Slashdot Mirror
World's Most Annoying IE Toolbar
nautical9 writes "Following the same devious footsteps of the infamous Bonzi Buddy, Gator, and Comet Cursor "enhancements", Xupiter now has their own self-installing toolbar for IE. There are many claims that if you leave your security preferences at their default level, it will install itself without your express permission. And once on your system, it's gracious enough to reset your homepage to xupiter.com, forward all your searches to their search engine, download and automatically launch applications (like gambling applets), and blocks all attempts to set these back to normal. Removing it isn't trivial either - it automatically checks for updates upon reboot, where it constantly changes the registry settings it uses, making the jobs of spyware removal programs like AdAware or Spybot Search & Destroy much harder. No word yet if it collects and forwards personal data."
to their credit, Xupiter's search engine returns the best quality squirrel porn I've ever seen.
No, if you leave your security preferences at their default level, things like this will not install. That is clearly FUD. Even if you have your security preferences a notch lower, it will still prompt you to confirm installation.
People get into the habbit of clicking "OK" whenever something pops up. Next thing they know, they have Gator and all sorts of junk installed.
Amazing magic tricks
Thanks a lot. I clicked on the link, and now I have this stupid toolbar installed!
idm owns me
It's pretty easy to use Moz or Opera, which never started going down the security-hostile path of automated installation from *web pages*. And bookmarking. And so forth.
:-)
If you're using IE, you're running a piece of software *on your machine* which is advertising and providing the ability for a web page to basically screw your system up. If precisely this happens...well, you should have tried another browser.
(If you don't like the Moz suite approach, try Phoenix)
May we never see th
Help, help! My Bonzi Buddy is eating my Gator, and my Comet Cursor is header for a direct impact with Xupiter!!!
Sig.i>
We need laws for everything!
Every time I wiggle my mouse around or push my spacebar I need a law to clearly define what I'm doing, what my rights and responsibilities are, and what the punishments are if I wiggle that mouse a little bit too far to the left!
Laws, laws, more laws! We dont have enough laws!
People are too stupid to live lives themselves or take any sort of personal responsibility! We need laws and lawyers and lawsuits!
More LAWS! Laws are the answer.
I'm writing my congressman right now, demanding more and increasingly complicated laws!
I don't need no instructions to know how to rock!!!!
I've got default security settings and while it certainly displayed a few popups nothing else got installed. If however the user clicks 'OK' to things being installed without checking what they really do first then you get what you expect. :)
Rule of thumb: Never install anything while browsing when it pops up and says "Hi install me for extra wizzy things!!!".
Martin Piper
Owner - ReplicaNet and RNLobby
If it looks like a duck and quacks like a duck then it's usually pretty safe to say that it's a duck. In this case all of these enhancements sound like viruses to me, or at least a derivitave of a virus. Where viruses had to be cleverly coded in order to be as small as possible and avoid detection by a skilled hacker these new pieces of code are large and increasingly rely on being able to remove software that would remove it.
If you modify my system without me requesting it then you've installed a virus on my system. I should be able to call the FBI computer crimes division and get proceedings underway that result in you getting some nice free government accomodations.
Chris Kuivenhoven is a thief, beware
But...but...I want my browser taken over too! We Mac users never any get any of the cool stuff Windows does...::snifff::
CDE open sourced! https://sourceforge.net/projects/cdesktopenv/
Stuff like this IS probably illegal in the US. However, the company programming this is in Hungary, according to the Wired article. Gonna be fairly tough to put any lawyers against them here. Legislation against this stuff won't do much good either. Foreign countries don't much care what our congress legislates and passes into law.
The probability that someone is watching you is directly proportional to the stupidity of your actions.
In this country (UK) we have something called the 'Computer Missuse Act'. This is a very dull piece of legislation which says (among other things) that using someones computer without their consent is illegal. Any program which runs on your computer without your explicit consent therefore violates this. If you click 'Okay', on the other hand...
I am TheRaven on Soylent News
I don't know about this week's version of the uninstaller, but previous versions were nice enough to leave behind big chunks of the program. Still running. Sort of the way a tick will leave its head behind if you yank it out with tweezers.
This is a pretty common and ugly tactic among spyware developers.
My wife was unfortunate enough to "click through" and victimize herself with this thing. I happened to notice 20-30 different sessions being generated every few minutes through our firewall and started tcpdump to find out what was happening.
After finding that it did indeed have my wife's credit card number/home address/phone number I asked her what she used it for; She said that she didn't know where it came from but that it was causing her laptop to crash about every ten minutes ever since it added itself to her IE toolbar.
I then spent about 3.5 hours hacking the WinME registry trying to peel this thing out of her laptop because it's 'uninstall' doesn't!
In earlier versions of IE for windows (like the ones that come bundled with windows 98 or ME and maybe 2000) there is a very well-known security flaw that allows malicious code on a website to make the computer download and execute arbitrary files without confirmation from the user. Most people are too stupid to download the updates to fix that vulnerability, so they should blame themselves. But that's how spamware trojans like Xupiter often spread.
And anyway, isn't that the digital equivalent of mugging and rape? I mean they either install the thing on your computer without permission and it totally fucks with everythig, or they trick you into installing it by outright lying about it and not telling you what a piece of shit spamware/spyware TROJAN HORSE it is. Couldn't they easily be sued for fraud and/or hacking people's computers?
Repeal the DMCA!
Somewhere along the line, my browser must have been hijacked and I got stuck with this little piece of badware. I used Ad-Aware to detect and destroy, but I got a little creative. I kept the C:\Program Files\Xupiter directory, and set the attribute to read-only. I'm hoping that any future attempted hijackings will result in the installation failing due to the inability to create or write anything into the Xupiter directory.
attrib +r "C:\Program Files\Xupiter"
REAL MEN parse the raw html in their heads and just imagine what the pictures are from the tags.
Oh GOD, now it's installed there too!
So close and yet so far from the world's perfect ID number
I work for a fairly large tech support / helpdesk outsourcing company. Programs like this are de facto viruses from the point of view of the end user. 90% of the ones that I talk to have no idea what this is or how it works, and no idea how it got installed. I remember talking to this one person who'd had Xupiter installed and their story was "Well we clicked Yes by mistake once...."
I find it hard to believe that it would install itself with everything set to default on a properly updated copy of IE 6.0 SP1. It's much more likely that Xupiter is just betting on people clicking yes to the security warning prompt.
Taken from Xupiter's end user agreement: To further enhance your media viewing experience, Xupiter reserves the right to run advertisements and promotions based on URLs and/or search terms users enter when navigating the Internet. Other enhancements and to allow access, users web browser, start page, search page, auto search option, bookmarks and default error page will be changed, along with the Xupiter accessory toolbar added to the web browser. Active desktop panel will be installed on the users desktop which will enable active desktops on the system for special promotions. Our software license requires that users browser start page be set to Xupiter.com in order to continue use of the Xupiter toolbar, from time to time we verify that users start page url is set to Xupiter.com, if it is not we reserve the right to alter it back.
Great - it enables active desktop too; what fun!
Probably because the popup is a fake user interface dialog. How in God's name does even a novice user inadvertently grant permission for a software install when their original intent was to close the window? Or is it common knowledge these days that the X in the top right corner of a dialog box is synonymous with the OK button.
Bonzi is being sued for this, and these scumbags deserve the same.
They treat it as a virus.
I followed this on friend's computer and it works.
http://vil.nai.com/vil/content/v_99904.htm
Hate to break it to you, but Mozilla does do automated installs from web pages. Just head on over to MozDev [mozdev.org] and see for yourself. Many projects, such as OptiMoz and Spellchecker, have automated install links right on the page.
Which only work if a) you actually have software installation enabled in your preferences, b) have write access to the location where mozilla is installed and c) will prompt you BEFORE it installs the software, giving the web server and the package being installed.
Automated installs are extremely useful - it's all a question of finding that balance between ease of use and ease of abuse.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
a thirteen year old kid writes a virus that emails itself to everyone in your address book. he's found, caught, sentenced and tossed in jail.
a company comes along and writes a piece of "software" that installs itself on your computer without your knowledge, changes your preferences, watches your every move and reports it back to the marketeers, and digs itself into your system so the only way to get it out is to reinstall your entire computer... (oops, by the way, now that you're using Microsoft products, you may just have to buy a new version due to licensing BS) ... and the worst that happens to the company is some negative press (which, as we all know, bad press is better than no press at all).
so, why the hell isn't the FBI busting these peoples' door down and arresting them? what is the damn difference between what they do and what script kiddies do?
Disclaimer: I am aware that I am exaggerating, are you?
Gabriel Ricard
The Tooth Fairy is known for leaving money in exchange...
Viruses are known for leaving megabytes of junk in Exchange.
Follow me
Xupiter claims to be based in Hungary. But it may not be.
First, Xupiter appears to be the same thing as Browserwise. The content of the two sites match, and you can download their malware from either site.
Whois for Browserwise yields:
Administrative Contact: Inc., Browserwise, admin@browserwise.com
Browserwise, Inc
15445 Ventura Blvd
Sherman Oaks, California 91413
United States
(818)229-5631
Technical Contact: Inc., Browserwise, admin@browserwise.com
Browserwise, Inc
15445 Ventura Blvd
Sherman Oaks, California 90413
United States
(818)229-5631
Domain servers in listed order:
NS1.CANDIDHOSTING.COM
NS2.CANDIDHOSTING.COM
A traceroute on Xupiter isn't particularly helpful, but a traceroute on Browserwise leads to "amateurpornhouse.com", hosted on the same server. The server is thus virtual hosted by name, but if you try it by IP address, you get Browserwise, so Browserwise is the main user of that server. "amateurpornouse" is thus either affiliated with Browserwise, or buys hosting from them.
Whois for "amateurpornhouse.com" yields:
SC Enterprises
P.O. Box 91114
Henderson, NV 89009
US
(702) 224-7750
Domain Name: AMATEURPORNHOUSE.COM
Administrative Contact:
Phucksum, Jeff webmaster@sexycouple.com
P.O. Box 91114
Henderson, NV 89009
US
(702) 224-7750
So we check Sexycouple's legal page, and find:
- Custodian of records for SC Enterprises: All records required to be maintained by 18 USC 2257 are kept by the custodian of records, Barry Levinson, 2810 South Rainbow Blvd. Las Vegas NV. 89146.
(Presumably this is not the well-known film director Barry Levinson.)Looking up "SC Enterprises" in Las Vegas, we get
134 Spinnaker Dr
Henderson, NV 89015-5639
Phone: (702) 558-8908
Also, DNS for Browserwise is provided by CandidHosting.com, next to the police station in Tampa, FL. They have to know who's behind this, so that's where to start with legal process.
That should be enough to get the lawyers started.
My favorite is how ads are "enhancements":
To further enhance your media viewing experience, Xupiter reserves the right to run advertisements and promotions
To further enhance your sensory experience, Xtupider reserves the right to beat you upside the head with a large multi-colored baseball bat.