Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Worm with a EULA?

Posted by ryuzaki0 on from the first-born-child-at-risk dept.

ErikRed1488 writes "There is a new virtual postcard from Friend Greetings, owned by Permissioned Media that prompts you to install their software to view the card. You are then presented with a EULA granting them permission to e-mail all the Contacts in your Outlook Address Book. Those people are presented with an e-mail from you telling them they have a greeting card to pick up. So, this thing spreads like a worm, but includes a EULA that 95% of users won't take the time to read. Symantec isn't detecting this as a virus, but does have information about it on their site. In addition to the worm-like way it spreads, it also installs spyware designed to deliver ads to your computer. You also give them permission to install further software any time they want. In my opinion this is completely nasty, but it's all clearly in the EULA that you must agree to before it installs the software."

6 of 716 comments (clear)

  1. GPL by Skyshadow · · Score: 5, Interesting
    And they said the GPL was like a virus...

    I think this should actually shield the virus-writer from any sort of prosecution, shouldn't it? I suppose you could do all sorts of nasty stuff and be completely protected so long as you could prove the user clicked "ok" to the license.

    Maybe this will be the tool which turns the tide on the EULA.

    RIP: Senator Paul Wellstone.

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  2. Who controls your machine? by masonbrown · · Score: 5, Interesting

    So what happens when two different EULA's claim 100% control of your machine?

  3. reminds me of a spam i got a while back by Khopesh · · Score: 5, Interesting

    i got an email a while ago (during the .com bubble) telling me that i got that email because somebody was romantically interested in me (i don't use dating services of any sort, online or not).

    basically, here's the scheme:
    a person likes another, but is too shy to ask him/her. this site allows a way to anonymously email that person. the message essentially says "guess who" ...literally.

    i was expected to guess the admirer by giving the site every email i could think of that might be the admirer. if there's a match, each party is informed. for all those non-hits, an email identical to the first was sent out; spam.

    i happen to use unique email addresses and handed this address to only four people, two of whom were female, so i knew it was one of them or a friend ... but the notable thing is that i started getting TONS of spam at that address (>20emails/day)

    this type of ponzi-style scheme with unforseen problems seems to be getting popular now; EULAs often take complete advantage: people blindly give permission to have third-party software downloaded and installed, to become the source of spamming and/or propogation, or to allow use of spyware.

    --
    Use my userscript to add story images to Slashdot. There's no going back.
  4. Anyone have a kid? by nick_davison · · Score: 5, Interesting
    I Am Not A Sentient Being but...
    • Under US law, storing personally identifiable information about children is [largely] illegal.
    • The EULA, as far as I can tell, makes NO mention about this product not being allowed for under 13s.
    • With its infection (uh, I mean, transmission) mechanism, it makes no attempt to discover the age of the user before beginning to log their personal information.
    So, as soon as you discover your child has installed this program, sue them for failing to make any attempt to avoid violating their rights. Their EULA get out clauses don't work either as, being a child, they couldn't legally agree to the EULA anyway.

    Hopefully it'll spread better than they ever hoped. A class action lawsuit for every child in America would probably make a fairly clear point to anyone else trying this.

  5. They are not the only ones... by TeddyR · · Score: 5, Interesting

    The one that I loathe is the "hotbar" IE/outlook menu customiser (http://www.hotbar.com) which allows someone that has hotbar to send a card to a friend... but what the card does is download the hotbar and install it on the unknowning friends system...

    It also contains some social engineering.. "Upgrade outlook - add COLOR to your Emails" link...

    bah..

    just had to remove these from about a gazillion corp machines... and the virus scanners dont see it as a virus...

    even though it KILLS the systems efficency....

    --

    --
    Time is on my side
  6. Too late to the party, but... by Anthony+Boyd · · Score: 5, Interesting

    ...okay, so no one will read this at this late point, but for any and all software developers who are hunting for a useful product to build, why not create an EULA-distiller? Let it run in the background, and watch for installations. When it sees an EULA appear, it can display 2 or 3 bullet points that succinctly explain what the hell all the legal text means.

    To get really tricky, you could create a Web site that allows users to upload the text of each EULA, and a distilled summary. Perhaps other people could even vote on the most accurate, most understandable summaries. Then your app could be constantly up-to-date. Perhaps by doing this, people who blindly click through these things will be made aware of what the real consequences will be.

    --
    My Greasemonkey scripts for Digg &