Results 1 to 14 of 14
  1. #1
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Registry Rape
    So I'm fishing for a particular app to put on the test computer and go to a known source for infestation. I got the one I wanted along with over 20 other ones also (literally).

    Then I'm working on cleaning the puter of all the other stuff I don't want while keeping what I do. I'm working through all my spyware removal apps. On one of the runs I find that one application has made 4,200 or 4,600 (can't remember the exact number now) enteries into my registry. Instead of having a data file for all their targets, they make each one an entry in the registry.

    My registry has definitely been raped. I know I heard it screaming "NO NO NO" during the whole install process of all those apps.

  2. #2
    Roll Tide mobilebadboy's Avatar
    Join Date
    January 18th, 2005
    Location
    Mobile, Alabama
    Posts
    1,220
    Care to share exactly what app did this?

    Shawn Kerr (.com) | Disney World | SEC Football

  3. #3
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    DesktopTraffic did all the regisry entries.

  4. #4
    Roll Tide mobilebadboy's Avatar
    Join Date
    January 18th, 2005
    Location
    Mobile, Alabama
    Posts
    1,220
    Thanks, was just curious.

    Shawn Kerr (.com) | Disney World | SEC Football

  5. #5
    Full Member
    Join Date
    January 18th, 2005
    Posts
    469
    Yeah, these folks are creating more and more registry entries. In Media Files That Spread Spyware, I pressed "Yes" in one popup (an exceptionally misleading one, see site for details) popup. Got a total of 58 new folders, 786 files, and 11,915 registry entries. 11,915 entries from one "Yes"? My poor (test) computer...

  6. #6
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    Ah yes, the world-writable windows registry file.

    If that ain't a huge security flaw, I don't know what is.

  7. #7
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Good work Ben as I sure waste lots of time removing these malware infestations from client and friends systems. Wish they all had the common sense to not get duped into these hidden download traps. Takes just one home guest or office visitor requesting to use the system to whack it. Great guest who automatically Googles some nifty freebee games -screens savers -AOL AIM for teen chats -Weather display, or some internet radio app on the hosts system. I wish I could bring myself to carry a phazer gun to zap the teen perp into unconsciousness before removing his/her butt from in front of the infested locked up system. Then remove the crapware in a few hours for free and just charge the adults an expensive fee for the smelling salts. Loved see Ben expose www.ProtectedMedia.com as a infestation culpret.

    We need to start a new Parasiteware forum for iSearch and their partners as these wanks have whacked multiple systems I worked on this last week with drive-bys. All had computer viruses bundled with the load of crap.

    http://www.dslreports.com/forum/rema...3617~mode=flat
    nifty article and comments on -"Silencing the Critics: ISearch/IDownload"



    Hi All:

    As we've seen in the past few months, companies whose software is frequently labeled "adware" or "spyware" are scrambling for cover. Some have tried to partner with anti-spyware firms. Others have tried to join industry consortiums in order to give themselves the air of legitimacy. Still others, though, have been quietly threatening anti-spyware vendors, web sites, and even individuals to get themselves removed from detections databases and to silence their critics on the internet.

    We now have yet another unfortunate example of this: CastleCops has just reported that it received a "cease & desist" letter from ISearch.com/IDownload.com. You can find Paul & Robin's report as well as the text of the letter here:

    »castlecops.com/article-5762-nested-0-0..

    ISearch and IDownload make a number of browser add-ons for Internet Explorer and Mozilla Firefox. You can read about two ISearch/IDownload variants at Andrew Clover's well-known and thoroughly researched doxdesk.com:

    ILookup (aka HotSearchBar)
    »www.doxdesk.com/parasite/ILookup.html

    Pugi (aka ISearch Toolbar)
    »www.doxdesk.com/parasite/Pugi.html

    Some of you might remember IDownload.com from the Windows Media adware fiasco back in January. As reported in this DSLR/BBR thread:

    »WMP Adware: A Case Study in Deception

    ...IDownload's HotSearchbar was caught using an incredibly deceptive ActiveX Security Warning box, claiming to be a "Required Media Player Version 9 Browser Update" (see 1st screenshot above) in order to exploit user confusion over the Windows Media license acquisition process, which very well might prompt bewildered users to consent to a legitimate Windows Media Player update from Microsoft itself.

    Complaints about ISearch/IDownload are rife on the Net, and a simple search of any of the major "anti-spyware" forums will turn up endless user complaints. One of the better and more revealing write-ups comes from Michael Malone, who published a long-ish article on his experiences with ISearch/IDownload's software back in May 2004:

    ABC News - The Search Tool That Ate My Computer
    »abcnews.go.com/Technology/SiliconInsid..

    The license agreement used with some ISearch/IDownload software is also of interest ( »toolbar.isearch.com/terms.html ):


    said by ISearch EULA:
    --------------------------------------------------------------------------------
    2. Functionality - Software delivers advertising and various information and promotional messages to your computer screen while you view Internet web pages. iSearch is able to provide you with Software free of charge as a result of your agreement to download and use Software, and accept the advertising and promotional messages it delivers.

    By installing the Software, you understand and agree that the Software may, without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to iSearch and/or it's partners, in the form of pop-up ads, pop-under ads, interstitials ads and various other ad formats, display links to and advertisements of related websites based on the information you view and the websites you visit; store non-personally identifiable statistics of the websites you have visited; redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search clients and toolbars, conveniently without your input or interaction; install desktop icons and installation files; install software from iSearch affiliates; and install Third Party Software.

    In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer.

    3. Privacy Policy - iSearch, during the delivery and your use of the Software, does not collect any personally identifiable information about you, such as your surname, address, telephone number or e-mail address, nor does iSearch require such information from you before downloading or installing the Software. However, to enable iSearch and/or it's partners to provide and operate its Software, iSearch and/or it's partners may collect certain types of non-personally identifiable information about individuals who install the Software. This information may include your Internet protocol (IP) address, your domain, your operating system, your browser version, type and language and your Internet Service Provider.

    Advertisements may be displayed of advertisers who pay a fee to iSearch and/or it's partners and you may be provided with and/or redirected to content of other parties and/or links to third party websites or content or offered the opportunity to download software from third party software vendors. iSearch and it's partners are not responsible for the privacy practices of such advertisers, content providers, third party software vendors or websites. iSearch encourages you to read the privacy policies of such advertisers, content providers, third party software vendors and websites.

    iSearch and/or it's partners may use invisible tracking or counting devices known as "web bugs" to register that a particular web page has been viewed and/or "cookies" or alphanumeric identifiers that iSearch and/or it's partners transfer to your computer's hard drive through your web browser to enable iSearch and/or it's partners systems to recognize your web browser.

    iSearch and/or it's partners may also collect and may use certain other types of non-personally identifiable information, including: certain of the web pages that you view, the amount of time that you spend on certain websites, your responses to ads served by iSearch and/or it's partners, certain software installed to your computer and software characteristics and preferences, non-personally identifiable information on web pages and forms, software usage characteristics and preferences, and your ZIP code. iSearch and/or it's partners may associate this information with a randomly-generated anonymous identifier for your computer and may use this information to enable the functionality of the Software, to periodically update the Software, to deliver and display ads served by iSearch and/or it's partners of advertisers who pay a fee to iSearch and/or it's partners, provide you with or redirect you to content or websites of such advertisers or other parties and offer you the opportunity to download software from third party vendors.

    iSearch and/or it's partners may share non-personally identifiable aggregate information about you with third parties, including advertisers.
    --------------------------------------------------------------------------------

    But, of course, IDownload is happy to certify their own software as "spyware free" (see second screenshot above) when you download programs that bundle their software.

    What ISearch/IDownload won't let you do apparently, is come to your own opinion and judgment and share them with others. If you dare to do so, you could find a "cease & desist" letter from their attorneys swiftly winging itself your way.

    Why should a company bother changing its business practices when it can simply silence critics of those practices with legal threats?

    Eric L. Howes

    I give this man some overdue credit as he, like Ben, follow the money trail right back to sleezebag corrupt networks and various merchant brands.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  8. #8
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Read the above article and then prepare to take a shower as you see the mating of computer viruses with Adware/spyware perps.

    ....."The file infecting AdWare saga continues

    Roel February 10, 2005 | 15:28 MSK

    We are currently seeing an increase in cases which involve file infecting AdWare.

    These new viruses are more sophisticated than the one we previously reported and append malicious code to Windows' explorer.exe. The viruses belong to the Virus.Win32.Bube family.

    For example, Virus.Win32.Bube.d downloads AdWare and Trojans, including: AdWare.ISearch.d, Trojan-Clicker.Win32.Agent.bn, Trojan.Win32.LowZones.ai and PornWare.Dialer.Salc.

    Disinfection in this case is tricky, as explorer.exe is an important Windows process. Additionally, the malware tries to prevent removal by disabling system restore, infecting the explorer.exe residing in %sysdir%\dllcache and lowering overall system security.......... http://www.dslreports.com/forum/rema...3617~mode=flat
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  9. #9
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Guess there's no interest in this anymore. Have we thrown in the towel?
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  10. #10
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    It's all ambulance at the bottom of the cliff stuff, Mike. You should be willing to admit that by now. We are practically powerless.

    Your buddy Bill has to spend some money on producing a rock solid OS with security built-in from the ground up. Once that happens, things will improve for affiliates. Until then, we're pissing on a wildfire.

    The best we can do is shame Microsoft into FIXING the problem.

  11. #11
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    $$$Bill Bill Gates has put his money where his mouth is on the subject of spyware/adware and their backdoor trojan virus buddies. Only the Adwhore crap gets through to his personal systems. Sure would be cheaper for him to just silently hire worldwide faceless assassins, and let word of mouth take over keeping the perps in check.

    Just checked 3 of my clients Net connected office systems for spyware/adware/virueses yesterday and all with Microsoft Anti-Spyware in place on auto-update were completely clean.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  12. #12
    Full Member TLE's Avatar
    Join Date
    January 21st, 2005
    Location
    Southern California
    Posts
    338
    Quote Originally Posted by ecomcity
    We need to start a new Parasiteware forum for iSearch and their partners as these wanks have whacked multiple systems I worked on this last week with drive-bys.

    In light of the recent coverage (slashdot and others) on iSearch's legal intimidation tactic, and the net's in-kind responses, Mike has a good suggestion with a new forum for iSearch.

    I would be specifically interested in knowing which merchants/networks are working with them.

    Regards,
    Tuan

  13. #13
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Maybe some CyberCrime units would post anomously some info into that one.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  14. #14
    Outsourced Program Manager Jorge - SHOPiMAR's Avatar
    Join Date
    January 18th, 2005
    Location
    Florida
    Posts
    3,550
    DO NOT CLICK

    this guy needs IP Ban

    shalam, say bye!

    Last edited by Kellie aka Ms. B; March 7th, 2005 at 07:46 AM. Reason: Removed quote of spam so no backlinks

  15. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. The BedBug Registry
    By Rhia7 in forum Virtual Family and Off-Topic
    Replies: 0
    Last Post: May 4th, 2010, 09:43 PM
  2. Date Rape Drug Found in Popular Children's Toy
    By Rhia7 in forum Virtual Family and Off-Topic
    Replies: 8
    Last Post: November 10th, 2007, 01:24 PM
  3. The Duke University Rape Case
    By UncleScooter in forum Virtual Family and Off-Topic
    Replies: 11
    Last Post: June 18th, 2007, 09:46 AM
  4. Rape Videos $29.95 A Month
    By Neil in forum Midnight Cafe'
    Replies: 6
    Last Post: May 19th, 2005, 09:46 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •