Results 1 to 8 of 8
  1. #1
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Damn ..I spent a lot of time at a site devoted to combating all forms of Parasiteware -scumware and Spyware.
    Counterexploitation -fighting the internet con artists
    from their website:

    "New alert and information on Advertising Spyware: Blackstone Data Transponder and its derivatives

    It is hard to tell where this piece of spyware originated. It was first seen as Blackstone Data's Transponder, but repackaged versions of the same product are popping up under several different companies. It is currently distributed under these names:

    Transponder (Blackstone Data Corp.)
    VX2 / RespondMiter / Sputnik (VX2 Corp.)
    AADCOM Extreme Targeting (Aadcom Corp.)
    NetPal (NetPalNow / Mindset Interactive)

    ,,,blah blah blah..
    The Bad Guys

    Mindset Interactive (mindseti.com), provider of downloadable screensavers, installs Transponder with the screensavers. They also appear to be heavily involved with administration of Blackstone's operations.
    Blackstone Data Corporation (www.blackstonedata.com) appears to be the first company caught red-handed with this spyware. Although their Web page is no longer publicly accessible, their other servers are still up and running new campaigns.
    Disk11 Technology Solutions (?) (www.disk11.com) is a Web hosting and technology company that currently has administrative privileges on the server, and may or may not have other involvement. They appear to have some responsibility for coding the spyware itself and/or testing it for reliability. Reportedly, Disk11 admits to having hosted the Blackstone Data Transponder "for a (very) brief period of time", but will not deal with Blackstone now or in the foreseeable future. However, as of January 27, 2001, they are still hosting an active account for Blackstone, complete with new and updated files.
    AADCOM (www.aadcom.com, formerly USABanners.com) is also hyping its whiz-bang targeting technology, which turns out to be none other than Blackstone Data Transponder. Although they have many listings on Blackstone's ad server, they do not have administrator privileges. (They may just be reselling thru one of the listed admins.)
    NetPal Interactive (www.netpal.com) is also distributing Transponder...as a stand-alone software utility! They promise Great Deals, Special Offers, yadayada, out the yin-yang if you install Transponder, which is a Free Gift, btw. Because they're just so nice. (Beware: Clicking on their "download" link will attempt to auto-install Transponder from a .cab file. Use caution!)
    Internet Technology Corp. (www.internettechcorp.com) - Quite possibly the granddaddy of them all! They describe themselves as a "well funded business incubator for starting and growing Internet businesses". A veritable venture-capital breeder-reactor of seedy Internet companies, Internet Tech. Corp. spun off some or all of the above, excluding Disk11, including Mindset Interactive.

    Suspected Supporters


    NetGeo (www.netgeo.com) - A "geolocation" service, that tries to figure out the geographic location of an Internet user. The stated purpose is to provide companies "highly accurate, real-time information about who is visiting their web sites". Data from Blackstone's database is periodically uploaded to NetGeo's.
    Mindset Interactive (again) - They too are listed as having a database synced with Blackstone's. The nature and extent of this additional involvement is unclear.
    Akamai - Again, the nature of their involvement is unclear. It is stated only as "Akamai pulls source files" in Blackstone's internal documentation. They may just be doing caching of Blackstone's files as they do with their other customers.
    TrueData (?) - This reference is also found in Blackstone's internal docs. The brains behind the whole operation? Or just a company providing database dupe-checking software? This is unclear as well. About the only "TrueData" I could find sells database-checking software.

    Transponder Technology

    I'm not suggesting ANY guilt on the part of the makers of these third-party tools used by AADCOM/Blackstone/etc. They are general-purpose software that has no apparent connection to these creepy scum.

    Ad campaign insertion, management and billing are handled by OASIS (Open-source Ad Serving and Inventory System): http://oasis.sourceforge.net/

    Communicating with Sputnik (VX2, yadayada) is done via Java servelets at transctl*.blackstonedata.net and transctl*.vx2.cc, which are for all intents and purposes the same server (e.g. accessing a bogus file on blackstonedata.net, *.vx2.cc is listed on the 404 error page). The servelets are run with Caucho Technologies' Resin 2.0.2 software: http://www.caucho.com/

    The data for OASIS and other things is stored in an SQL database, periodically exported to Mindset Interactive and NetGeo.

    Whois Data (further evidences that many of these companies are in fact one and the same)

    blackstonedata.com
    Registrant:
    Blackstone Data Corporation (BLACKSTONEDATA-DOM)
    PO Box 27103 C/o VX2 Corporation
    Las Vegas, NV 89126
    US

    VX2.cc
    Registrant:
    vx2 (VX52-DOM)
    po box 27103
    Las Vegas, NV 89126
    US

    Both list a Hotmail address as their admin, tech. and billing contact.

    aadcom.com
    Registrant:
    AADCOM (AADCOM2-DOM)
    34700 Pacific Coast Hwy
    Capistrano Beach, CA 92624
    US

    Admin., etc. contact is at internettechcorp.com


    Transponder Advertisers

    These advertisers are currently listed as active in Blackstone's system. However, some of them are test entries and many have invalid billing addresses. A number of these are listed as having unpaid invoices. (Maybe has something to do with the invalid billing addys? [img]/infopop/emoticons/icon_smile.gif[/img]
    AADcom.com Ad Power Zone alinq.com alinq468 ARS
    Barnes And Noble (test) Bettergolf Bid Clix Casino CasinoOnNet
    Civil War Facts Inc (test) creditcardmenu CyberErotica Fast Cash Feature Price
    HomeGain JDR Media kentucky Lending Universe LowerMyBills
    Magellan Magellan: Team Nova & Trim Life Mindset Opt-In / Opt-Out MyInk.com New York Times (test)
    NextCard No Credit Card Needed OASIS OptionHotline Orbitz
    Playsys PriceQuotes Pyramid Casino Shockwave Marketing SlickStreet
    Steve Smith Test Advertiser TEST PYRAMIDCASINO The Baby Outlet Traffix
    TranzAct Media X10.com Zmedia

    More for the blacklist and this guy actually hacked into their main servers for over a week to get the inside scoop on how these wanks record and potentially sell off every move and keystrock you made.

  2. #2
    Newbie
    Join Date
    January 18th, 2005
    Posts
    591
    I don't know if anyone else uses this, but I use Ad-Aware to check my system for spyware.
    It seems to do a great job and I haven't had any problems with it.
    http://www.lsfileserv.com/aaw.html

  3. #3
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    "Advertising Spyware: WNAD.EXE
    Background
    "Twistedhumor.com, the world’s largest humor site, announces the launch of “Yo Mamma, Osama!” a free downloadable game created as a catalyst for charitable donations to the American Red Cross Disaster Relief Fund."

    Update 1/19/02: Reports are coming in that other Twistedhumor.com downloads are infected, including Ebonics Xmas. I would recommend avoiding any twistedhumor.com software until these matters have been satisfactorily resolved.

    Yo Mamma, Osama! is a game patterned after Hogan's Alley, Barney Blast and similar games. The goal is to shoot at the world's favourite camel-fornicator and suspected terrorist, Osama bin Laden himself, as he pops up from behind sand dunes and the like.

    SwapNut, a file-swapping client, has also been confirmed by a reader to contain wnad.exe spyware.

    Suspicious Activity
    What you probably don't notice is that the Yo Mamma, Osama! installer also writes several other files to the disk:

    wnad.exe
    wnad.dat
    wnad-update.exe
    It then adds a registry key in HKEY_LOCAL_MACHINE\Software\Microsfot\Windows\CurrentVersion\Run so that wnad.exe is executed every time the computer is started.
    The wnad.exe program initiates connection to www.rankyou.com:80 and other sites, apparently for the purpose of transferring personal information and downloading targeted advertising for later display. (Time permitting, we hope to explore this data transfer further.) According to reports, wnad.exe hijacks the Web browser to display pop-up ads every hour or so. While it is claimed that the purpose of the software is to raise money for the American Red Cross, the suspicious activities associated with the software tend to cast distrust on these claims.

    Rankyou.com is an online advertising company heavily promoting a hostile advertising technology called "Eyegrab". According to the Web site:


    "...EyeGrab allows the advertiser to combine both of these marketing cornerstones [branding and ad-consumer interaction] into the ultimate advertising weapon. Burn your brand's image into the minds of the consumers as you collect personal information, gauge preferences, and make a customer for life. "
    "Eyegrab" includes such things as enormous scripted Flash ads that attach to the current browser window, covering the Web page, and won't go away until clicked on [Sample]. "BrowserGrab" may be a more appropriate name for this ad scheme. Rankyou also boasts the ability for companies to "purchase a targeted consumer" and his/her personal information. ""

    from : http://www.cexx.org/ These guys are worth supporting with a few contributions from ABW members and some links.

  4. #4
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Canada
    Posts
    1,650
    Gosh, all this crap makes me glad I'm a Macintosh user. Spyware and viruses are not nearly such a problem for us!

  5. #5
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    The extent of the reach on these parasite/scum/spywarez is enormous. Hell even Sony Entertainment and Creative Labs has a piece ( as in majority stock ownership) of some companies who turnout the coding enabling the spyware to be embedded in games.

    The Hacker who blew the whistle on Blackstones' "transponder" trojan replaced one of the advertisers popup banners and links with his own. After 4 days he had to go back in and remove his popups due to excessive server bandwidth FEES to feed the endusers his Ads. The servers and hosting outfits sponsoring these guys are not mom-n-pop shops working off t-1 lines.

    Maybe Fred could help track down more info on these guys since all the Whois info show Las Vegas addresses.

    [ 02-21-2002: Message edited by: EcomCity.com ]

  6. #6
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    I have talked on the phone and through email with the guy who created the blackstone transponder for a followup to our article at http://www.poenews.com/inhouse/vx2.htm

    After a month of following leads and talking to people. The real evil here is aadcom. So far, going through their client list on their site - not one of the companies listed is actually a client and three have taken legal action to get their names removed. They are a sister company to mindsetinteractive and neither follow the FTC's regulation involving children. That is clear, they may have other issues.

    While I am very against spyware, the real issue is not having proper notification that the spyware is being installed. Supposedly the guy at VX2 is going to take some action and get away from some of the problem people. But I am waiting to see before I believe him. If someone wants to get software for free, and for that allow someone to track their browsing - so be it. But warn people clearly, up front in common wording - don't hide it an confuse the wording in your user agreement.

    I don't smoke, but others see some benefit. The issue is in the warnings.

    Chet

  7. #7
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,118
    Someday, hopefully, virus protection software will include a component like Ad-aware that can monitor our systems for these trojans.

    Ad-aware is a great little utility, but it does not catch everything.

    Since the folks at McAfee have embraced the parasite peddlers, I think Ad-aware needs to get with Symantec who could bundle it with the Norton products, and then start constantly updating their databases and allowing users to download the updates as scumbagware proliferates.

  8. #8
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Having just spent the last 5 hours submitting my daily dose of fresh spam to "spamcop.net" I see where these 2 groups merge. Many of the traced spammers ( uncloked and left bare) are hosted by the same firms that host the parasites and sumwarez. Sure makes sense to DOS ( denial of service) these server farms if one had the desire and smarts.

    I just get a kick out of knocking off spammers from their ISP services and making them have to setup new accounts. These guys also get a full dose of spam choking Misdirects from some of the 100+ domains I manage for my web clients. Quick script and I choke up their harvesting S/W or redirect so called valid e-mail addresses to the FBI, congressmen accounts and spamcop. Nothing like sending their trash directly to those who want to read the crap.

  9. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Spyware Maker 180 Sues Spyware Distributors
    By HardwareGeek in forum Midnight Cafe'
    Replies: 4
    Last Post: August 18th, 2005, 01:20 PM
  2. CJ cookie is branded as a spyware by most anti-spyware
    By yourstruly in forum Commission Junction - CJ
    Replies: 15
    Last Post: March 20th, 2005, 10:10 PM
  3. Replies: 3
    Last Post: March 15th, 2005, 09:57 AM
  4. MS spyware tool identifies ebates as spyware
    By happypoon in forum eBates
    Replies: 7
    Last Post: January 8th, 2005, 10:37 AM
  5. Replies: 6
    Last Post: November 3rd, 2004, 05:43 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •