Results 1 to 15 of 15
  1. #1
    ABW Founder Haiko de Poel, Jr.'s Avatar
    Join Date
    January 18th, 2005
    Location
    New York
    Posts
    21,609
    Sneaky Toolbar Hijacks Browsers By Michelle Delio
    Story location: http://www.wired.com/news/infostruct...,57467,00.html

    02:00 AM Jan. 30, 2003 PT

    It's the most evil thing on the Internet, according to some of its victims. But it's not a virus, a scam or a raunchy porn site.

    It's a browser toolbar that some swear is doing "drive-by downloads" -- installing itself without users' permission -- then taking over their systems and making it impossible to uninstall.

    "When I find the bastards who programmed this thing I'd be happy to castrate them with a pair of dull pinking shears," fumed one of Xupiter's many unhappy victims in a newsgroup posting.

    Xupiter is an Internet Explorer toolbar program. Once active in a system, it periodically changes users' designated homepages to xupiter.com, redirects all searches to Xupiter's site, and blocks any attempts to restore the original browser settings.

    The program attempts to download updates each time an affected computer boots up, and has been blamed for causing system crashes. Several versions of Xupiter also appear to download other programs, such as gambling games, which later appear in pop-up windows.

    Some said that Xupiter has taken over their browsers.

    "Random words and characters now appear when I attempt to enter info on search sites or other forms. It's as if there's a ghost in my machine," New York resident Beth Vanesky said.

    Xupiter.com is registered to a company called Tempo Internet, in Gyongyos, Hungary. Calls and e-mails to Tempo were not returned.

    Xupiter offers an uninstall utility, but many said that it didn't work, and in some cases made things worse.

    "I ran the Xupiter Uninstall, and now every time I try to launch Explorer I get error messages saying 'Xupiter is not installed properly, please reinstall,'" said Manny Abrams of Chicago.

    Xupiter has spawned long message threads on some tech support sites, as users wrestle to reclaim their machines from the terrible toolbar.

    "When Xupiter first appeared, we spent a week trying to figure it out," said Mike Healan, of SpywareInfo. "There's a monstrous thread with over 26,000 page views where a couple dozen of us tested it until we figured what it did and how to deal with it."

    But Healan said that every time people sort out what Xupiter is doing, Xupiter's programmers tweak its code. It also appears that Xupiter may be selling its "service" to other websites.

    "About once every month or two this software starts hijacking people to a new site," Healan said. "And every time a new version comes out, it adds a different startup entry, uses a different method to change the search function and is basically a bigger pain to remove."

    Xupiter's site claims the toolbar isn't installed without express permission, but many insisted that they had not agreed to install the program.

    "Xupiter is the worst thing I've ever personally encountered on the Internet," said Ed Olexa. "You only realize that it has been installed when you start your browser and see that Xupiter's search page is now your homepage."

    Olexa had to manually edit his system registry to remove Xupiter.

    "Xupiter seems to have the ability to reinstall itself if each and every component is not removed," Olexa said. "Computer novices might never really get rid of it."

    Healan recommended Spybot Search & Destroy to eradicate the program.

    Healan said some installations probably occurred when people clicked "OK" in a pop-up box without really knowing what they had agreed to, or when they meant to close the pop-up window.

    Xupiter is also being bundled along with at least one peer-to-peer file-sharing program. And the toolbar will install itself automatically when Internet Explorer's security settings aren't set to the highest level.

    Haiko


    The secret of success is constancy of purpose. ~ Disraeli


  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    I've yet to hear on network come forth and say they don't think this is cleaver affiliate marketing. The wave of the future of in the pay-per-perfomance industry. Jumping into bed with BHO's might result in AIDS for the networks and merchants. The willful act to monitize these CyberTerrorists, devising more and more harmful browser takeover schemes, seems counter productive unless the networks enjoy pissing off the shoppers with trashed machines.

    Every install/uninstall routine needs to get the CoC one step un-install test before any BHO affiliate gets their next check. No simple un-install or any occurance of drive-by installs should automatically trigger suspension of commissions.

    Charlie ...

    If they won't adopt and feed a bird ..flip them one! Where's the love and show me the money?

  3. #3
    Member
    Join Date
    January 18th, 2005
    Location
    Cape Cod, MA
    Posts
    57
    quote:
    It's a browser toolbar that some swear is doing "drive-by downloads" -- installing itself without users' permission -- then taking over their systems and making it impossible to uninstall.


    It is absolutely a drive by install. At least thats what happened to me -- twice.

  4. #4
    ABW Ambassador flamingoworld's Avatar
    Join Date
    January 18th, 2005
    Posts
    5,208
    My daughter has gotten this several times. The only way we have been able to uninstall it is to go to their site and uninstall it from there.

    She also gets some Linux thing by driveby.

    Connie Berg
    www.flamingoworld.com


  5. #5
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    The BBC are running with it too.

    Andrew Clover's site gets a mention (again!) Cool stuff!

    ________
    Please leave my port 137 alone.

  6. #6
    Member
    Join Date
    January 18th, 2005
    Location
    Cape Cod, MA
    Posts
    57
    members.fortunecity.com/flowers/amazon/amazon.0.html

    is installing Xupiter with drive by

    Does any virus scanner or spyware utility prevent this drive by $hit?

  7. #7
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,916
    Isn't some vulnerability in IE required to do a driveby install? If so, why aren't you running with the latest updates? If not, how is this possible?

    ----
    -J
    Merchants: Do you realize that some of your affiliates are being paid commission on sales which you have paid for via PPC, offline advertising, and your targeted mailings?

  8. #8
    Member
    Join Date
    January 18th, 2005
    Location
    Cape Cod, MA
    Posts
    57
    Too bad someone can't make a script that installs something like adaware or other spyware remover via drive by that has it autorun on every reboot.

  9. #9
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Aluria Spyware Elimator can do that.

    ________
    Please leave my port 137 alone.

  10. #10
    Full Member
    Join Date
    January 18th, 2005
    Posts
    230
    Another reason to advise friends and people who you know that they should try alternative browsers like Opera, Netscape and K-Meleon. Spread the word that there are alternatives around - as far as I understand many of the scumware progs depend on IE being used, so the more people we convert away from IE the better.

    Battling through theifware, keep=no, out of stock items, deactivated merchants and the jungle of great merchants and bad apples to try to make a cent.

  11. #11
    Full Member
    Join Date
    January 18th, 2005
    Posts
    322
    I just thought of something reading futuresky’s comment. At one time, Opera would let people create a customized version of their browser and offer it as a download on their websites. I’ll see if I can find the bookmark for it. You could put in your own splash page, set the default homepage, set bookmarks. This could be a good way to build brand awareness (if people see your splash page every time they start the browser) and if BOHs don’t work in Opera, then our commissions would be safe.

    Jason
    “That’s the song I’ve been sangin for years, that’s the way the wild wind blows” – Robert Earl Keen

  12. #12
    Full Member
    Join Date
    January 18th, 2005
    Posts
    230
    I had briefy looked into creating a customized opera a while ago but never acted on it. There are some details at http://composer.opera.com/composer2/ From what I understand, I think you have to offer the download from your own site (or distribute it yourself by other means), so I don't know how much of a benefit it would be compared to the potential cost in bandwith. It's a nice idea for Opera to allow it though.

    Battling through theifware, keep=no, out of stock items, deactivated merchants and the jungle of great merchants and bad apples to try to make a cent.

  13. #13
    Night Owl Dragon Dame's Avatar
    Join Date
    January 18th, 2005
    Posts
    155
    Beware of Opera! I will have to locate the website again, but Opera is listed as a spyware program...along with Hotbar and many others. I don't know if they have changed their programming since the website was created, I will have to check. It supposedly transmits your browsing habits back to Opera corporate, where they disseminate the info for advertising (among other things). I tried Opera some time back, and I liked it...except for the spyware info!

    Carpe Noctem (Seize the Night)

  14. #14
    Night Owl Dragon Dame's Avatar
    Join Date
    January 18th, 2005
    Posts
    155
    Checked a new website. They list Opera 5.0 free download as "suspect", but say nothing about the new version. Maybe it is in the clear.



    Carpe Noctem (Seize the Night)

  15. #15
    ABW Veteran jc101's Avatar
    Join Date
    January 18th, 2005
    Location
    Santa Cruz, CA
    Posts
    4,597
    Opera is not a parasite or spyware. unless you customize it to redirect links, if you have the technology to do that!

    Jason
    Santa Cruz

  16. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Replies: 2
    Last Post: October 16th, 2011, 03:10 PM
  2. My findings for comet systems! hijacks trademarked terms
    By jc101 in forum Suspicious Activity!
    Replies: 5
    Last Post: May 8th, 2004, 04:48 PM
  3. more home page hijacks
    By JackC in forum Suspicious Activity!
    Replies: 0
    Last Post: June 30th, 2002, 07:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •