Results 1 to 11 of 11
  1. #1
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Exclamation Parasites Infecting Computers Through "Safe" Browsers
    http://www.vitalsecurity.org/2005/03...nfects-ie.html

    Full blown infestion via Firefox (and others) with IE NOT is use and locked down through restricted zones. The mechanism is Sun's Java instead of ActiveX.

    Where there's a will there's always a way..................

  2. #2
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    I've just run microsoft antispyware and I found these after only using firefox for the past 2 weeks. BTW all 3 of them were installed either yesterday or this morning as I run the M/S antispyware on the 9th around 12.00 noon and it was clean then.

    I do not have a clue as to where they come from or how they got on but they sure know how to bypass firefox's precautions.

    VX2.DLMax
    Type: Trojan
    Threat Level: Severe

    Cliks Adware
    Type: Adware
    Threat Level: Elevated

    EUniverse Updater
    Type: Browser Modifier
    Threat Level: High
    Author: eUniverse.com Inc./Intermix Media
    One day parasites and their ilk will be made illegal, I bet a few Lawyers will be pissed off when the day comes.
    Mr. Spitzer is fetching it nearer

    YouTrek

  3. #3
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Gordon are you using M$'s protection part of their application?

  4. #4
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    as far as I know Kelly yes, on the protection page it says
    3 agents are currently active
    internet agents (active 9 checkpoints)
    system agents (active 25 checkpoints)
    application agents (active 25 checkpoints)

    and when I mouse over them all 3 say active
    I am asuming I have it set up correctly. If I'm not mistaken I let the program set itself up so I would think it is all done as it should be.
    One day parasites and their ilk will be made illegal, I bet a few Lawyers will be pissed off when the day comes.
    Mr. Spitzer is fetching it nearer

    YouTrek

  5. #5
    Devil's Reject Electropulse's Avatar
    Join Date
    January 18th, 2005
    Posts
    987
    Angry New Firefox Spyware Threat...
    this is gonna be one heck of a year.

    http://www.vitalsecurity.org/2005/03...nfects-ie.html

    the usual suspects:

    Amongst the assortment was DyFuCA, Internet Optimizer, ISTsvc, Kapabout, sais (180 Solutions), SideFind, Avenue Media and something called djtopr1150.exe lurking in the Temp folder.

  6. #6
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    That's basically the same package of crap that was doing the rounds with the recent MSN Messenger virus.

    The vulnerability actually seems to be in the Sun Java VM engine rather than the browser.

    In my experience, sony lyrics sites are absolutely notorious for evil spyware downloads - this is just another one of those cases, but probably the worst abuse yet!
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  7. #7
    Roll Tide mobilebadboy's Avatar
    Join Date
    January 18th, 2005
    Location
    Mobile, Alabama
    Posts
    1,220

    Shawn Kerr (.com) | Disney World | SEC Football

  8. #8
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Merging threads.

  9. #9
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Yes, Moo it seems to be a Sun Java exploit. They are utlizing the Java for install vs ActiveX and bypassing ActiveX/browser use 'protections' folks may be using.

    Firefox isn't the only browser they can install this way through. Also Mozilla, Avant, and Netscape. Seems an install through Opera can also happen with certain settings.

    The guys behind the particular install in that article market themselves as an "Advertising Network" and a delivery outlet for adware installs. I would imagine that they are typical in the types of companies who provide this 'service' and you will see the actual software they install change from time to time with who their clients are.

    I think the point that the article was trying to make was don't assume your Windows system is safe from a non-bundled install because you are not using IE and are using one of the other browsers.

    @Gordon..it does sound like you have the protection running. Since you had stuff show up, I was curious as to whether M$ Antispyware protection feature protected since you are using Firefox (not IE) or if it would catch the stuff as they were actually installed on the computer. Sounds like for at least 3 apps it didn't.

  10. #10
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    And don't forget, according to 180 solutions, they won't disable these infected machines, even though once they realize who is doing it - because that would not be fair to the end user, that would be spyware... even though having these users contact them with search terms so they can show the correct ad is not spyware according to them - stopping the sending of the ads would somehow make it magically become spyware...

    So: ad != spyware, no ad = spyware.

    They admitted they had the means, they knew when these were happening who was doing it, yet they still used these wrongly infected machines to push their advertising.

    To quote 180
    http://forum.abestweb.com/showpost.p...5&postcount=61
    It is impossible for us to deactivate the software on a users computer, that would cause another whole "sypware" thread issue, but we do shutdown that distributor within our network. As I have said before, we provide a straightforward way for users to uninstall the software using conventional add/remove practices. If a user wishes to uninstall the software, then it is definitely their right to be able to do so.
    Remember, there would not be these kinds of viruses, if people like 180 solutions were not funding them. That is why this is important. If the money was cut off, this kind of trojan would not exist. Remind any 180 advertiser, no matter how they slice it, they are paying for viruses to infect machines.

    If you are infected by this, and have 180 solutions installed on your system. Please file a complaint with the FTC against 180 solutions. Also file a complaint with the BBB, while it will not do anything, any black mark that 180 deserves, they should get.

    Chet

  11. #11
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Anyone care to throw any Network wank spewing out praises of 180Solutions to Duper affiliates and merchants into Saddam's people Shreader?
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  12. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Replies: 25
    Last Post: September 20th, 2008, 11:08 AM
  2. Picking out a "safe" domain name
    By westgroup in forum Domains & Hosting
    Replies: 6
    Last Post: August 5th, 2005, 11:26 PM
  3. Replies: 2
    Last Post: July 29th, 2005, 01:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •