Results 1 to 14 of 14
  1. #1
    Outsourced Program Manager Chris -  AMWSO's Avatar
    Join Date
    January 18th, 2005
    Location
    Bangkok
    Posts
    11,273
    Hi All

    It's cool sometimes to fall victim to crap like this, our test PC which is behind no firewall or proxy managed to get the SearchSpeedy.com thing installed on it.... no idea how though...was it a drive by, did it piggy back on another BHO...does anyone know? Feedback appreciated.

    Bloody Scum.

    Thanks

    Chris
    Affiliate Marketing by AMWSO. Skype - chrissanderson ::: TEL 1-720-336-1784 ::: www.amwso.net
    Join our affiliate programs :Vaper Empire, Iolo, Art of Tea, or See ALL our Programs here

  2. #2
    Member Speedy's Avatar
    Join Date
    January 18th, 2005
    Location
    Lancashire UK
    Posts
    165
    Hi Chris,
    Its no good searching me how it got there

    If you never downloaded it, it might have been bundled in with some other software recently loaded. Either that or you have someone sneaking a quick go on the PC without you knowing and unwittingly downloaded it!
    --------------------------------------------------
    Life at the top is hard,
    But life at the bottom is harder ....

  3. #3
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Probably got it from one of your sleezebag affiliates Chris. They have an affiliate program and their PPCSE search box and drive-by or bundled download BHO might have been on an affiliates page you were reviewing.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  4. #4
    Outsourced Program Manager Chris -  AMWSO's Avatar
    Join Date
    January 18th, 2005
    Location
    Bangkok
    Posts
    11,273
    Hi All

    Well it came with one of the following

    180
    Ebates
    GRS
    BuyersPort
    Drive by (I doubt the later as we've not been going to many sites on the test machine)

    Take your pick.

    Anyway they are in clear violation of COC and the Browser Bill of Rights.

    Cheers

    Chris
    Affiliate Marketing by AMWSO. Skype - chrissanderson ::: TEL 1-720-336-1784 ::: www.amwso.net
    Join our affiliate programs :Vaper Empire, Iolo, Art of Tea, or See ALL our Programs here

  5. #5
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    So basically the master theftware folks are cutting side deals with the smaller weasels to use their backdoor for splitting some additional revenue like the Mofia does.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  6. #6
    Outsourced Program Manager Chris -  AMWSO's Avatar
    Join Date
    January 18th, 2005
    Location
    Bangkok
    Posts
    11,273
    Further, Speedy is owned by payfront.com and related to donia.com who mailed to ask why they had been removed....

    However I still have found nothing on how it gets installed. total black hole.....

  7. #7
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    Besides this fun one I found.
    http://www3.ca.com/threatinfo/virusi....aspx?id=36651

    There is a current bug in IE that no patch currently exists.
    http://www.internetnews.com/dev-news...le.php/3338461

    This escalation of install (i just got nailed as well), is hopefully going to be what breaks their backs. This is ludicrous. Even after clearing this crap off (it shows nowhere on my uninstall options), my browser is still sluggish as all hell.

    Chet

  8. #8
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Hi Chris,

    If you still have have the install files for the ones you listed above, feel free to forward them to me and I'll take a look.

  9. #9
    Outsourced Program Manager Chris -  AMWSO's Avatar
    Join Date
    January 18th, 2005
    Location
    Bangkok
    Posts
    11,273
    Thanks Ms B I'll do that as soon as I get back to work...

    Chet, that is a very interesting article, and would be wide open to the kind of stuff I've seen with search speedy!!

    I'll check the registry entries when I get back to work... then I have to wonder how it got infected, no email on he test PC....

    ah never mind "Microsoft Virtual machine does not correctly check for the presence of certain malformed code when a Java applet is loaded."

    No email required....nasty...

    Ms B let me check Chet's idea first, I think he's on to it!

    Cheers

    Chris

  10. #10
    Outsourced Program Manager Chris -  AMWSO's Avatar
    Join Date
    January 18th, 2005
    Location
    Bangkok
    Posts
    11,273
    Ms B you saw his site yes, didn't he have an animation Java/flash of some kind at the foot of the page before or am i getting my sites mixed up!

  11. #11
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Chris,

    You didn't send me any documentation on what you saw (ie ss or video). From what you described, it sounded like the website you got the activex prompt for was just running ads through whatever para was generating the actual pop up. You already had the extra junk on the test box when you got the activex prompt in the pop. The activex prompt was from a flash movie they had on the home page. Flash requires activex to run.

    That site btw, was partner2profit.com. I was a thread around here recently where they had made a drive by post hyping their affiliate program. Shame they haven't come back.

  12. #12
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,269
    Kind related question in reaction to Chris's first post - say you have three parasites installed that all overwrite cookies.... who gets the sale?!

  13. #13
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    This guy....

    Registrant:
    Performance Marketing Group, LLC
    (DOM-168236)
    6060 Center Drive, 3rd Floor Los Angeles
    CA
    90045 US

    Domain Name: partner2profit.com

    Registrar Name: Alldomains.com
    Registrar Whois: whois.alldomains.com
    Registrar Homepage: http://www.alldomains.com

    Administrative Contact:
    - -
    (NIC-1292463)
    Performance Marketing Group, LLC
    6060 Center Drive, 3rd Floor Los Angeles
    CA
    90045 US
    lparker@euniverse.com +1.3102582750 Fax- +1.3102582758


    The goal of any BHO is infection and re-infestation. Making an e-mail or webpage capable of opening a backdoor to a victims system is devised by the same wanks who write viruses. Once the backdoor is enabled then the BHO's all lineup to capture the endusers system and turn it into a captive Ad machine and privacy info scraper.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  14. #14
    ABW Ambassador buy_online's Avatar
    Join Date
    January 18th, 2005
    Location
    Richmond, VA
    Posts
    3,234
    Chris,

    I would love to know what they had to say, when you told them about the connection.

    I am also an ice-hockey referee. It never ceases to amaze me when I call a penalty on someone who just couldn't be more guilty. Then they have the guts to say in their most sincere and sorry voice "I didn't do anything wrong - it wasn't me!"

    Some just don't get it.

    Fred

  15. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Do you have the alexa toolbar installed
    By ReallyBigGuy in forum Midnight Cafe'
    Replies: 31
    Last Post: November 28th, 2007, 09:07 AM
  2. LWP::UserAgent is not installed
    By TE in forum Cusimano.com Scripts
    Replies: 6
    Last Post: February 18th, 2003, 06:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •