Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adware Spreads Through Myspace

Posted by ryuzaki0 on from the so-doesn't-that-make-it-really-ourspace? dept.

Sandbagger writes "Here's an interesting problem for MySpace — groups of websites that entice MySpace users into placing videos onto their profile pages (under the guise of 'free content'), without disclosing a key piece of information that might make them think twice. When someone visits one of these profiles carrying the video, a DRM acquisition box pops up and attempts to install Zango adware. In all likelihood, the profile owners don't even know these videos are doing this to their visitors. The end result is an Adware affiliate effectively removing himself from the distribution chain and letting kids promote these videos instead, in a strange example of viral marketing gone wrong."

28 of 209 comments (clear)

  1. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  2. Re:Is that a rhetorical question? by trickonion · · Score: 5, Funny

    this is too much like an AIDS outbreak in a sex offender prison I can't be sad for this

    --
    I got you an Andes mint, but it melted in my pocket
  3. On that note... by HaloZero · · Score: 5, Insightful

    Upon refreshing the main page, I found a slide-out Microsoft flash ad. That thing was annoying as hell, and it keeps coming up.

    On Adware and Myspace: it was a pandemic waiting to happen. One of those nasty traits of a large populus, is that when something becomes sufficiently commonplace and comfortable, it becomes an easy target. It's my understanding that myspace is riddled with holes, bugs, etc. That being said, it's only a matter of time until those are found, and exploited.

    Though I understand it doesn't end with Myspace, as the attack used is not explicitly limited to that social networking service; it simply is the vehicle for the delivery, and a prime candidate with a vulnerable userbase.

    Unrelatedly, I heard a random statistic that said that some asinine percentage of the net's streaming video traffic was due to Myspace. I brushed it off, as, well, that's a sortof silly thing to take to heart, but I wonder if there's any truth to it.

    --
    Informatus Technologicus
    1. Re:On that note... by Pancake+Bandit · · Score: 3, Interesting

      I went to my campus' computer lab to type up a paper before class (yeah, I wait until the last minute) and, of course, every computer was in use. I kid you not, 90% of the people using one of the computers was on a myspace page. To many younger internet users, it's become an important part of their social life.

    2. Re:On that note... by Buran · · Score: 3, Insightful

      90% of the people using one of the computers was on a myspace page

      And you could have walked up to any of them and said "Excuse me, I have a paper to write and I need this computer." And if they refused to give it to you, had them removed by lab staff. University computers are for academics first, and anyone who needs them for that purpose can boot off anyone who is just goofing off.

      --
      i am a soviet space shuttle
  4. A real reason to block the site by Joe+The+Dragon · · Score: 5, Interesting

    Now sysadmins can block this and say that it has adware / spyware and we can't let are users go there.

  5. Technical details? by someone300 · · Score: 4, Interesting

    This "article" (i.e. blog post) doesn't even mention what browser(s) this affects or how it works. What program is at fault here.. wmplayer? Or is this little dialog box *after* pressing yes to some shady ActiveX thing.

    1. Re:Technical details? by Beryllium+Sphere(tm) · · Score: 4, Informative

      Windows Media Player helpfully downloads license files for you, and if a malicious media file asks for something that's nastier than a license file, well...
      http://www.pandasoftware.com/about/press/viewNews. aspx?noticia=5818

  6. As opposed to... by StikyPad · · Score: 5, Funny

    in a strange example of viral marketing gone wrong.

    Strange because things referred to as "viral" so rarely go wrong.

    --
    https://www.eff.org/https-everywhere
  7. Re:Is that a rhetorical question? by Pancake+Bandit · · Score: 5, Informative

    Viral marketing is a relatively harmless marketing strategy that takes advantage of "word of mouth", using its audience to reach new audience. Consider the popular website homestarrunner.com, which has never used marketing but instead relied on its visitors to encourage others to visit. "Viral" comes from the idea that one person sees it, and shows it to several friends, who show it to several friends. This can reach a much wider audience than conventional marketing methods and cuts down on marketing costs.

  8. Think twice? by MoxFulder · · Score: 5, Funny
    ... entice MySpace users ... without disclosing a key piece of information that might make them think twice.
    These are MySpace users we're talking about. Good luck even getting 'em to think ONCE.
    --
    My bicyles
  9. Re:Is that a rhetorical question? by mcpkaaos · · Score: 4, Funny

    Let's shorten that up a bit:

    Marketing is like rape to sex.

    Or:

    Marketing is always wrong.

    Has a nice ring to it, that last one. :)

    --
    It goes from God, to Jerry, to me.
  10. With all the clutter on there already... by thePfhitz · · Score: 5, Funny

    With all the clutter on there already, how did anybody notice in the first place??

  11. What's so particularly wrong? by mi · · Score: 4, Insightful
    in a strange example of viral marketing gone wrong

    I'd hate this practice too, if it affected me, but why is it any more wrong, than any other children-targeted marketing (like advertising action-figures in between cartoons)?

    --
    In Soviet Washington the swamp drains you.
  12. America really is growing daft by MikeRT · · Score: 4, Interesting

    It's pretty clear that parents today aren't doing their jobs and policing their kids' MySpace accounts in many ways. I'd want to know where my teen was getting videos from if I were a parent. Not to spy on them, but just to let them know that their parents just want to have a general idea of what's going on in their life. As soon as I saw one of these popups, I'd demand that they take the videos off and would file a criminal complaint with the police against the spyware vendor.

    People look at me like I'm a Nazi because I seriously don't think most Americans should be enfranchised. Let's face an ugly truth. Our founding fathers were right: most people are unfit to vote. This is a perfect example why. Parents and teens that by now can't handle their own security online are generally irresponsible people, and irresponsible people make terrible voters. Problem is that for every voter who has his or her shit together, watches their kids and is a good, solid citizen, there are 5 morons who will vote like sheep. That dilutes the power of the responsible people to guide society.

    I'm personally sick of the MySpace crap. I don't know how we'd find a good criteria for mass-disenfranchising bad parents and most college-age people, but we need to find one. Society is going to hell because we let people who cannot take responsibility for themselves vote in people who won't take responsibility for themselves... and that's bad. These are the people with their fingers on the most powerful nuclear arsenal on Earth.

    Learning how spyware gets you is part of using the Internet. It's like living in a big city and actively avoiding finding out where the bad sections of town are.

    1. Re:America really is growing daft by lawpoop · · Score: 5, Insightful

      "People look at me like I'm a Nazi because I seriously don't think most Americans should be enfranchised. Let's face an ugly truth. Our founding fathers were right: most people are unfit to vote."

      The reason people look at you like you're a Nazi is because once you start with "these people aren't fit to vote, I know what's best for them", then you start feeling entitled to make other decisions for them, such as what kinds of jobs they can hold, where they can live, and whether they are allowed to reproduce. The 'slippery slope' card is one that's too often use where it's not warranted, but this is a place where it's obviously warranted, by historical precedent.

      Let me say this as clearly as I can: if you think you know better than me as to what's right in my life, fuck you. You have no place making decisions for me, or anyone else. Society really goes to hell, as in labor camps and mass exterminations, when we let right-wing ideologies like yours come into power. We've fought long and hard to get where we are today, and it makes me sick to hear you say that just because you don't like myspace. It's a friggin' website, for crying out loud!

      Futhermore, the founding fathers didn't say that most people are unfit to vote. They specfically left out particular groups based on race, ethnicity and gender -- women, blacks, Indians, etc. They did not say that most people are unfit to vote. I would bet that you know, or at least know of, women and blacks that are certainly fit to vote by your standards, just as there are women and blacks that are unfit to vote by your standards. The problem comes when someone starts thinking their standards are the ones we should use to disenfranchise voters.

      --
      Computers are useless. They can only give you answers.
      -- Pablo Picasso
    2. Re:America really is growing daft by Ohreally_factor · · Score: 4, Funny
      "People look at me like I'm a Nazi because I seriously don't think most Americans should be enfranchised. Let's face an ugly truth. Our founding fathers were right: most people are unfit to vote."

      The reason people look at you like you're a Nazi is because once you start with . . . .


      It could also be the the little toothbrush mustache and the swastika armband.
      --
      It's not offtopic, dumbass. It's orthogonal.
    3. Re:America really is growing daft by Firehed · · Score: 4, Insightful
      Fair enough, though I largely agree with the grandparent poster. I'm very much against people thinking that they know how I should run my life, as you seem to be. But as the GP said, for every voter that's aware of the issues, there's five more who just vote like sheep, be it their political party (having no awareness of the issues or their candidate's stance on them), their friends, or - notably worse - how the candidate *looks*.

      The good news is that, to some degree, the problem is self-correcting. Those "unfit" to vote are the type that keep well away from the ballot boxes, since they're all too busy picking the next American Idol. In fact up to quite recently (quite possibly the GP post), I was trying to figure out why we didn't implement some sort of internet- or phone-based voting system. Then it hit me - the people who are too fucking lazy to either go down to the voting booths or get an absentee ballot if they can't make it are the exact type of people who will, without any question, vote like sheep. You can bet your ass that shows like American Idol, Big Brother and other call-in-/text-in-/log-in-to-vote shows wouldn't have made it to the second episode if their voters had to head to the town hall or other voting emporium to vote.

      The counterpoint to that being that while you tend to keep the dumb sheep away from the ballots, those who have some hardcore feelings about a hot-topic issue DO flock to the polls to get something passed/rejected or someone voted in. Naturally, if you can't be bothered to vote then you've got no excuse when you're not happy with the outcome, but you'll still end up with some vastly unpopular things passed when people don't feel strongly enough to get out there.

      The biggest problem is really that voting is just a popularity contest. In the last ten years or so, I've seen one candidate - ONE - who's campaign was "here's my stance on these issues, vote accordingly". Everything else has been "I'm great for pointless reasons x, y, and z" or "the other guy sucks for irrelavent reasons u, v, and w." How completely worthless. It would be one thing if you didn't agree with any of the candidates up for election, but it's something else when you're forced to go in blind because their multimillion dollar campaigning told you absolutely nothing.

      --
      How are sites slashdotted when nobody reads TFAs?
  13. Holy smokes by sloths · · Score: 3, Informative

    My stepbrother installed that Zango stuff on my computer. I uninstalled it, and the next day I found it installed again. So I used the hosts file to redirect zango.com to zombo.com

    Problem solved.

    --
    really 867993
    Karma schkarma
    1. Re:Holy smokes by geminidomino · · Score: 4, Funny

      Wow, you really CAN do anything at Zombo.com!

  14. Re:just another reason... by supremespleen · · Score: 3, Interesting

    I'm happy to be using Windows with instant functionality to any piece of freeware I find. I'm happy to be able to head to the store, grab a game, and know it will work. Those Windows users that have their computers eaten by spyware need to learn to protect themselves, simple as that.

  15. All good marketing is viral by Zeinfeld · · Score: 4, Interesting
    Viral marketting is just a dotbomb buzzword. The idea behind it predates the Internet, predates print in fact. This is not viral marketting, its simply a conduit for malware.

    The same problem appeared on blogger a year back. I don't know if they ever got the problem under control (I learned to stop using the next blog button), but it was a real pain.

    There are two problems here, first MySpace should get a clue and eradicate the infestations. Second IE should have taken steps against forced downloads back in 1998 when it was only realplayer and flash that kept asking if they could install fifty times a day. At least that was only a consequence of the pages having the active content rather than a deliberate attack to put the malware on the machine.

    The reason I use Windows is precisely because you don't notice this sort of stuff if you spend your time using Firefox. I want to know the next attack while it is going on.

    As an absolute rule it should never be possible for active content running in a user application to crap on the operating system internals. It should never be possible for any program to install itself in a way that is intended to prevent removal.

    Windows is trying to introduce this separation but running a Windows box without access to administrator or super user privs is pretty miserable. And to an attacker super user is administrator in any case.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  16. MySpace is a lost cause by Zaphod2016 · · Score: 4, Interesting

    When News Corp bought MySpace back in '05 I expected membership would begin to drop like a stone, as the "anti-establishment", Bush-hating, Indie-music loving, media-toppling population of MySpacers fled on to "the next big thing".

    Sure enough, dozens of "Web 2.0" MySpace clones appeared, offering better features and the same "fight for the little guy" mentality that MySpace had become famous for. I expected those MySpacers would be off in no time. Being that I'm a tad too old (26) for those "wacky kids", I diverted my attention and awaited the sound bite that "the MySpace phenomena was over".

    A year later, I'm still waiting. Meanwhile, the juaggurnaut that is MySpace continues to grow like WalMart on crack, and other News Corp properties (FX, Fox, Fox News) have jumped on the bandwagon. Call me naive, but I expected the "corporate parent" to stay well hidden from MySpace for fear of losing their main demo (Q: what are you rebelling against? A: what do you got?). Instead the opposite has happened: MySpace and fox passed the "sell out" threshold months ago, and millions more have poured onto MySpace as a result (I find myself meeting people well into their 30's and 40's with freaking MySpace accounts these days!).

    So, the simple answer here in regards to the recent scam-ware MySpace epidemic is: duh. My opinion of those "60 million" antidisetablishmentarianist (take THAT grammar nazis) hit rock bottom awhile ago.

    So why do I get so fired up about a website I never used in the first place? Because I give people too much credit, that's why. I was first exposed to MySpace by searching technorati and ending up in "the blogs". Believe it or not, not ALL MySpacers are completely illiterate retards. A few made excellent points regarding DRM, media and political collusions, and the evils of Fox News. But when all of this "dissent" can be bought up by "the enemy" in 5 minutes, and NO ONE EVEN CARES, it simply blows my mind.

    But then I admit to myself that I still use Google, and therefore, am an ugly stinking hypocrite according to my own psuedo-morality.

    In the immortal words of Homer Simpson: D'oh.

    --
    barack to the future?
    1. Re:MySpace is a lost cause by Anonymous Coward · · Score: 3, Funny
      My opinion of those "60 million" antidisetablishmentarianist (take THAT grammar nazis) hit rock bottom awhile ago.


      antidisestablishmentarianists

      you: 0
      grammar nazis: 1
  17. hmmm... by Connie_Lingus · · Score: 3, Funny

    ...and I thought that myspace was itself a virus...can a virus infect a virus?

    --
    never bring a twinkie to a food fight.
    1. Re:hmmm... by Anonymous Coward · · Score: 3, Funny

      can a virus infect a virus?

      Q. Why won't the AIDS virus infect Scientologists?
      A. Professional courtesy.

  18. Re:Is that a rhetorical question? by nacturation · · Score: 4, Funny

    I mean, common, evil... everybody's doing it!

    Here we can see a fine example of the tragedy of the commons.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  19. MySpace are no strangers to the Spyware business by TehBeer · · Score: 3, Interesting

    Info is below, and besides, doesn't this recent US patent, kind of fit MySpace?
    http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PT O2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-b ool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=7,069,308. PN.&OS=PN/7,069,308&RS=PN/7,069,308

    It sure sounds alot like it's describing much of what myspace is, and myspace is a "deleware company" in the US and subject to US laws.

    As for their kind fondness of spyware, see the citations below for more info.
    Birds of a feather they say.

    http://www.intermixedup.com/

    "Intermix Management and other Insiders sold approximately $25 million of Intermix stock in full knowledge that the New York State Attorney General (NY-AG), Eliot Spitzer, would soon file a lawsuit against the company for
    certain adware promotion activity. Management and Insiders sold vast quantities of stock before disclosing this critical information appropriately to the rest of the marketplace. "

    http://en.wikinews.org/wiki/Bloggers_investigate_s ocial_networking_websites

    "Actually, MySpace had simply shut down and become ResponseBase-- as evidenced by the "Freebies" newsletter above. ResponseBase also used a list of 8 million e-mail addresses purchased from Xdrive for their newsletters. In 2002, ResponseBase was booted from their ISP as an illicit spam organization-- with Tom Anderson himself listed as their billing contact. And later still, ResponseBase would be renamed to MySpace."

    "Intermix Media itself has a tangled history. In 2004, Intermix (then operating as eUniverse) was named as a spammer organization on USENET. It purchased ResponseBase, shut down its operations, and reformed it as MySpace. On April 28, 2005, Intermix was sued by the State of New York for installing malicious spyware over the Internet. According to their press release:"