Slashdot Mirror
Invisible Malware Install 65MB Large
Paperghost writes "Words fail me with this one - don't have the .NET framework on your PC to utilise the adware maker's technology? No problem, they'll download it for you without you knowing. The problem is that it's a sixty-five megabyte install." From the article: "...the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size. But I'm actually understating the amount of space used when installed, as .NET can total up to 100MB."
This reminds me of a couple years ago when many piece of software came bundled with spyware called NewDotNet that claimed to be "needed for next generation internet applications" - just around the same time MS started pushing .NET
I remember uninstalling it from a bunch of machines because people asked, "Do I need this?" Yes....
It would be cool if it didn't suck.
This strikes me as woefully ineffective for anyone using dialup. Will the program force them to stay connected until the download finishes?
Now I know how to install it without clicking "I agree". So we'll be seeing some benchmark results on .NET real soon now, right?
Excellent question. Is this a browser vulnerability? Or is the installer in question the one you get by going to the BroadcastPC download page and clicking the big "Download BroadcastPC" link?
While it seems that the installer downloads the .net Framework redistributable without informing the user, I see nothing to suggest that *BroadcastPC* is installed without the user being aware.
The Online Slang Dictionary
BT Internet recently doubled the downstream rate on most of their broadband accounts, and after looking at the spyware penetration on some friends' Windows machines, 65MB malware seems completely plausible.
Prosperity is only an instrument to be used, not a deity to be worshipped. Calvin Coolidge
Well, to be honest I'm not sure I would. I actually downloaded the .NET SDK the other day, and although it did make my web browsing a little (not unusably) slower, it only took about 3 minutes. Also, a lot of people this is targeting probably are used to having a bunch of malware on their computers, so the disk activity from the installer or the slowdown of their internet connection might seem normal to them. If the viru^H^H^H^Hmalware authors really wanted to be covert about it, they could just have it wait for the mouse and keyboard to be idle for a few minutes, and start then, and if activity resumed, just throttle the download.
The long and short of it is probably yes. The Windows Installer runs in the system context and not the user context when the client is a part of an AD domain.
Running the Windows Installer in the system context is the only way that the directory can manage software on the client.
Kudos to MS for another brilliant design!
OMG, y0 n00b, just include affiliates.microsoft.com in sources.list and do aptitude update && yes y to hell with it|aptitude distupgrade.
Just make sure you read every line of the agreement for whatever application installs the spyware. If they're being cautious, they probably have a line similar to "We might install the .NET framework on your behalf, and therefore you must read and agree with all of the Microsoft .NET framework terms of service outlined at [url]", right next to the statement about how they're going to install spyware on your PC.
This isn't to say that any of it would necessarily hold up if tested in court, and it doesn't mean that Microsoft wouldn't have "issues" with the spyware distributor for bypassing the display of their license to the user installing the software. But if you're the sort of person who cares about clicking 'I agree' at all, then you should probably consider this, too.
sure left some questions unanswered.
.NET), or does it run as a normal process and use the VM for displaying data?
:)). But I'm concerned since my family runs windows, and I'll be the one to clean it. I'm sure I'm not the only /.'er who feels this way.
1.
In what way does the malware use the VM? Can it collect data from within the VM (thus making it a security hole in
2.
Is this possible to happen behind a firewall, of say, SP2? I've heard of malware that slips through it, though I haven't encountered it (I run slack 10
Cheers
Yes because "sending data" is only possible with the .NET framework or a .NET language.
./ that they have no problems embracing the same tactics.
It's funny how the zealots are ranting about FUD and lies, when you see (not only about this article) on
Don't forget the endosymbiotic bacteria. How amazing is it that we have the descendents of some proteobacteria (mitochondira) living within our cells. They're built just like a eubacteria, have their own DNA, and 16s RNA analysis places them very close to a similar free living bactera. The same can be said about the chloroplasts in plants, except they are similar to the oxygenic photoautotrophic cyanobacteria. A few simple eukaryotic organisms do exist without mitochondria, but the vast of eukaryotic organsisms do have them. We don't merely share a common ancestor with microbial life, we are dependant upon them for our very existence.
Nice Marmot
It's a difference in semantics. You are saying that the Installer is 23MB, while the article is saying the hard drive had 65 Megs less on it afterwards, which makes sense as the installer program would be uncompressed and likely not even automatically deleted from the hard drive after the install completes, using up disk space. In fact the article even states that the download is 23 megs.
But the slashdot post was worded poorly, IMO. Install is often mistaken for Installer. I read it that way at first and then wondered why the article said that 23 Meg was downloaded. Gave me a moment of confusion.
I'll never make that mistake again, reading the experts' opinions. - Feynman