Results 1 to 2 of 2
  1. #1
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Parasites -spywarez -Adwarez programs all discussed at the Lavasoft site that detects and removes the buggers.

    Interesting side note on Trojan horse scams thta use the most popular sought after gaming items. ( Gamers just don't care if it's free)..
    "A new fraud by Internet scam artists attempts to tap into video game aficionados' burning desire to play Microsoft Xbox games on their personal computers.
    An "Xbox emulator" currently being offered for free on the Web is actually a Trojan horse designed to covertly rack up money for its authors using pay-for-click and other schemes, malicious code experts said.


    Link: http://www.lavasoft.nu/cgi-bin/forums/ikonboard.cgi




    Instead of enabling users to run popular Xbox games such as "Halo" on their PCs, executing the fake emulator's installation program, "EMU_xbox.exe", merely produces error messages.

    All that's installed on the victim's PC is a "back door" program called "NetBUIE.exe", which silently attempts to contact numerous remote servers, including four operated by Microsoft and two by online advertising network DoubleClick, according to a preliminary analysis by TruSecure Corporation.

    "It's obviously greyware or scaliwag-ware of some sort," said Roger Thompson, director of malicious code research for TruSecure.

    According to Thompson, the program may generate revenues for its creators by tallying up ad impressions and click-throughs at some of the remote Web sites.

    According to a counter service used by the back-door program at Microsoft's Bcentral.com site, NetBUIE has contacted the Fastcounter site nearly 4 million times.

    The fraudulent program appears to draw its name from NetBEUI, which is spelled differently and stands for NetBios Enhanced User Interface, a standard Windows networking protocol.

    In a further effort to prevent infected users from detecting or uninstalling the back door, the authors of NetBUIE.exe gave the program's file attributes an air of legitimacy. When viewed using the Windows "file properties" feature, the program shows a Microsoft copyright notice and is described as a "Network Connection Verification Utility."

    Nearly 30,000 people have visited the bogus emulator's download site since mid-April, according to a counter linked from the site. The phony program was the first item listed at Google.com today in a search on the phrase "Xbox emulator."

    One Internet news group user bit by the backdoor program said his firewall reported attempts to access MSN.com, leading him to speculate that NetBUIE.exe was created by Microsoft to monitor users who attempt to avoid paying $299 for its Xbox video game system.

    When asked to examine NetBUIE.exe today, Microsoft's Security Response Center confirmed that the program is not a Microsoft product.

    No program by the name NetBUIE.exe or identified as "Network Connection Verification Utility" was currently available at Microsoft's site.

    Launched in November, 2001, Microsoft's Xbox console is based on a PC-like architecture, yet no functioning Xbox emulators currently exist, according to Gerard Krijgsman, the operator of a site called The Emulator Zone.

    "If any Web site claims to offer a working Xbox emulator for download, it is 99.99% likely to be fake," said Krijgsman.

    However, as Krijgsman recently wrote in a notice at his site, "people do want (Xbox emulators). This need creates a dangerous symptom: the fake emulator."

    NetBUIE.exe is not the first such bogus emulator to hit the Internet. In January, a phony PC-based Xbox program was posted to the Web under the name "xBoX-Emulator.0.35.zip" and was featured on the Slashdot technology discussion site.

    According to the earlier program's author, who calls himself "Linar," xBoX-Emulator consisted only of dummy screen shots and was designed to show how gullible Internet users are and how fast rumors travel in cyberspace.

    Linar told Newsbytes that the original program did not contain any malicious code, but that copies available from mirror sites may have been "Trojaned."

    A January bulletin from Symantec warned of malicious code, which it named Trojan.Badcon, being distributed "as a valid program, such as X-Box emulation software." According to the anti-virus software firm, Trojan.Badcon was designed to exploit a known flaw in Microsoft's Windows 95 and Windows 98 operating systems, causing them to crash and require a restart.

    So far today, anti-virus software sites did not yet appear to have descriptions of the NetBUIE.exe Trojan horse...Newsbytes artical.

  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Inquiring minds want to know the answer. When the parasite/scumwarez redirects of our visitors clicks go through their servers to change/set cookies for participating merchants are they set to 365 return days. These same merchants often allow us only 1 day cookies but the Hijackers get 365 days therefore they also monitize shoppers who bookmark the pages. If this is so then the only way we'll ever get a sale from any of the merchants who signup for these Interloper services ..ie. Gator ShopNow/Whenu- Morpheus etc etc is if thta shopper returns to our site ..clicks on our link..and ignors the hijackers new message.

  3. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Hello to a great forum
    By SDPub in forum Introduce Yourself
    Replies: 3
    Last Post: November 19th, 2009, 09:32 PM
  2. This forum is great!
    By bibby in forum Introduce Yourself
    Replies: 11
    Last Post: November 7th, 2007, 01:05 PM
  3. adaware?
    By oscar in forum Blocking Tips/Advice/scripts
    Replies: 3
    Last Post: October 21st, 2003, 06:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •