Trojans and Popups and Slimeball Business

Selanit writes "Salon.com is reporting on a company which exploited a vulnerability in an old but common version of Internet Explorer's Java engine to install spyware on the visitor's machine. " It's a pretty in depth story showing the lack of respect that some companies have. My favorite part is that the guy who denies any knowledge of the trojan popup is named 'Frank Bigott'.

Ah, the irony

[Faust7]

I love how the article is titled "The Pop-Up Ad Campaign from Hell"--and you get a pop-up when you first visit it. Also a nice Flash ad delay when you hit Back. Yep.

Microsoft, security and Java...

[MosesJones]

Isn't it odd that the only Java security exploit to be used in the wild is in the VM produced by Microsoft that didn't obey the Java spec.

Now a cynical person would say that this would enable Microsoft to point at Java and say "Java is insecure" but of course I'm not a cynical person and I'm sure it was purely an accident.

Re:Microsoft, security and Java...

[Rogerborg]

• Isn't it odd that the only Java security exploit to be used in the wild is in the VM produced by Microsoft that didn't obey the Java spec.

Yeah, I posted it elsewhere, but it bears repeating that the "Microsoft® virtual machine (Microsoft VM)" is not a Java Virtual Machine (JVM, the old name), and Microsoft are no longer allowed to call it that after being bitchslapped around a few courts by Sun. Let's keep the Microsoft VM and the Sun JRE clear and distinct in our minds.

The line gets thinner

[ringbarer]

How is this type of cancerware distinguishable from a virus that spreads by exploiting security vunerabilities?

It seems that all the Klez and Chernobyl kiddies have gone and got themselves some venture capital, and are turning their malware into a business.

Um..

[xtermz]

...Call me naive, but why isnt that states attorney general investigating this company? This is nothing short of corporate sponsored hax0ring.

I didnt see any mention in the article of somebody lodging a criminal or even civil complaint.

I think a big reason these companies get away with this crap is that nobody takes them to task for what they are doing...

'scuse my language, but

[eples]

From the article:

• Flowgo
• eUniverse
• IntelliTech Web Solutions
• KoolKatalog
• Volton Technologies

WHO THE FUCK ARE THESE PEOPLE?! Never heard of a single one of them - figures they'd be polluting the Internet.
Shouldn't these shitty companies have DIED last year?!

Re:'scuse my language, but

[hagardtroll]

Yes. The .com weenies who are still struggling to survive are doing it with questionable ethics.

You notice as available VC goes down, the number of pop-ups, subscriptions and sleazy sites go up.

I like to think that eventually the sleazy and make-abuck-quick companies will finally go under, and the web will be more like it was before. A communications medium for PEOPLE to communcate, rather than a giant catalog that consumers can shop from.

I can dream.

Re:'scuse my language, but

[kubrick]

I can dream.

A lot of the large media companies would be happier if no other competition existed for people's attention. A lot of the recent legislation is aimed not only at controlling the means of media consumption, but also the means of media production.

In ten years, it could be illegal to put up a web site or run an ISP without arranging content licensing and censoring (like, say, Iran or China).

Don't like it? Get active about it.

You can dream, but the reality gets more and more like a nightmare each day. :(

That would explain...

[Nos.]

all those lame server on wwws1.com entries in my log files. My girlfriend's computer got hit by this, and I cleared it out (eventually). Funny, guys who can write these programs to monitor everything you do on the 'net, but can't setup DNS properly.

Re:Not a good day for M$ on Slashdot

[spencerogden]

Please define: A Good day for M$ on Slashdot.

Block Flowgo at SMTP

[toupsie]

Flowgo has been a burr in my britches for quite a while. It appears that everyone of my e-mail users gets "newsletters" from Flowgo. About 30% admit to visiting the Flowgo site but swear up and down that they did not request the newsletter. At first, I tried to be nice and contact Flowgo and ask for them to remove my employee from their newsletters (its easier than trying to instruct them to do it). Got back no response. At first I was shocked that Flowgo would not remove them. So after giving them a week, I went into my Postfix configuration and blocked off any e-mail from Flowgo. That was 5 months ago. Still today, I bounce 50 to 100 messages from Flowgo from my mail server. I noticed that several blackhole lists are doing the same now.

There has to be a solution to this sort of problem. About the only way I could get Flowgo to stop SPAMMING my mail server is to call up a buddy of Tony Soprano to break their knees because Flowgo doesn't care and I have never, ever, ever been able to get one of my elected officials or law enforcement agency to pay any interest in Unsolicited Commercial E-Mail. Its not like Flowgo is hiding its behavior either. It should be easy to get them but no one that matters or has the power, gives a damn about this huge waste of bandwidth.

Re:Block Flowgo at SMTP

[BlueUnderwear]

you could always change it to forward all emails from their domain to the administrative address for their domain. Make them read their own spam =)

This helps. I had to do this last year when Bellsouth just wouldn't kick a joe-jobbing spammer that forged mails in my name. Eventually, I forwarded all the bounces to them (tech support, management, sales, ... and in the end even customers...).

Yep - definitely

[BenHmm]

I have.

Many times: it's why I now use Mozilla (well, that and the tabbed browsing and...and...and...) and Ad Aware.

Mostly it seems to be dialler programs for offshore ISPs. Porn, basically.

Use IE unprotected for a while, then run AdAware - it's quite scary.

Re:Yep - definitely

[gmack]

Or go to top100.org/altlist.com and wonder why your searches are all now going to 2ksearch.com and MSN search is now completly inaccessable. They helfully overwrite c:\windows\hosts and redirect auto.search.msn.com for you.

One really has to wonder what sort of idiot thought that having the abillity to overwrite any file from any random website was a good idea.

It's not even an exploit really.

A good day for microsoft would be:

[pommiekiwifruit]

404: This page not available.

Actually

[CaptainZapp]

You can cough up 30$ a year (50$ for 2) and enjoy Salon in its entirety and completely ad-free.

I'm aware, that this doesn't necessarily sit well with a lot of people here, but wtf...

Re:Actually

[benjymous]

Or just install Mozilla which has pretty decent popup prevention (i.e. it still allows the popups that result from a user click, but not the ones that pages generate on load/exit/etc)

Re:Actually

[benjymous]

Preferences -> Advanced -> Scripts and Windows and uncheck "Open unrequested windows" (and any others that take your fancy)

Re:That would explain why he didn't get it

[Nos.]

wwws1.com was the intended address

Yup, like I said, I have a log full of lame server entries for wwws1.com -> translation, the program was sending her to wwws1.com and my DNS server when doing the resolving was reporting the fact that the DNS for wwws1.com is not setup correctly.

Who said anything about www.s1.com?

LA Based ? CPC 502 applies

[UncleFluffy]

It's about time someone got put away for this sort of crap.

California Penal Code, look for section 502

Re:LA Based ? CPC 502 applies

[dattaway]

By "put away," what methods are you suggesting?

Prison?
Concrete shoes?
In the trunk of a car?
Handcuffed to the floor in a crack house?

Sounds good, but could you be more specific?

What's scarier

[shawnmelliott]

I don't know what's scarier. This article or that a related article at the bottom of this one talks about our "friend" Fritz who wants to "protect" spyware by defining what's sensitive.

Quote
The second is "nonsensitive" information, and among that will include your name, address, and records of anything you buy or surf on the Internet. Under the act, business can't collect or divulge the sensitive bits without your express consent, but anything classified as nonsensitive can be freely collected and sold at will.
End Quote

The article can be found here

Re:Shouldn't this count as a computer crime?

[RatOmeter]

I think so. In fact, I'll be surprised if we do not see this going to court. If any of the affected PC's belong to a fortune 500 or larger company, I can nearly guarantee it. What I think should happen is that a class action suit be filed on behalf of all of the common people who were affected.

Heck, I'm sure if I the same exploits to upload even 1 teeny-tiny file to a PC, let's say, at a local bank. Guaran-damn-tee I'd be in lockup the next day.

The company behind this needs to be more than bitchslapped. They're going down.

Re:r-e-s-p-e-c-t

[gfxguy]

I have to take issue with this. I really hate MS, believe me, but the fact is they (as well as a lot of bad things) make products that are user friendly and have lot's of features that, if not abused, could make a much nicer computing experience for everyone.

It is their problem that people are abusing it, but it's not their fault people are abusing it. I compare this to the luxery of having a convertable - it'd be really nice if it weren't so damned easy to break into, but it's not the car makers fault it happens - they just need to work on a way to help prevent it. And the fact is that people LIKE convertables - it's a feature.

The sad fact is that while MS is horrible about securing their products, it's the crackers and punks and phreaks that make it difficult for everybody. Sure, I'm approaching this from an existentialist point of view - not particularly realistic - but you have to blame the people that are maliciously taking advantage of a problem as well the company that fails to correct it.

It's crackers fault I have to spend my money and time protecting against break-ins. Even if you are well protected, these people steal my money and waste my time and that latter part is unforgivable. Yes, I feel the same way about the people who make it necessary for my house and car to need locks and an alarm system. I know it's reality, but those are the people I blame for making it reality.

Ok, now I'm venting, pardon the rant. I like dogging MS as much as the next guy, but the people who are violating your privacy are the ones that need your antagonism.

Moot licensing?

[Denium]

IANAL but...

If a piece of software *is* malicious spyware, it would be counterintuitive to ask the user to authorize its use and consent to a license agreement.

So -- let's assume that the software exploits the hole and, in the process, causes damage to your machine. Because you did not agree to the usual clickwrap, (software is AS IS, etc etc) could you hold the company liable for this?

Just a thought :)

What bothers me...

[j-turkey]

What bothers me the most, is that Federal Law Enforcement agencies have been going after individuals who crack corprate machines for years -- and hitting them with hard criminal charges (or in some cases, just throwing them in jail without clear or formal criminal charges).

Its clear that the federal government is zealous in its crusade to protect corporate America from "hackers". But who protects individuals from shady companies?

Its also clear that the company behind the trojan popups has engaged in criminal activity...but where the hell is the criminal investigation -- anyone being brought up on charges? At most -- we might see some fiducary damages awarded to someone (but not anyone here -- and not to anybody we know)...but if the feds can throw Kevin in jail -- I want the fuckers responsible for this kind of malicous marketing in jail too...(don't forget spammers either).


-Turkey

Re:What bothers me...

[Amazing+Quantum+Man]

Its clear that the federal government is zealous in its crusade to protect corporate America from "hackers". But who protects individuals from shady companies?

<SARCASM>
Companies and corporations can do no wrong! Just ask Senator Disney^H^H^H^H^H^HHollings. On the other hand, those Evil Unamerican Terrorist Hacker Content Pirates(tm) are a threat to our very way of life!!!!!
</SARCASM>

To comply with the ADA, SARCASM tags have been added for the sarcasm impaired.

Ad-aware

[DeadSea]

Ad-aware is a Windows program from Lavasoft that will remove spyware from your computer. It is freeware. There is also a plus version available for a fee that will run in the background and prevent spyware from being installed.

Re:r-e-s-p-e-c-t

[gmack]

Personally I blame both sides.. on one hand you have some idiot taking advantage but on the other MS should have considered the security implictions before a lot of those features were shown the light of day.

You should sue

[kryzx]

You really should consider going after them in court. There are currently no federal laws restricting spam, but many states have laws.

Investigate your state laws here: http://law.spamcon.org/us-laws/index.shtml

Some of the states allow quite significant damages, for example, California law allows "damages of $50 per message, up to $25,000 per day, or its actual damages, whichever is greater."

If you are in a state with anti-spam laws you could really lay a hurtin' on them, and might even collect some dough in the process. (Although, given that we know they are unscrupulous, collecting will not be easy.)

Here are some other resources:
http://smallclaim.info/
http://www.spamcon.org/
http://www.aboutspam.com/
http://http://www.cauce.org/about/resources.shtml

Internet Explorer's WHAT machine?

[Rogerborg]

Correction: the Microsoft VM is not a Java Virtual Machine. It is a Virtual Machine that supports Java. Lest we forget, Sun had to fight long and hard to have a court uphold this. Check out the Microsoft security bulletin about this flaw and note that it is the "Microsoft® virtual machine (Microsoft VM)". Let's not tar JVM's with the same brush.

ActiveX Backdoor

[Animats]

It's in the "ActiveX Backdoor" that Microsoft put in their VM. Microsoft lets Java programs load ActiveX controls, presumably so that Java programmers can be induced to create programs that won't run on non-Windows platforms. As Microsoft says,

The Microsoft virtual machine (Microsoft VM) contains functionality that allows ActiveX controls to be created and manipulated by Java applications or applets. This functionality is intended to only be available to stand-alone Java applications or digitally signed applets. However, this vulnerability allows ActiveX controls to be created and used from a web page, or from within a HTML based e-mail message, without requiring a signed applet.

Software nutrition information

[CaptainPhong]

The FDA has strict standards for listing nutrition information on food. A simple, consistant, easy to read, strictly formatted box shows you what's in it and how bad it is for you. IMHO, it works well (even for your average idiot at the grocery store), and is a Good Idea. Would it be so hard to do the same thing for software? Before installing, it presents the user a concise, consistantly formatted box that shows the user what the software does, what files it installs, what services/ports it uses over the internet, what information it collects, stores, uses and shares, and with whom it shares the information. Anybody who creates software that doesn't fit this policy gets heavily fined/jailed/deported/bludgeoned/etc.

Affected Systems:

[bill_mcgonigle]

Internet Explorer running on Microsoft Windows

Systems not affected:
Internet Explorer running on Macintosh
Internet Explorer running on Solaris
Netscape running on Windows
Netscape running on Macintosh
Netscape running on Linux
Netscape running on Solaris
Netscape running on BSD
Mozilla running on Windows
Mozilla running on Macintosh
Mozilla running on Linux
Mozilla running on Solaris
Mozilla running on HP/UX
Mozilla running on BeOS
Mozilla running on AIX
Mozilla running on VMS
Opera running on Windows
Opera running on Macintosh
Opera running on Linux

etc.

(they forgot to mention this in the article. Not that any patterns are starting to appear...)