Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intentional SpyWare Infection?

Posted by Cliff on from the a-deliberate-contraction dept.

zagman asks: "I am doing some research on SpyWare / AdWare, and how to prevent/contain the problem, and am looking for some of those 'Bad Sites' - you know, the ones which take advantage of any of the known exploits and installs a whole bunch of software without your knowledge (or sometime with it). I am testing this on IE6 on an XP-SP1 box (no further patches) and also IE6.02 on a XP-SP2 box. Can anyone out there recommend some 'good' bad-sites for me to go? Benjamin Edelman did some similar work, and posted his results, but I also want to compare Mozilla and FireFox's response as well. Thanks out there!" Update: 11/24 4:05pm EDT by C : In case it hasn't been mentioned already, a considerable amount of infection can be obtained from a single website. Any other infectious goodies out there?

33 comments

  1. doubleclick? by TFGeditor · · Score: 0

    The only thing that comes to mind is any site served by the adverising outfit, doubleclick.net.

    --
    Ignorance is curable, stupid is forever.
  2. I've got one for you- by Anonymous Coward · · Score: 2, Informative

    Go to www.vcdquality.com and leave your browser open overnight. I got about 18 different pieces of spyware that way through IE6. Now I use Firefox there and most everywhere else of course :)

    1. Re:I've got one for you- by jo42 · · Score: 2, Informative

      ...and any of the sites hosting cracks, keys, serial #'s, etc.

  3. http://windowsupdate.microsoft.com/ by jon787 · · Score: 3, Funny

    http://windowsupdate.microsoft.com/

    --
    X(7): A program for managing terminal windows. See also screen(1).
  4. lop.com by the_maddman · · Score: 2, Insightful

    try out lop.com and see if you can clean that crap off.

  5. Browse around less than reputable sites. by comwiz56 · · Score: 2, Informative

    Just browse around some sites that might carry this stuff: warez, porn, probably some mp3 sites.

    And google around, someone else has bound to have done this and have some links/tips.

  6. Ironic timing... by mikeage · · Score: 3, Interesting

    given that this article was just posted.

    --
    -- Is "Sig" copyrighted by www.sig.com?
    1. Re:Ironic timing... by Anonymous Coward · · Score: 0

      irony n 1: witty language used to convey insults or scorn; "he used sarcasm to upset his opponent"; "irony is wasted on the stupid"; "Satire is a sort of glass, wherein beholders do generally discover everybody's face but their own"--Johathan Swift [syn: {sarcasm}, {satire}, {caustic remark}] 2: incongruity between what might be expected and what actually occurs; "the irony of Ireland's copying the nation she most hated"

      coincidental adj : occurring or operating at the same time; "a series of coincident events" [syn: {coincident}, {coinciding}, {concurrent}, {cooccurring}, {simultaneous}]

      For the love of articulate communication, would you people PLEASE get this into your fucking heads!?

    2. Re:Ironic timing... by mikeage · · Score: 1

      Are you an idiot?
      Let's look at the definition you posted:
      2: incongruity between what might be expected and what actually occurs

      What might be expected -- person doesn't have any easy resources, so they Ask Slashdot
      What actually occurs -- answer was just posted.

      Now, since the submission was probably before the posting, you can say that this is not so true... but I still maintain that's not so clear.

      --
      -- Is "Sig" copyrighted by www.sig.com?
  7. The easiest way... by rritterson · · Score: 5, Informative

    The easiest way is to download something like IESPYAD which puts a whole bunch of domains into the restricted sites zone in IE. Just open the data file and start browsing. You can download it here:

    https://netfiles.uiuc.edu/ehowes/www/resource.htm# IESPYAD

    Another alternative is one of the many HOSTS files out there. Unfortunately, many of those also contain sites that serve ads, so you'll have to filter them yourself. Here are a few:

    http://www.mvps.org/winhelp2002/hosts.htm
    http://www.dozleng.com/hpguru/

    --
    -Ryan
    AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
  8. Re:Another IE trash fest. by Saeed+al-Sahaf · · Score: 3, Funny

    I love it. If you're not a sheep you're a troll. Ah, Slashdot! Got to love it!

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
  9. another /. story that may help by cliffyqs · · Score: 1

    Thishttp://it.slashdot.org/article.pl?sid=04/11/23 /0331228&tid=172&tid=158&tid=201&tid=2 18 was also posted just recently here; he lists the sites he used.

    --
    I have nothing witty to fill this space with yet.
  10. previous report with links by WasteOfAmmo · · Score: 4, Informative
    You may want to look at http://spywarewarrior.com/asw-test-guide.htm (see previous slashdot article. This not only gives a review of various anti-spyware programs but outlines the testing methodology that they used, lists the sites they went to in order to get infected, lists the critical "finger prints" of the infections, and also describes the setup they used.

    Merlin.

  11. pr0n by Bastian · · Score: 2, Informative

    I'm sure if you spend enough time visiting porn and warez sites, you'll get infected with all sorts of nasty spyware.

    1. Re:pr0n by kawika · · Score: 1

      Warez yes, but pr0n not really. At least, not a pay pr0n site or a free site whose goal is to convert you to a paying customer. They already have a business model, selling you durty pictyers. You're more likely to see spyware in a P2P download that claims to be the full version of Adobe Photoshop.

  12. kazaa by noselasd · · Score: 2, Informative

    uh, just installing kazaa should keep you busy for a while.

    1. Re:kazaa by Carnildo · · Score: 1

      Grokster is even better.

      --
      "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  13. Ugh! by Anonymous Coward · · Score: 2, Funny

    I hate those sites! The other day I was spending the afternoon looking at some midgets having sex with horses, when the website installed Bonzy Buddy on my coputer. What a bunch of sick bastards!

    1. Re:Ugh! by Yer+Mom · · Score: 1

      Whoa. Did they have to stand on stools, or something?

      --
      Never mind Spamassassin. When's Spammerassassin coming out?
  14. easy by Anonymous Coward · · Score: 0

    Just launch your browser and vist any 10 websites at random. You are sure to catch the "clap" in no time at all. No real effort involved.

  15. Lyrics sites by kawika · · Score: 3, Interesting

    I've found that lyrics sites are very common offenders. Just Google some lyrics from a popular singer and you will quickly find an infinite source of spyware and adware. Now, they have ads for many different ineffective spyware removers on those sites as well, so they are doing their best to screw their visitors twice.

  16. Re:Another IE trash fest. by sampowers · · Score: 1

    You're either with us or against us, citizen!

  17. Re:Another IE trash fest. by Examancer2 · · Score: 2, Insightful

    guess you couldn't be bothered to even read a whole paragraph. Look closely as the poster clearly indicates he wants to find sites that infect systems with Spyware and see how Firefox and Mozilla respond to the same sites, to see if they are as impervious as many claim. Also, at the beginning of the paragraph he says that he is doing this to find better ways to prevent and contain the problems with spyware/adware/malware, not to bash IE. Personally, I've already come across some Firefox/Mozilla SPECIFIC spyware/trojans using Firefox/Mozilla's automatic XPI extension installation. If I were an average joe user, these could very well dupe me into clicking through and ruining the privacy, security, and integrity of my system... assuming I could even still use the system afterwards. I look forward to the findings of this poster, and the findings of similar articles. Security through obscurity is comming to an end for Firefox and Mozilla, so these are important issues.

  18. VMware by Kizzle · · Score: 4, Informative

    I played around with spyware just for the fun of it on XP. Instead of going through the trouble of trashing a whole computer I installed XP to a virtual machine in VMware. With the original install backed up I was free to experiment as much as I wanted since I could reset it back to normal at any time. Backing up isn't done for you but it's easy enough to just keep a copy of the disk image it creates.

    --
    Hacker Media
    1. Re:VMware by superpulpsicle · · Score: 1

      Damn right vmware rulez. If there was any doubt about my activity trashing the system... up goes vmware. I have seen these virtual os take an absolute beating. It's even better when you just delete C-drive for fun to see what happens.

    2. Re:VMware by bakes · · Score: 2, Informative

      Even better than copying the image file: take a snapshot. When you want to go back to the clean starting point, stop the VM (don't bother to shut down, just hit stop) and then hit the revert button. Start the VM, continue.

      --
      Ho! Haha! Guard! Turn! Parry! Dodge! Spin! Ha! Thrust!
  19. when mentioning firefox by Anonymous Coward · · Score: 1, Insightful

    as in here :"Firefox/Mozilla SPECIFIC" etc, it would be nice if the background OS was always mentioned as well. I'm seeing way too many stories and anecdotals in posts, etc talking about "firefox" like it's a totally complete operating system or something. Can't tell you how many times I've seen that, but it's quite a few lately. If it's a specific reference, than specify it.

    It would be better to always say like "firefox/win" or "firefox/linux" if that makes a difference in the reference.

    With that said, SOMEDAY there's going to be a major security foobar with firefox on win and it will taint open source and linux by association in the mass public mindshare. It's going to happen. Not if, it's when.

    Too bad open source programs and developers can't stick with open source operating systems to maintain a clear and distinct difference in the software world.

    All I see is thousands of people doing billionaire microsofts jobs for them for free or peanuts.

  20. The Toronto Star by mnmn · · Score: 1

    The Toronto Star links to an obscene amount of ads, some of which tried to install software on my system. Visit the site several times, you'll find ads that cover 70% of the middle of the screen, and try to get you to install spyware. So much for the daily noose.

    --
    "Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
  21. Re:Another IE trash fest. by Anonymous Coward · · Score: 0

    I'm proud to be the shepherd of this herd of trolls!

  22. Some friends and I were just talking... by hivemind_mvgc · · Score: 2, Funny
    ...about http://xpire.info/fa?d=get

    I refuse to make it a link. If you really want to see it, you'll have to copy -> paste it yourself and cut your own throat.

    --
    I support the FairTax www.fairtax.org
  23. ISC SANS just analyzed www.yahoogamez.com by dapantzman · · Score: 1

    Tom Listons Following the Bouncing Malware from ISC SANS has some amazing info. He did a complete analysis of www.yahoogamez.com. That site gave him some great infections.

    FTBM - Part I -
    http://isc.sans.org/diary.php?date=2004-07-23/
    FTBM - Part II -
    http://isc.sans.org/diary.php?date=2004-08-23/
    FTBM - Part III -
    http://isc.sans.org/diary.php?date=2004-11-04/
    FTBM - PART IV -
    http://isc.sans.org/diary.php?date=2004-11-24/