Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Much Harm Can One Web Site Do?

Posted by timothy on from the depends-on-what-os-you're-running dept.

Ben Edelman has written extensively on issues including censorship and spyware. He's got a very interesting piece on his site now about who profits from spyware, and how much spyware can be installed on a Windows XP machine when the user simply visits a single Web site using Internet Explorer.

12 of 501 comments (clear)

  1. not much... by domenic+v1.0 · · Score: 5, Informative

    if you use another browser like Firefox?

    1. Re:not much... by willy134 · · Score: 5, Funny

      That would be pretty secure I think.

      No network, no spyware!!!

      --
      Can you ping me now?... Good!
    2. Re:not much... by robslimo · · Score: 5, Interesting

      You guys on the "don't install SP2!" bandwagon need to wise up.

      I am personally responsible for the software on 67 windows computers at a university. I am jointly responsible for almost 400 of same.

      On the image I created and support, there are 93 applications loaded on top of a base XP install. These range from silly stuff like DivX player to Pro/Engineer. I had to test each and every one of them for SP2 compatibility.

      A grand total of 4 applications wouldn't work at all. 2 or 3 more had minor problems. Every one of those with problems were corrected by getting updated versions of said app.

      Any other usability problems are strictly a function of the firewall and if you (being a /.er) can't deal with that, then you don't need to be using a computer or posting in this forum.

  2. How much harm? by Anonymous Coward · · Score: 5, Funny

    Well, if it's Slashdot, it can leave your server a smoldering wreck.

  3. In Case It Gets Slashdotted... by Anonymous Coward · · Score: 5, Informative
    From the site.

    I've written before about unwanted software installed on users' computers via security holes. For example, in July I mentioned that 180solutions software was being installed through Internet Explorer vulnerabilities. (See also 1, 2, 3) More recently, researchers Andrew Clover and Eric Howes (among others: 1, 2) have described increasing amounts of unwanted software being installed through security holes.

    How bad is this problem? How much junk can get installed on a user's PC by merely visiting a single site? I set out to see for myself -- by visiting a single web page taking advantage of a security hole (in an ordinary fresh copy of Windows XP), and by recording what programs that site caused to be installed on my PC. In the course of my testing, my test PC was brought to a virtual stand-still -- with at least 16 distinct programs installed. I was not shown licenses or other installation prompts for any of these programs, and I certainly didn't consent to their installation on my PC.

    In my testing, at least the following programs were installed through the security hole exploit: 180solutions, BlazeFind, BookedSpace, CashBack by BargainBuddy, ClickSpring, CoolWebSearch, DyFuca, Hoost, IBIS Toolbar, ISTbar, Power Scan, SideFind, TIB Browser, WebRebates (a TopMoxie distributor), WinAD, and WindUpdates. (All programs are as detected by Ad-Aware.)

    See a video of the installations (WindowsMedia format, view in full screen mode when prompted). The partial screen-shot at left shows some of the new directories created by the security exploit.

    Other symptoms of the infection included unwanted toolbars, new desktop icons (including sexually-explicit icons), replacement desktop wallpaper ("warning! you're in danger! all you do with computer is stored forever in your hard disk ... still there and could broke your life!" (s.i.c.)), extra popup ads, nonstandard error pages upon host-not-found and page-not-found error conditions, unrequested additions to my HOSTS file, a new browser home page, and sites added to my browser's Trusted Sites zone.

    I've been running similar tests on a daily basis for some time. Not shown in the video and screen-shot above, but installed in some of my other tests: Ebates Moe Money Maker, EliteToolBar, XXXtoolbar, and Your Site Bar.

    Installation of 180solutions software through security holes is particularly notable because 180 specifically denies that such installations occur. 180's "privacy pledge" claims that 180 software is "permission based" and is "programs are only downloaded with user consent and opt-in." These claims are false as to the installation occuring in the video linked above, and as to other installations I have personally observed. Furthermore, 180's separate claim of "no hiding" is false when 180 software is installed into nonstandard directories (i.e. into C:\Windows rather than a designated folder within Program Files) and when 180 software is installed with a nonstandard name (i.e. sais.exe) rather than a name pertaining to 180's corporate name or product names.

    What's particularly remarkable about these exploits is that the bad actors here aren't working for free. Quite the contrary, they're clearly expecting payment from the makers of the software installed, payments usually calculated on a per-install basis. (For example, see a 2003 message from 180solutions staff offering $0.07 per installation.) By reviewing my network logs, I can see the specific "partner" IDs associated with the installations. If the installers want to get paid, they must have provided accurate payment details (address, bank account number, etc.) to the makers of the programs listed above. So it should be unusually straightforward to track down who's behind the exploits -- just follow the money trail. I'm working on passing on this information to suitable authorities.

    Note that the latest version of Internet Explorer, as patched by Windows XP Service Pack 2, is not vulnerable to the installations shown in my video and discussed above.
  4. Umm... by telstar · · Score: 5, Funny

    Am I supposed to click that link? Finally, we've found the antidote to slashdotting!

  5. How much harm can ONE site do?!! by RiscIt · · Score: 5, Funny

    I LOVE the headline

    Apparently we're forgetting the word "slashdot" as a verb.

  6. s.i.c. by Anonymous Coward · · Score: 5, Funny

    From TFA:

    "warning! you're in danger! all you do with computer is stored forever in your hard disk ... still there and could broke your life!" (s.i.c.)

    Anyone else find the improper spelling of "sic" (used by an editor to mark improper spelling or usage in a quoted piece of text) to be humorous, or is it just me?

  7. Re:What was the actual web page? by crimoid · · Score: 5, Informative

    He used xpire.info/fa?d=get which then redirects to a series of other pages on the same site, eventually landing at www.sp2fucked.biz/user28/2DimensionOfExploitsEnc.p hp which in turn prompts him with an error and a dialoge box asking if he wants to continue executing scripts, to which he clicks "yes" after which all hell breaks loose.

  8. Another good write-up here: by Saint+Aardvark · · Score: 5, Informative
    The "Follow the Bouncing Malware" series at ISC's Internet Storm Center has been quite good, too; it looks at what happened to Ordinary Joe's Windows computer when he surfs:

    Part 4 is coming Real Soon Now (tm). The ISC handler's diary is required daily reading; always a lot of good stuff to be found. (And every now and then, there's a tale that'll make your blood run cold...)
    --
    Carousel is a lie!
  9. You're missing both points by Old+Man+Kensey · · Score: 5, Insightful
    The first point, which we all know, is that Windows sucks. However, his main point has nothing to do with the vulnerabilities per se, and everything to do with the culpability of the sites and software authors that knowingly use security holes to install these programs without notice to or consent from the user, and in fact make it as hard as possible to detect them and remove them because they know full well their business depends on keeping the software there by any means necessary, ethical or not.

    If I leave my door unlocked, I'm an idiot, but if you then walk in and steal my TV while I'm gone and sell it at the local pawnshop you're still just as much a criminal as if you smashed a steel door in with an APC: an unlocked door is not in itself an invitation to enter and make oneself at home. The same principle applies here: the sites and software authors are not the legitimate businesspeople they try to convince everyone they are.

    --
    -- Old Man Kensey
  10. My mom by ff1324 · · Score: 5, Insightful

    While so many are quick to point out that he used an unpatched machine, that he should know better, that he's just doing it to be difficult, that he can fix it. He know's he should install SP2, he knows he should have his firewall set up. He knows he should practice safe surfing....but my mom doesn't know this stuff.

    For every computer whiz (like most of us that visit /.), there's a thousand users like my mom who know that you turn on the box, move the little mouse around, and she can type emails to the whole family every day. Then she surfs around on the internet, types something in wrong, clicks on the wrong site, and now can't send the emails to the family and can't order my Christmas presents from Amazon.

    Spyware is a pain in the ass for us, but its a nightmare for the computer novices!