mozilla running on Windows
Mozilla running on Macintosh
Mozilla running on Linux
Mozilla running on Solaris
Mozilla running on HP/UX
Mozilla running on BeOS
Mozilla running on AIX
Mozilla running on VMS
Opera running on Windows
Opera running on Macintosh
Opera running on Linux

etc.

(they forgot to mention this in the article. Not that any patterns are starting to appear...)

Re:What if...

[glitch!]

The interviewer calls him "Mr. Bigott" and then:

Frank Bigott: "Excuse me, but it's pronounced 'Bee-GOH'."

Well, assuming that the sound of his name has anything to do with anything, the double 't' at the end prevents it from being silent. I assume that you are trying to apply French pronounciation rules here.

My question is why the apparent joke about this name. I rememberback in 7th grade, one of my friends found a picture of a truck or van with "Fucker" painted on the side. It was a German company, I believe, but we sure had a lot of laughs over that one. Ha! Ha! Boy, isn't that funny! I think we all got tired of it by the time we were in 8th grade, though. Maybe it was a part of growing up.

Comet Cursor, Movie Networks, Gator, Bonzi Buddy

[Renraku]

They all try the same thing. They simply start an installer and demand that you click next and that you agree to the EULA (which I don't think is shown, but they assume you've already read it). And Movie Networks tries to disconncet/dial into some CA-based server to download the rest of it. It doesn't even ask, it just says, "Disconnecting to call remote server" or something like that. Good thing I have DSL, or it would have made the call. Companies like that should be sued. It would be like watching a commercial, only to have a product arrive at your house, along with a bill demanding money.

Re:happily unsupported

[BroadbandBradley]

the usual disclaimer is: We don't support Linux, but there are sources of support elsewhere.

I don't know about you but I find Linux is WAY easier to use.

Re: How do you block OnClose?

[jerryasher]

Since I can't contribute (except for bug reports) to Mozilla, I dislike appearing critical, but I wish it were a bit more obvious and configurable what is happening with these Advanced Scripting options. (Or if I could configure them on a site by site basis.)

Yes, I am a TV Junkie. I find tvguide.com invaluable, but tvguide.com uses popups to show a closer look of each show:

closer = window.open("", "CloserLook", opts);
closer.focus();

On Mozilla 0.9.9 the only thing I allow JavaScript to do is to "Open a link in a new Window". This lets me use TV Guide, and keeps almost all other popups away. On Mozilla 1.0RC1, I have to enable "Open unrequested windows". Yikes, if I want my TV Guide popups, I also get all the other pop ups in the world.

So I am still not sure what I need to be doing to get TV Guide to work once more while keeping the junk popups away

no, that's not quite how it works

[hawk]

the price of the newspaper covers roughly the distribution cost. The content, printing, staff, profit, etc. come from ads.

However, advertisers won't pay (or at least not nearly as much) to advertise in something free. They take the number of paid subscribers--even if it's only a small amount--as a measure of how many people actually read it.

hawk

Re:no, that's not quite how it works

[SkyLeach]

So why do they charge more for the distribution of the sunday paper? Because it's heavier. Why is it heavier? All those adds.

You are paying to get it brought to you so that you can pay another company (your trash pickup) to haul it away on Monday. :-)

The Computer Misuse Act 1990 (UK)

[Martin+Spamer]

If you live in the UK (or EU) then this is already illegal under section 1 of the Computer misuse act. Since this act is a result of EU Treaty obligations similar legislation exist accross the EU.

This same legislation could theoretically be used against junk emailers.

'The Computer Misuse Act 1990'
Section 1;

1.--(1) A person is guilty of an offence if--
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
(2) The intent a person has to have to commit an offence under this section need not be directed at--
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.
(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.

http://www.hmso.gov.uk/acts/acts1990/Ukpga_19900 01 8_en_1.htm