Trojans and Popups and Slimeball Business

← Back to Stories (view on slashdot.org)

Trojans and Popups and Slimeball Business

Posted by CmdrTaco on Tuesday May 7, 2002 @02:08AM from the remember-when-the-net-was-polite dept.

Selanit writes "Salon.com is reporting on a company which exploited a vulnerability in an old but common version of Internet Explorer's Java engine to install spyware on the visitor's machine. " It's a pretty in depth story showing the lack of respect that some companies have. My favorite part is that the guy who denies any knowledge of the trojan popup is named 'Frank Bigott'.

14 of 269 comments (clear)

Ah, the irony by Faust7 · 2002-05-07 02:11 · Score: 5, Funny

I love how the article is titled "The Pop-Up Ad Campaign from Hell"--and you get a pop-up when you first visit it. Also a nice Flash ad delay when you hit Back. Yep.

--
The coolest voice ever.
Microsoft, security and Java... by MosesJones · 2002-05-07 02:11 · Score: 5, Funny

Isn't it odd that the only Java security exploit to be used in the wild is in the VM produced by Microsoft that didn't obey the Java spec.

Now a cynical person would say that this would enable Microsoft to point at Java and say "Java is insecure" but of course I'm not a cynical person and I'm sure it was purely an accident.

--
An Eye for an Eye will make the whole world blind - Gandhi
1. Re:Microsoft, security and Java... by Rogerborg · 2002-05-07 04:04 · Score: 5, Informative
  Isn't it odd that the only Java security exploit to be used in the wild is in the VM produced by Microsoft that didn't obey the Java spec.
  
  Yeah, I posted it elsewhere, but it bears repeating that the "Microsoft® virtual machine (Microsoft VM)" is not a Java Virtual Machine (JVM, the old name), and Microsoft are no longer allowed to call it that after being bitchslapped around a few courts by Sun. Let's keep the Microsoft VM and the Sun JRE clear and distinct in our minds.
  --
  If you were blocking sigs, you wouldn't have to read this.
The line gets thinner by ringbarer · 2002-05-07 02:11 · Score: 5, Insightful

How is this type of cancerware distinguishable from a virus that spreads by exploiting security vunerabilities?

It seems that all the Klez and Chernobyl kiddies have gone and got themselves some venture capital, and are turning their malware into a business.

--
"Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
Um.. by xtermz · 2002-05-07 02:16 · Score: 4, Insightful

...Call me naive, but why isnt that states attorney general investigating this company? This is nothing short of corporate sponsored hax0ring.

I didnt see any mention in the article of somebody lodging a criminal or even civil complaint.

I think a big reason these companies get away with this crap is that nobody takes them to task for what they are doing...

--

I lost my concept of community when my community lost all concept of me.
'scuse my language, but by eples · 2002-05-07 02:22 · Score: 4, Flamebait
From the article:
- Flowgo
- eUniverse
- IntelliTech Web Solutions
- KoolKatalog
- Volton Technologies
WHO THE FUCK ARE THESE PEOPLE?! Never heard of a single one of them - figures they'd be polluting the Internet.
Shouldn't these shitty companies have DIED last year?!
--
I'm a 2000 man.
1. Re:'scuse my language, but by hagardtroll · 2002-05-07 02:31 · Score: 4, Interesting
  
  Yes. The .com weenies who are still struggling to survive are doing it with questionable ethics.
  
  You notice as available VC goes down, the number of pop-ups, subscriptions and sleazy sites go up.
  
  I like to think that eventually the sleazy and make-abuck-quick companies will finally go under, and the web will be more like it was before. A communications medium for PEOPLE to communcate, rather than a giant catalog that consumers can shop from.
  
  I can dream.
Block Flowgo at SMTP by toupsie · 2002-05-07 02:34 · Score: 5, Interesting

Flowgo has been a burr in my britches for quite a while. It appears that everyone of my e-mail users gets "newsletters" from Flowgo. About 30% admit to visiting the Flowgo site but swear up and down that they did not request the newsletter. At first, I tried to be nice and contact Flowgo and ask for them to remove my employee from their newsletters (its easier than trying to instruct them to do it). Got back no response. At first I was shocked that Flowgo would not remove them. So after giving them a week, I went into my Postfix configuration and blocked off any e-mail from Flowgo. That was 5 months ago. Still today, I bounce 50 to 100 messages from Flowgo from my mail server. I noticed that several blackhole lists are doing the same now.
There has to be a solution to this sort of problem. About the only way I could get Flowgo to stop SPAMMING my mail server is to call up a buddy of Tony Soprano to break their knees because Flowgo doesn't care and I have never, ever, ever been able to get one of my elected officials or law enforcement agency to pay any interest in Unsolicited Commercial E-Mail. Its not like Flowgo is hiding its behavior either. It should be easy to get them but no one that matters or has the power, gives a damn about this huge waste of bandwidth.

--
Strange women lying in ponds distributing swords is no basis for a system of government.
Yep - definitely by BenHmm · 2002-05-07 02:38 · Score: 4, Insightful

I have.

Many times: it's why I now use Mozilla (well, that and the tabbed browsing and...and...and...) and Ad Aware.

Mostly it seems to be dialler programs for offshore ISPs. Porn, basically.

Use IE unprotected for a while, then run AdAware - it's quite scary.
Actually by CaptainZapp · 2002-05-07 02:40 · Score: 4, Informative

You can cough up 30$ a year (50$ for 2) and enjoy Salon in its entirety and completely ad-free.
I'm aware, that this doesn't necessarily sit well with a lot of people here, but wtf...

--
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
1. Re:Actually by benjymous · 2002-05-07 03:12 · Score: 4, Informative
  
  Or just install Mozilla which has pretty decent popup prevention (i.e. it still allows the popups that result from a user click, but not the ones that pages generate on load/exit/etc)
  
  --
  Help me! I'm turning into a grapefruit!
What's scarier by shawnmelliott · 2002-05-07 02:53 · Score: 5, Interesting

I don't know what's scarier. This article or that a related article at the bottom of this one talks about our "friend" Fritz who wants to "protect" spyware by defining what's sensitive.

Quote
The second is "nonsensitive" information, and among that will include your name, address, and records of anything you buy or surf on the Internet. Under the act, business can't collect or divulge the sensitive bits without your express consent, but anything classified as nonsensitive can be freely collected and sold at will.
End Quote

The article can be found here
What bothers me... by j-turkey · 2002-05-07 03:15 · Score: 5, Interesting

What bothers me the most, is that Federal Law Enforcement agencies have been going after individuals who crack corprate machines for years -- and hitting them with hard criminal charges (or in some cases, just throwing them in jail without clear or formal criminal charges).

Its clear that the federal government is zealous in its crusade to protect corporate America from "hackers". But who protects individuals from shady companies?

Its also clear that the company behind the trojan popups has engaged in criminal activity...but where the hell is the criminal investigation -- anyone being brought up on charges? At most -- we might see some fiducary damages awarded to someone (but not anyone here -- and not to anybody we know)...but if the feds can throw Kevin in jail -- I want the fuckers responsible for this kind of malicous marketing in jail too...(don't forget spammers either).

-Turkey

--

-Turkey
Ad-aware by DeadSea · 2002-05-07 03:17 · Score: 5, Informative

Ad-aware is a Windows program from Lavasoft that will remove spyware from your computer. It is freeware. There is also a plus version available for a fee that will run in the background and prevent spyware from being installed.