Slashdot Mirror
World's Most Annoying IE Toolbar
nautical9 writes "Following the same devious footsteps of the infamous Bonzi Buddy, Gator, and Comet Cursor "enhancements", Xupiter now has their own self-installing toolbar for IE. There are many claims that if you leave your security preferences at their default level, it will install itself without your express permission. And once on your system, it's gracious enough to reset your homepage to xupiter.com, forward all your searches to their search engine, download and automatically launch applications (like gambling applets), and blocks all attempts to set these back to normal. Removing it isn't trivial either - it automatically checks for updates upon reboot, where it constantly changes the registry settings it uses, making the jobs of spyware removal programs like AdAware or Spybot Search & Destroy much harder. No word yet if it collects and forwards personal data."
to their credit, Xupiter's search engine returns the best quality squirrel porn I've ever seen.
No, if you leave your security preferences at their default level, things like this will not install. That is clearly FUD. Even if you have your security preferences a notch lower, it will still prompt you to confirm installation.
People get into the habbit of clicking "OK" whenever something pops up. Next thing they know, they have Gator and all sorts of junk installed.
Amazing magic tricks
Thanks a lot. I clicked on the link, and now I have this stupid toolbar installed!
idm owns me
Oh yea... as if they're going to go through all of that trouble and deception and not collect and forward personal data.
Right.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
It's pretty easy to use Moz or Opera, which never started going down the security-hostile path of automated installation from *web pages*. And bookmarking. And so forth.
:-)
If you're using IE, you're running a piece of software *on your machine* which is advertising and providing the ability for a web page to basically screw your system up. If precisely this happens...well, you should have tried another browser.
(If you don't like the Moz suite approach, try Phoenix)
May we never see th
I know it isn't a perfect solution, but I only launch IE for a few pissant sites that require it. I've nearly forgotten about the hostilities of the Internet since switching to Mozilla.
-- Solaris Central - http://w
Help, help! My Bonzi Buddy is eating my Gator, and my Comet Cursor is header for a direct impact with Xupiter!!!
Sig.i>
Xupiter has been around for a while. And it's NOT hard to get rid off: http://www.xupiter.com/uninstall That's it. Way to overreact guys.
We need laws for everything!
Every time I wiggle my mouse around or push my spacebar I need a law to clearly define what I'm doing, what my rights and responsibilities are, and what the punishments are if I wiggle that mouse a little bit too far to the left!
Laws, laws, more laws! We dont have enough laws!
People are too stupid to live lives themselves or take any sort of personal responsibility! We need laws and lawyers and lawsuits!
More LAWS! Laws are the answer.
I'm writing my congressman right now, demanding more and increasingly complicated laws!
I don't need no instructions to know how to rock!!!!
I've got default security settings and while it certainly displayed a few popups nothing else got installed. If however the user clicks 'OK' to things being installed without checking what they really do first then you get what you expect. :)
Rule of thumb: Never install anything while browsing when it pops up and says "Hi install me for extra wizzy things!!!".
Martin Piper
Owner - ReplicaNet and RNLobby
You know, I should have sympathy for the victims of this, but I don't. The solution is simple; don't use IE! Countless security holes and other problems have occured with IE in the past, yet people still use it.
This goes double for the people I've already warned. Every time something nasty like this happens, I tell them the solution is to use something else. Then they come crying to me the next time it happens.
Xupiter is also being bundled along with at least one peer-to-peer file sharing program
Anyone know which P2P one it is?
(Mainly so I can avoid it.)
Avantslash - View Slashdot cleanly on your mobile phone.
If it looks like a duck and quacks like a duck then it's usually pretty safe to say that it's a duck. In this case all of these enhancements sound like viruses to me, or at least a derivitave of a virus. Where viruses had to be cleverly coded in order to be as small as possible and avoid detection by a skilled hacker these new pieces of code are large and increasingly rely on being able to remove software that would remove it.
If you modify my system without me requesting it then you've installed a virus on my system. I should be able to call the FBI computer crimes division and get proceedings underway that result in you getting some nice free government accomodations.
Chris Kuivenhoven is a thief, beware
Might be fun to slashdot the site for a while to, uh, "thank" them for their generous "gift"
:)
Also, site said to report any problems to help@xupiter.com. How many requests do you think they'll get about the toolbard?
I have no
***//MESSAGE TERMINATED//INSERTING REPLACEMENT//***
XUPITER IS GREAT! EVERYONE NEEDS XUPITER! IT CAN TYPE FOR YOU! WHY DON'T YOU INSTALL XUPITER NOW?
Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter Xupiter
Rock!
Could this be considered malicious? Is there any sort of legal action you could take against the company for installing the software (hacking your machine) without your permission?
It's interesting, if a teenage computer wiz went on someones website and changed the configuration and wrote lets say "riaa is ass" they'd be charged, why is this any different? If I hack (hypothetically) into the Xupiters site and alter it, am I released from any legal liability because they did it to my machine first? Sort of like a cyber self-defence?
But...but...I want my browser taken over too! We Mac users never any get any of the cool stuff Windows does...::snifff::
CDE open sourced! https://sourceforge.net/projects/cdesktopenv/
There is also no word in yet if it will blast your brain with secret radio waves that will make you submit to secret commands from the government but it's a good idea to always wear your tin-foil hat anyways.
Sheesh...
All the best,
--Bob
Stuff like this IS probably illegal in the US. However, the company programming this is in Hungary, according to the Wired article. Gonna be fairly tough to put any lawyers against them here. Legislation against this stuff won't do much good either. Foreign countries don't much care what our congress legislates and passes into law.
The probability that someone is watching you is directly proportional to the stupidity of your actions.
The problem with these damn things is that you never quite know how they got onto your machine. I'm always very careful about what I install, and which dialog boxes I say "OK" to, but there's always the possibility that I accidentally let something slip through. I suppose that's why people aren't 100% sure if it can install itself right from IE without confirmation.
I'm getting increasingly sick of using IE, but I'm constantly running across sites that Mozilla just can't handle properly (or swiftly). And yes, I've cranked up the security level, though god knows why there exists any level of "security" that would allow unconfirmed installs.
... it's having your ActiveX security at default permissions, which in itself is a boneheaded move by Microsoft.
Basically, default permissions say that any "signed" ActiveX control is OK to install without a prompt. So Xupiter just goes ahead and installs it.
People need to read up and learn how to use the (fairly powerful) security settings in IE6, and Microsoft needs to be chastized again for making default security too trusting.
But it's NOT a bug.
Would be to activate IE's "Disable 3rd Party Extensions" option (In IE6: Tools-> Internet Options-> Advanced -> 12th Option Under the "Browsing" section)..
I was fixing somebody's computer that had this toolbar installed and it would crash IE every time you opened IE (Or tried browsing the web via windows explorer). But once I Disabled 3rd Party Browser Extensions, it worked fine...
Here's an alternative way to use the Security Zones of Internet Explorer to protect you from crap like this.
First, set the "Trusted Sites" zone to the "MEDIUM" level.
THIS MAKES YOUR TRUSTED SITES ZONE THE SAME AS THE NORMAL INTERNET ZONE.
(People seem to flame this idea as a security risk without understanding that last bit)
Then, modify the "Internet Zone" and disable Active Scripting.
Finally, add all your favourite sites to the "Trusted Sites" zone.
You can now enjoy the full functionality of JavaScript etc. on your frequently visited sites including the usual protection of the Internet Zone.
Any site not in the Trusted Sites list cannot use JavasSript and so prevents pop-ups and other nasties such as self installing spy-ware.
I did get this toolbar without clicking yes to anything. I wasn't on xupiter's website. I was browsing and after i was done i closed explorer. When i opened it back up late there was the tool bar. I still dont know where i got it. It took me a while to figure out who it belonged to and how to rid myself of it. I flamed away afterwards.
-Foxxz
On my Windows 98 SE box, I now browse with Phoenix almost all the time. I've discovered, though, that some browser downloads Internet Explorer asks me about, Phoenix installs automatically. (Phoenix seems a little too promiscuous about accepting Java, and doesn't remove .class files when it flushes the cache. Check the %WINDIR%/.jpi_cache/ directory structure.)
It's the kind of thing you might expect from a 0.5 release; unfortunately, it's not the kind of thing you should only expect from Microsoft.
Stupid job ads, weird spam, occasional insight at
Time to recheck my security settings. ..bruce..
Bruce F. Webster (brucefwebster.com)
*duh* I DIDN'T install it. It happily installed itself, and no, I didn't just mindlessly click through everything that popped up on my screen. It hijacked IE, and I couldn't kill it until I installed Spybot.
www.robot-invasion.com smart-assed political news, humor, and commentary
1 -- It does not magically install itself, you have to either tell IE to let any old junk execute or click on the OK button yourself. Either way, it's your fault.
2 -- It is not hard to remove. There's even an uninstaller provided that works (I just tried it on a sacrificial computer).
3 -- No matter how much you like Linux or Mozilla or whatever, mere anti-MS fear and loathing is not news.
Thank you for your attention.
Whence? Hence. Whither? Thither.
In this country (UK) we have something called the 'Computer Missuse Act'. This is a very dull piece of legislation which says (among other things) that using someones computer without their consent is illegal. Any program which runs on your computer without your explicit consent therefore violates this. If you click 'Okay', on the other hand...
I am TheRaven on Soylent News
(maybe with claims like that we can convince the goverment to go start witch hunts that will go after all the irritating things like that one)
"There is no teacher but the enemy."-Mazer Rackham
I don't know about this week's version of the uninstaller, but previous versions were nice enough to leave behind big chunks of the program. Still running. Sort of the way a tick will leave its head behind if you yank it out with tweezers.
This is a pretty common and ugly tactic among spyware developers.
I don't know what you are talking about but Xupiter is known for taking over IE without prompting you.
I just went through 20 minutes of deleting it!
"Only one thing, is impossible for god: to find any sense in any copyright law on the planet." Mark Twain
My wife was unfortunate enough to "click through" and victimize herself with this thing. I happened to notice 20-30 different sessions being generated every few minutes through our firewall and started tcpdump to find out what was happening.
After finding that it did indeed have my wife's credit card number/home address/phone number I asked her what she used it for; She said that she didn't know where it came from but that it was causing her laptop to crash about every ten minutes ever since it added itself to her IE toolbar.
I then spent about 3.5 hours hacking the WinME registry trying to peel this thing out of her laptop because it's 'uninstall' doesn't!
In earlier versions of IE for windows (like the ones that come bundled with windows 98 or ME and maybe 2000) there is a very well-known security flaw that allows malicious code on a website to make the computer download and execute arbitrary files without confirmation from the user. Most people are too stupid to download the updates to fix that vulnerability, so they should blame themselves. But that's how spamware trojans like Xupiter often spread.
And anyway, isn't that the digital equivalent of mugging and rape? I mean they either install the thing on your computer without permission and it totally fucks with everythig, or they trick you into installing it by outright lying about it and not telling you what a piece of shit spamware/spyware TROJAN HORSE it is. Couldn't they easily be sued for fraud and/or hacking people's computers?
Repeal the DMCA!
Even aside from that, why the hell does IE do installations directly from a web page? That's beyond idiotic.
Let's see, we have the technically illiterate on one hand. These people fall prey *far* more to malicious remote-install links than they are benefitted by deliberately remote-installing software. Not benefit to IE's behavior there.
Then we have the technically ept, who are quite able to download, save, and run an installer if they really want to run it. No benefit to IE's behavior there.
Frankly, IE's behavior takes a position of extreme trust of the remote end, which is just plain *stupid* in today's world.
May we never see th
Lets play a game, which of these words doesn't belong in this list:
Spyware
Popups
Adware
Mozilla
Outdoor digital photography, mostly in New Engl
La la la la exploit, la la la la description of exploit, la la la la list of many other unpatched IE holes, some are over a year old. This one in particular is over 4 months old.
http://www.xupiter.com/privacy.html
Read just the first couple paragraphs to find out what they admit to collecting:
Your time zone
Sites you visit and for how long
How you enter and exit sites
Response rate to ads
Applications on your computer (to resolve SW conflicts...right).
License terms can be found at http://www.xupiter.com/terms.html. Frankly, I am scared to read them.
peptidbond
peptidbond I was crazy once....
HOW DOES Xupiter WORK?
We provide you with advertisements that match your interests to make your Internet experience more satisfying. We determine your interests by collecting information about what sites you visit on the Web. For example if you visit a travel Web site, we may present an advertisement that promotes the sale of airline tickets. These special offers and advertisements may be displayed using various browser enhancements and pop-up windows on Web sites you visit.
Standard Web log information and computer settings such as your IP addresses, browser type and versions, screen resolution, time zone selected and the version numbers of some of the software installed on your computer.
Information about Web sites you visit -- this information includes the Web sites address (URL), the amount of time spent at a Web site, and how you entered and exited a particular Web site.
By using the Xupiter software application we are able to create a profile that is used to select and deliver special offers and advertisements that we think might be of interest to you. This profile is stored on Xupiter servers and contains the following information:
Your Xupiter ID which is a numeric identifier that is generated by the Xupiter software application.
A historical record of content and advertisements delivered by Xupiter, and the response rate associated with the content and advertisements that was delivered to you through the Xupiter software application.
I think that qualifies as close enough to collecting personal information...
Umm, if most people don't care, why should most representatives?
You want to get lawyers and litigation rolling for something like this when there is such a backlog of legislation pending in areas like, say, healthcare where most people DO care? There is a reason "our" voice is small on "legal" matters like this: It's because it's a waste of legislators' time!
I use Phoenix now, so why do I care? Besides, I'm not stupid enough to leave my security at the default level in IE. Which I use when I'm in windows and there's a weird page.
If I had a lawyer, and I was a business, and this thing automatically installed itself on my computer without my permission, obviously it is doing something to get by my security. Which means it's hacking into my computer. Any company with a laywer and a computer can sue these guys and get a nice sum with almost no effort.
The GeekNights podcast is going strong. Listen!
I recently spent half a day cleaning out several of these programs after hearing complaint from my kids about how slow the PC was when they where doing nothing more than reading e-mail I was distressed to find 15 svchost processes running using close to 100 M of memory I then did a search for files with recent time date stamp I found several odd directories after opening the files I was more disturbed to find a log of all the web sites they had visited how long they where there
I will admit the main fault was mine for setting the OS (windows 2000 in this case) with permissions to install apps (I was sick of logging in to install the flash updates) it turns out the bonsi buddy includes in its ULA the right to install any thing it wants when ever it wants now keep in a minor had agreed to this "contract" I have now reset the permissions on the OS and blocked with my firewall these sites.
That's what you get for running IE.
REAL MEN parse the raw html in their heads and just imagine what the pictures are from the tags.
Wimp.
Somewhere along the line, my browser must have been hijacked and I got stuck with this little piece of badware. I used Ad-Aware to detect and destroy, but I got a little creative. I kept the C:\Program Files\Xupiter directory, and set the attribute to read-only. I'm hoping that any future attempted hijackings will result in the installation failing due to the inability to create or write anything into the Xupiter directory.
attrib +r "C:\Program Files\Xupiter"
It's not much different than if someone downloads a file to the desktop and decides to double-click on it.
Ultimately, the user should read any warning message that pops up, whether it's from IE, your anti-virus software, or from your OS.
Amazing magic tricks
My IE settings on one of my boxes was set at default, as they had never been changed. Browsing to some site (either Geocities or Tripod) evidently downloaded it and installed it. There was most definatly NO dialog box, or request to install. Literally, I came back to the machine, started IE, and there was a toolbar that wasn't there before. Freaked me out.
AdAware found it, and tried to removed it, but not everything was deleted, as there were still at least 1 or 2 DLLs that were registered and running, that couldn't be deleted. Couldn't find the processes, either. Had to use regserv to get rid of them. This company is about the lowest of the low in my book.
I have never checked 'always trust' and have wished for a 'Never trust, key their car, and don't ask me again' checkbox for a long, long time.
Especially after the "Microsoft is no longer a 'Trusted' party fiasco of last year.
If you can't trust Bill, who can you trust?
Thanks for listening, Bonzi Buddy. You're my only friend.
...people should learn the joys of browsers like Mozilla and Opera.
I recently updated IE (it has a problem with Cartoon Network's gToons game) so I could do a little gaming. I noticed when I bumped it up to 5.5 that it gave me a list of things to install along with it, including Media Player, Outlook and Script Support. Script Support? Isn't that IE's problem in the first place? You'ld think they'd take that sorta crap out. Long story short, I unchecked everything but the browser update, and sat back while my painfully slow 56K connection chugged away.
After about an hour (damn Adelphia), I ran the update and of course, rebooted. Once I was back in Windows, I fired up IE, only to be greeted with an alert window telling me "Hey! You need to get Script Support!" Now, didn't I tell it that I didn't want that in the first place? After telling it that I never want that crap installed on my machine, things have been fine, but I still can't play gToons. Not to mention the damned thing made itself my default browser again without asknig my permission...
Crap like this Xupiter nonsense is exactly why either Microsoft needs to clean up it's act (script support is usually what starts up web-based virii), or people need to actually try and learn something about computers instead of sticking with the Beast for the easy factor.
Blog Prophyts - Right On, Man
Wow. After my 15th or so run-in with Xupiter last week, I considered submitting this story to /. myself. Bah.
Anyhow, the best page for information and removals which I've found to date is at http://www.allentech.net/parasite/Xupiter.html
The removal info has worked every time, with the exception that on WinME it is usually possible to just drag the Xupiter folder into the Recycle Bin and delete it directly after a reboot.
I agree. But it's interesting to note that if this software had been written by an individual, rather than a corporation, the FBI would already be looking for the culprit. For some reason, corporate misbehavior is below the FBI's radar.
From the article:
It's a browser toolbar that some swear is doing "drive-by downloads" -- installing itself without users' permission -- then taking over their systems and making it impossible to uninstall.
Technically, this is a virus. And IIRC, "unauthorized alteration of a computer system" is punishable by 5 years in prison and up to a $250,000 fine.
The society for a thought-free internet welcomes you.
Hm. Sounds suspiciously like a trojan horse to me. Doesn't anyone know the difference anymore?
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
Kazaa is/was programmed in Estonia, was it not? So the threat of RIAA lawyers is something they won't have to worry about ;)
Even aside from that, why the hell does IE do installations directly from a web page? That's beyond idiotic
So I guess you dislike mozilla too?
Hint: Google for xpinstall or go to mozdev and install a browser expansion - directroly from the web page.
It's not much different than if someone downloads a file to the desktop and decides to double-click on it.
I'd argue that it is. First they have to see a (familiar) file-dialog box pop up. They aren't just hitting "OK" in a box -- they know that they are saving a file somewhere. Even novice users are generally pretty familiar with the file open/save dialog boxes. Second, they have to navigate to their desktop. to save the file. Then they have to click "save", switch to Explorer, and then double-click the icon. Again, double-clicking is a fairly familiar action, and people are aware that yes, they are openin something. So we have many steps, including familiar steps that will tend to clue even a novice Windows user, rather than a single "OK".
Ultimately, the user should read any warning message that pops up, whether it's from IE, your anti-virus software, or from your OS.
Windows users are *innundated* by dialog boxes. Every time they delete a file. A whole slew of them when they install software. Four hours ago, my roommate was using a TV-viewing program that brough up a message box telling him that he'd "enabled option foo" each time he clicked a checkbox in the prefs dialog.
In addition, Javascript can bring up message boxes (idiotically enough, this is enabled by default by MS). So most users (*especially* Internet Explorer users) run into a ton of message boxes while browsing. Yes, perhaps they should go through each dialog box and examine it, but that's very time-consuming. If you read through Apple's Human Interface Guidelines, you'll notice that the *vast* majority of rules for menus and modal dialogs are designed around one single goal -- letting the user *not* have to examine each dialog box once they're familiar with it or boxes in similar software. The point is that Windows users are sick and tired of dialog boxes, and *do not read them* in detail. And they shouldn't *have* to be screwed over if they skim or misread a box when simply web browsing. A Javascript should not be able to take malicious, destructive action just because someone clicked "OK" in one of a series of dialogs that a Javascript popped up. To set up IE to operate this was was irresponsible in the extreme by Microsoft.
May we never see th
If it looks like a duck and quacks like a duck, then it's a bad analogy for software, innit?
I work for a fairly large tech support / helpdesk outsourcing company. Programs like this are de facto viruses from the point of view of the end user. 90% of the ones that I talk to have no idea what this is or how it works, and no idea how it got installed. I remember talking to this one person who'd had Xupiter installed and their story was "Well we clicked Yes by mistake once...."
I find it hard to believe that it would install itself with everything set to default on a properly updated copy of IE 6.0 SP1. It's much more likely that Xupiter is just betting on people clicking yes to the security warning prompt.
Taken from Xupiter's end user agreement: To further enhance your media viewing experience, Xupiter reserves the right to run advertisements and promotions based on URLs and/or search terms users enter when navigating the Internet. Other enhancements and to allow access, users web browser, start page, search page, auto search option, bookmarks and default error page will be changed, along with the Xupiter accessory toolbar added to the web browser. Active desktop panel will be installed on the users desktop which will enable active desktops on the system for special promotions. Our software license requires that users browser start page be set to Xupiter.com in order to continue use of the Xupiter toolbar, from time to time we verify that users start page url is set to Xupiter.com, if it is not we reserve the right to alter it back.
Great - it enables active desktop too; what fun!
Do not taunt Happy Fun BarTM
Check out this part of their license agreement:
(a) This Agreement constitutes the entire agreement between the parties concerning the subject matter hereof;(b) This Agreement and any dispute arising out of it shall be governed by the laws of Hungary; (c) Unless otherwise agreed in writing, all disputes relating to this Agreement (excepting any dispute relating to intellectual property rights) shall be subject to final and binding arbitration in the country of Hungary; (d) This Agreement shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods; (e) If any provision in this Agreement should be held illegal or unenforceable by a court having jurisdiction, such provision shall be modified to the extent necessary to render it enforceable without losing its intent or severed from this Agreement if no such modification is possible, and other provisions of this Agreement shall remain in full force and effect; (f) A waiver by either party of any term or condition of this Agreement or any breach thereof, in any one instance, shall not waive such term or condition or any subsequent breach thereof; (g) The provisions of this Agreement that require or contemplate performance after the expiration or termination of this Agreement shall be enforceable notwithstanding said expiration or termination; (h) you may not assign or otherwise transfer by operation of law or otherwise this Agreement or any rights or obligations herein. (i) This Agreement shall be binding upon and shall inure to the benefit of the parties, their successors, and assigns; (j) Neither party shall be in default or be liable for any delay, failure in performance (excepting the obligation to pay), or interruption of service resulting directly or indirectly from any cause beyond its reasonable control.
Isn't that bloody well lovely?
Blog Prophyts - Right On, Man
Probably because the popup is a fake user interface dialog. How in God's name does even a novice user inadvertently grant permission for a software install when their original intent was to close the window? Or is it common knowledge these days that the X in the top right corner of a dialog box is synonymous with the OK button.
Bonzi is being sued for this, and these scumbags deserve the same.
So that's what this Xupiter thing is! I was visiting my family this weekend, and my sister asked me to fix her Win98 computer. IE was crashing every time she started it. I found this set of program files under this "Xupiter" directory and a bunch of load-on-startup registry items referencing them. Most of the files in this directory were locked by some running process, of course. Apparently, this Xupiter was not only self-installing but also Win98-unfriendly. And there was no uninstall program.
Restarted at DOS prompt to delete all the files. Regedit to remove every registry entry containing "Xupiter". After that, everything worked just fine, and I cranked up the security settings before I left.
Good judgment comes from experience.
Experience comes from bad judgment.
They treat it as a virus.
I followed this on friend's computer and it works.
http://vil.nai.com/vil/content/v_99904.htm
Hate to break it to you, but Mozilla does do automated installs from web pages. Just head on over to MozDev [mozdev.org] and see for yourself. Many projects, such as OptiMoz and Spellchecker, have automated install links right on the page.
Which only work if a) you actually have software installation enabled in your preferences, b) have write access to the location where mozilla is installed and c) will prompt you BEFORE it installs the software, giving the web server and the package being installed.
Automated installs are extremely useful - it's all a question of finding that balance between ease of use and ease of abuse.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
Actually, now that I think about it, my Redhat desktop is kind of boring.....
In addition, Javascript can bring up message boxes (idiotically enough, this is enabled by default by MS).
Idiotically enough, this is enabled by default by just about every browser for every OS.
A Javascript should not be able to take malicious, destructive action just because someone clicked "OK" in one of a series of dialogs that a Javascript popped up.
It can't. You're mistaking "Install on Demand" (bad thing) for JavaScript alert()s.
I've had some users at work who (knowingly or not) install 50 different toolbars on their workstations.
They are sometimes hard to uninstall and can cause serious problems. It's fun to try and fix IE when it causes an Illegal Operation the second you start it.
Toolbars = Evil
I'd force everyone to use Mozilla but there's still a few problems with it.
a thirteen year old kid writes a virus that emails itself to everyone in your address book. he's found, caught, sentenced and tossed in jail.
a company comes along and writes a piece of "software" that installs itself on your computer without your knowledge, changes your preferences, watches your every move and reports it back to the marketeers, and digs itself into your system so the only way to get it out is to reinstall your entire computer... (oops, by the way, now that you're using Microsoft products, you may just have to buy a new version due to licensing BS) ... and the worst that happens to the company is some negative press (which, as we all know, bad press is better than no press at all).
so, why the hell isn't the FBI busting these peoples' door down and arresting them? what is the damn difference between what they do and what script kiddies do?
Disclaimer: I am aware that I am exaggerating, are you?
Gabriel Ricard
I had a similar situation to that some months ago except it was a tad worse.
One of my Citrix users in a remote branch managed to install Hotbar (I won't link to this particular piece of scumware) into her Outlook. What's amazing about this is that i have specifically locked them out of installing anything through policies but yet this little jewel managed to get through.
To make things worse I first noticed it when I logged into the box from home and found that I had it. And so did the other 150 users.
Talk about pissed. I punted everyone out of the system until I could manually go through every user's registry settings and nuke the little bastard which was the only way to get rid of it.
This is the first paragraph of their EULA:
IMPORTANT -- READ CAREFULLY: THIS END USER LICENSE AGREEMENT ("AGREEMENT") IS AN AGREEMENT BETWEEN Tempo Internet ("Xupiter") AND YOU (also referred to as "USER") FOR THE USE OF THE Xupiter SOFTWARE APPLICATION ("Xupiter Software"). YOU MUST ENTER INTO THIS AGREEMENT IN ORDER TO DOWNLOAD THE SOFTWARE AND USE THE RESULTING SERVICES. Xupiter RESERVES THE RIGHT TO CHANGE OR MODIFY THE TERMS AND CONDITIONS OF THIS LICENSE AND ANY OF THE POLICIES GOVERNING THE SERVICES AT ANY TIME IN ITS SOLE DISCRETION WITHOUT DIRECT NOTICE TO YOU. YOUR CONTINUED USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF ANY SUCH CHANGES. IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT, DO NOT INSTALL THE Xupiter SOFTWARE.
It is pretty clear and i take it that they must be showing this before anyone can "use" their software considering the fact that they say that you *MUST* enter into that agreement.
Isn't there a lawyer here that can explain this to me. Because "self installing" and "entering in an agreement" don't mix up very well i think.
IE Toolbars are simple self-registering COM objects. That means that they are controlled by registry entries. If one gets installed, its a simple matter of deleting the associated registry entries to keep it from loading. IE looks in the following key for toolbars which it should load:
e t Explorer
HKEY_LOCAL_MACHINE
Software
Microsoft
Intern
Toolbar
{Your Band Object's CLSID GUID}
Find its CLSID and remove it. Also remove the object's COM registry entry by removing the following key:
HKEY_CLASSES_ROOT
CLSID
{Your Band Object's CLSID GUID}
Be careful though - the menu, address, links, radio, etc... toolbars are also controlled this way. Make sure you're deleting the right entries!
Unless there's some other program running in the background that re-establishes these keys, there isn't any way that IE can load the toolbar if these entries are not present.
Kelly
lexteq.com (we've done a few toolbars ourselves)
"The Tooth Fairy is known for leaving money in exchange for children's teeth... doesn't make her real.
What?! She's not real? Dammit!
So much for my retirement teeth.
psmylie's dictionary: Godzillion (noun) Any number large enough to destroy Tokyo
The article says that it is claimed that the user doesn't actually need to approve installation, in which case it's a virus. They then hedge to say that maybe you have to click "OK" on trickily-worded pop-up; if so, it's a trojan.
That's OK, I listened to a radio show about Slammer on the way in today. Their 'computer experts' explained that a virus is a program that destroys files on your hard drive, whereas a worm is one that replicates itself. They get paid pretty well for these appearances.
God, I need an iPod.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
...can be had here: http://www.doxdesk.com/parasite/Xupiter.html
You can to to their FAQ page which has a link to their uninstaller
'Course, it requires you to download and run another application from the same slimy people that gave you the spyware anyway. And yes, it IS spyware-Read their privacy policy-they freely admit it.
I cannot vouch for how well their uninstaller works because I was never infected (I use a Mac).
As an aside, I was just talking to my friend yesterday on the phone and he mumbled something like, "Xupiter? what the hell is this? This isn't my home page." (He uses a Gateway).
Veritas patesco per quaestio questio. Truth is revealed through questions.
Click Here to uninstall the application.
why they cant put an entry in add/remove control is beyond me... oh, I forgot, this is a sypware/trojan/worm/virus, it dosnt like to be uninstalled.
or try k-meleon (which, unlike mozilla/phoenix, is native to the OS)
kmeleon.sourceforge.net
from the EULA: " 5. Software Conflicts. Conflicts may occur with other software applications that may already be installed on your computer. The Xupiter software will report back to our servers what applications may be running on your system and will resolve these conflicts whenever possible. This will make our software more reliable and provide you with products and services that are compatible with your current system settings. "
They have every piece of annoying software installed on there 500Mhz computer. From Yahoo Toolbar, to some WeatherBug thing, to Gator, CometCursor...
As a Linux guy, and techie in general, it makes me sick whenever I wonder how much spyware is on that box. Of course they think these things are useful!
Before I installed W2K, the time it took for Windows 98 to boot was astronomical. P.O.S.O.S.
Patent: from Latin patere, to be open
Terms
- The Xupiter software will report back to our servers what applications may be running on your system and will resolve these conflicts whenever possible
- Xupiter has included an auto update
... upgrades may include installation of third party applications
- To further enhance your media viewing experience, Xupiter reserves the right to run advertisements and promotions
- . Our software license requires that users browser start page be set to Xupiter.com
Privacy PolicySo yeah, basically the program will pop-up-ad slam you, give away your personal info, install crap software on your PC, and has the ability to change it's "terms" to allow it to do more behind your back.
Come on people,
The fact that someone can remotely install whatever the hell they want onto your computer is not THEIR fault. It's not even their responsibility. When you break it down to the most basic level, you go to a website and their server says, "Hello, here's your page, and you need this!" If your browser is an inferior one, it says "OK, sweet! Thanks so much!" How is that their problem?
I agree the coders responsible for these kinds of things are sick individuals, but money can buy anything these days.
It is ON YOU to use software YOU know about. YOU can't BLAME ANYONE but YOURSELF for using IE. I mean we're talking about a browser that had a bug where if you clicked the "back" button on the right (err wrong) page, you could format your hard disk. I put it to you (IE Users) that it is YOUR fault for getting "violated"!
www.opera.com
www.mozilla.com
The Tooth Fairy is known for leaving money in exchange...
Viruses are known for leaving megabytes of junk in Exchange.
Follow me
How to remove Xupiter.
I like the fact that the Xupiter site can be used to find anti-Xupiter pages.
"Live Free or Die." Don't like it? Then keep out of the USA
"Let's see, we have the technically illiterate on one hand. These people fall prey *far* more to malicious remote-install links than they are benefitted by deliberately remote-installing software. Not benefit to IE's behavior there."
Blame the dot-bombs for that. My company used to be one of those, and we made a plugin that you had to run a setup to install. Everybody who wanted to use our plugin barfed at that idea. They wanted it to auto-install, or they thought nobody'd ever use it. I'm dead serious.
If that's any indication of the crap other web companies had to go through (Macromedia, for example) then it doesn't surprise me that IE works that way. I wish these people had more faith in the intelligence of their customers.
"Yes, perhaps they should go through each dialog box and examine it, but that's very time-consuming."
Are you mad? How many programs do you install in the run of a day that you feel you are wasting a substantial amount of time reading dialogue boxes? And how poor is your memory that you can't remember what actions provoke which dialogue boxes? Never mind that causing users "to be screwed over" with "malicious, destructive action" is hardly being initiated by a toolbar app.
You know, whenever you drive in your car you have to check to see if traffic is coming. Do you stop doing this once you get tired of it, and just skim over the lanes of oncoming traffic? Or what about when you cross the street?
You seem to have an axe to grind against Windows, ostensibly because you are a Mac user, but if I am installing software onto my computer I want to know what it is doing and why, and if it is asking my permission then I should probably devote the brain power to read the request. This applies to ALL operating systems, and beyond that, this sort of "think about what you are doing before you do it" policy should apply to life in general.
Xupiter claims to be based in Hungary. But it may not be.
First, Xupiter appears to be the same thing as Browserwise. The content of the two sites match, and you can download their malware from either site.
Whois for Browserwise yields:
Administrative Contact: Inc., Browserwise, admin@browserwise.com
Browserwise, Inc
15445 Ventura Blvd
Sherman Oaks, California 91413
United States
(818)229-5631
Technical Contact: Inc., Browserwise, admin@browserwise.com
Browserwise, Inc
15445 Ventura Blvd
Sherman Oaks, California 90413
United States
(818)229-5631
Domain servers in listed order:
NS1.CANDIDHOSTING.COM
NS2.CANDIDHOSTING.COM
A traceroute on Xupiter isn't particularly helpful, but a traceroute on Browserwise leads to "amateurpornhouse.com", hosted on the same server. The server is thus virtual hosted by name, but if you try it by IP address, you get Browserwise, so Browserwise is the main user of that server. "amateurpornouse" is thus either affiliated with Browserwise, or buys hosting from them.
Whois for "amateurpornhouse.com" yields:
SC Enterprises
P.O. Box 91114
Henderson, NV 89009
US
(702) 224-7750
Domain Name: AMATEURPORNHOUSE.COM
Administrative Contact:
Phucksum, Jeff webmaster@sexycouple.com
P.O. Box 91114
Henderson, NV 89009
US
(702) 224-7750
So we check Sexycouple's legal page, and find:
- Custodian of records for SC Enterprises: All records required to be maintained by 18 USC 2257 are kept by the custodian of records, Barry Levinson, 2810 South Rainbow Blvd. Las Vegas NV. 89146.
(Presumably this is not the well-known film director Barry Levinson.)Looking up "SC Enterprises" in Las Vegas, we get
134 Spinnaker Dr
Henderson, NV 89015-5639
Phone: (702) 558-8908
Also, DNS for Browserwise is provided by CandidHosting.com, next to the police station in Tampa, FL. They have to know who's behind this, so that's where to start with legal process.
That should be enough to get the lawyers started.
1. Use Mozilla.
2.Pull down Edit.
3.Select preferences.
4.Select advanced.
5.Select Scripts&plugins.
6. there are check boxes under "allow scripts to," uncheck them.
How ya like dat?
http://security.greymagic.com/misc/globalDgArg/ - I can display arbitrary files from my hard drive in the javascript dialog. Other exploits don't seem to work.
http://sec.greymagic.com/adv/gm012-ie/vobjcache.as p - Clipboard exploit works, others fail.
These are two near the top of the list that work, while they aren't remote code exploits they illustrate continuing security problems.
Bleh!
An easy to use interactive log of what global state changes there have been. If a plugin has installed itself it should appear in the log. I should be able to click on the relevant line in the log and then uncheck a box to indicate I want it removed. As it is, if a state change happens, even one that I might have done myself, it can be hard to find the relevant menu options (not to mention DLLs snuck into directories) to undo it.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
Naw, it's just that most virus authors are too lazy to include a 12-page "terms and conditions" shrinkwrap rider that grants them access to the victim's computer.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
host xupiter.com
xupiter.com has address 63.236.32.50
mail is handled by mx1.xupiter.com
host mx1.xupiter.com
mx1.xupiter.com has address 63.236.50.196
whois -h whois.arin.net 63.236.32.50
Qwest Communications NET-QWEST-BLKS2 (NET-63-236-0-0-1)
63.236.0.0 - 63.239.255.255
Qwest Cybercenters QWEST-CYBERCENTER (NET-63-236-0-0-2)
63.236.0.0 - 63.236.127.255
Internext Media, Inc. QWEST-JSV-INTERNEXT1 (NET-63-236-32-0-1)
63.236.32.0 - 63.236.32.63
whois -h whois.arin.net 63.236.50.196
Qwest Communications NET-QWEST-BLKS2 (NET-63-236-0-0-1)
63.236.0.0 - 63.239.255.255
Qwest Cybercenters QWEST-CYBERCENTER (NET-63-236-0-0-2)
63.236.0.0 - 63.236.127.255
Snapshot Productions LLC. QWEST-JSV-SNPSHTPR (NET-63-236-50-192-1)
63.236.50.192 - 63.236.50.223
so I added 63.236.32.0 - 63.236.32.63 and 63.236.50.192 - 63.236.50.223
to my firewall block list, and they shalt never trouble me henceforth.
Done! Next!
At the risk of being (unfairly) pegged as flamebait:
I think one of the stated purposes of Palladium aka Microsoft Trusted Computing is to give control such as whether something like this is installed back to the end user.
Uhm, getright asks if you want to install gator. Just click the No button instead of blindly hitting enter. Getright is a good program and it actually warns you about the advertising and gator during the install. Grrrr. Time to reinstall windows again huh? Makes me regret not advancing my plan of Worldwide fucktard cleansing sooner than I have.
Browserwise.com seems to be a totally different company, even the top level where the IP range is purchased from is different. Browserwise.com is hosted at the top level by Level 3 Communcations, while xupiter.com is hosted at the top level by Quest. I looked at both web sites (with Lynx! it's safe... ^_^) and the content does NOT seem to "match" to me.
Sorry but I think you just got carried away in your search and these two companies are not the same, or even related in anyway.
Isn't this what they call a computer virus.
Once executed it changes parts of your computer without your knowledge doing distructive acts...
yea... this sounds like a virus.
Most people aren't thought about after they're gone. "I wonder where Rob got the plutonium" is better than most get.
Domain Name: AMATEURPORNHOUSE.COM
Administrative Contact:
Phucksum, Jeff
I bet he has a moustache on his driver's licence photo.
Vino, gyno, and techno -Bruce Sterling
My systems are set up as minimally as possible for efficiency and reliability. For the life of me, I can't figure out how people manage to screw up their computers as badly as they often do.
I have many friends who have enormous hard drives and have filled them to the brim with all kinds of programs and downloads. Their computers, which are some of the fastest around in terms of hardware resources, run more slowly than an old 286 would if it was running Windows XP through a Pentium IV emulator written in Microsoft GW-BASIC, where the emulator's "RAM" and its processor registers reside on a slow tape drive, with each register on opposite ends of the tape. Oh, and did I mention all the graphics, sounds, windows, and other garbage that shows up all the time as they're running their computer? Just so you understand, all they ever do is write emails and write text in a word processor. But their computers are filled to the brim with crap.
I think the xupiter toolbar would be an innovative addition to my friends' highly optimized configuration.
Sincerely,
The Negra Modelo Troll
P.S., I drink Guinness too. I know I've talked smack on its flavor in the past but you have to find a bartender who knows how to pour and serve it. I can't stand the stuff out of bottles.
I am rather suprised I don't see many people using proxies to deal with the "wild wild web" of spyware and malicious javascript/java/flash.
I have found a good combination is Proxomitron and JD5000 filterset. Both can be found here
http://home.satx.rr.com/jd5000/
It works with all browsers that support proxies (EG IE, Moz, Opera, Netscape) and best of all beside's ad blocking it does some rather cool features.
First filter I find handy is
Convert - Flash to Links.
Visit a site that has flash crap on it and it will say Flash removed/disabled. Next to it will be a option to turn on flash for the selected website only. This website URL will go into a blockfile named Allow - Flash.txt
Disable - Applet, Object, and Embed.
Now this is really damn handy as it will disable java applets, embedded crap and activeX objects, IE How Xupiter manages to get through.
If I need a site that has been verified by me that absolutely needs java or activex I can add it to the Allow - ActiveX blockfile.
THIS is basically how Proxomitron and JD5000 work's. It has a lot of features for security/ad blocking and more. Has also the usual filters to disable javascript or tame it down entirely, prevent nasty IE exploit's, etcetra.
To give everyone a idea at what exactly the filters the latest JD5000 update has, below are two pictures showing *ALL* the filters. First is the web page filters, second is the Browser Header filters. Filters that are in black are what I have turned on for day to day use.
Proxomitron's JD500 Web Filters (Jan 13th Release)
Proxomitron's JD500 Browser Header Filters (Jan 13th Release)
If configured right, Proxomitron+JD5000 can secure any browser a lot more, especially IE from all the nasties that rely on Activex to try and get through to your machine.
You must master your joystick like a fisherman masters bait! - Gimpy