Forgot your password?
typodupeerror
Privacy Internet Explorer Operating Systems Software Windows The Internet Security Spam

How Much Harm Can One Web Site Do? 501

Posted by timothy
from the depends-on-what-os-you're-running dept.
Ben Edelman has written extensively on issues including censorship and spyware. He's got a very interesting piece on his site now about who profits from spyware, and how much spyware can be installed on a Windows XP machine when the user simply visits a single Web site using Internet Explorer.
This discussion has been archived. No new comments can be posted.

How Much Harm Can One Web Site Do?

Comments Filter:
  • not much... (Score:5, Informative)

    by domenic v1.0 (610623) on Wednesday November 24, 2004 @02:03PM (#10910620)
    if you use another browser like Firefox?
    • Re:not much... (Score:4, Informative)

      by Moridineas (213502) on Wednesday November 24, 2004 @02:05PM (#10910636) Journal
      not much, if you are decently patched (he mentions at the very end the exploit installs don't work if you are running SP2)
      • Re:not much... (Score:3, Informative)

        by narcc (412956)
        Not all of us can run SP2 -- It just breaks too many things.
        • Re:not much... (Score:5, Informative)

          by sadler121 (735320) <msadler@gmail.com> on Wednesday November 24, 2004 @03:46PM (#10911629) Homepage
          Not all of us can run SP2 -- It just breaks too many things.

          I'm running SP2 and nothing has broken thus far. Normally when people complain about SP2 breaking stuff (like a game that will not play online after patching to SP2) it has to do with the upgraded firewall. Tweaking the firewall is all that is needed to get your game (and 9 times out of 10 X app)running agian.

          All in all, I think Microsoft did a good job with SP2. The security center is something that should have been in the control panel to begin with. Its good to have some centralized location.

          But yeah, SP2 fixed a lot of things in Windows and it really didn't *break* things, it just tighten some bolts that then required the user to go and loosen what he/she wanted to use. (instead of leaving the whole damn computer open)
          • Re:not much... (Score:3, Informative)

            by crawling_chaos (23007)
            Um, Microsoft's own CRM program breaks under SP2 as does at least one version of Great Plains Dynamics. There are registry hacks that re-enable the software, but they undo some of the protections provided by SP2.

            That said, we'll be going to SP2 where I work when all of the testing is finished, but there are non-game business critical software packages that do break under SP2. I recommend it for home users, but I'm far more hesitant in the business environment, particularly if some custom or very old softwa

          • No, it decidedly does NOT have to do with the firewall.

            I work as 2nd level UNIX support for a major telco. Our sister team that handles the Windows boxes did tests on a wide variety of systems (and these are all Dells - not noname grayboxes). At least one third died with the installation of SP2. Not "couldn't run a given game or app", but "went
            apeshit on reboot".

            Keep in mind this was not Joe Average installing SP2. These were very capable, highly skilled people, who know what they're doing, and it sti
      • Re:not much... (Score:5, Informative)

        by deaddeng (63515) on Wednesday November 24, 2004 @04:24PM (#10912083) Homepage
        There are at least two other IE exploits out there that MS has not patched, and SP2 won't protect you. see: http://isc.sans.org/diary.php?date=2004-11-20 [sans.org] Quote: Two More IE Vulnerabilities Exploit code has been released for two more Internet Explorer vulnerabilities that were released on Wednesday (Nov. 17). This code would enable an attacker to trick users into executing malware. These vulnerabilities affect Microsoft Internet Explorer 6.0 SP2 and are not prevented by Windows XP SP2. The original advisory is here: http://secunia.com/advisories/13203/ [secunia.com] The proof of concept exploit: http://www.k-otik.com/exploits/2041119.IESP2disclo sure.php [k-otik.com] While on the topic, it is interesting to note some statistics that Secunia has been compiling about Internet Explorer vulnerabilities: IE 5.01 - 42 advisories (7 unpatched) http://secunia.com/product/9/ [secunia.com] IE 5.5 - 55 advisories (8 unpatched) http://secunia.com/product/10/ [secunia.com] IE 6.0 - 69 advisories (18 unpatched) http://secunia.com/product/11/ [secunia.com] If you still think SP2 has mystical properties: http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatch ed/ [safecenter.net]
    • Re:not much... (Score:2, Insightful)

      by davesplace1 (729794)
      You would think Microsoft would at least fix AvitiveX for starters. One of the many reasons to run, don't walk to install Firefox.
  • by Anonymous Coward on Wednesday November 24, 2004 @02:03PM (#10910621)
    Well, if it's Slashdot, it can leave your server a smoldering wreck.
  • So is that link implying that visiting benedelman.org to read the website can install tons of spyware? Good thing I didn't RTFA.
  • by Anonymous Coward on Wednesday November 24, 2004 @02:05PM (#10910646)
    From the site.

    I've written before about unwanted software installed on users' computers via security holes. For example, in July I mentioned that 180solutions software was being installed through Internet Explorer vulnerabilities. (See also 1, 2, 3) More recently, researchers Andrew Clover and Eric Howes (among others: 1, 2) have described increasing amounts of unwanted software being installed through security holes.


    How bad is this problem? How much junk can get installed on a user's PC by merely visiting a single site? I set out to see for myself -- by visiting a single web page taking advantage of a security hole (in an ordinary fresh copy of Windows XP), and by recording what programs that site caused to be installed on my PC. In the course of my testing, my test PC was brought to a virtual stand-still -- with at least 16 distinct programs installed. I was not shown licenses or other installation prompts for any of these programs, and I certainly didn't consent to their installation on my PC.

    In my testing, at least the following programs were installed through the security hole exploit: 180solutions, BlazeFind, BookedSpace, CashBack by BargainBuddy, ClickSpring, CoolWebSearch, DyFuca, Hoost, IBIS Toolbar, ISTbar, Power Scan, SideFind, TIB Browser, WebRebates (a TopMoxie distributor), WinAD, and WindUpdates. (All programs are as detected by Ad-Aware.)

    See a video of the installations (WindowsMedia format, view in full screen mode when prompted). The partial screen-shot at left shows some of the new directories created by the security exploit.

    Other symptoms of the infection included unwanted toolbars, new desktop icons (including sexually-explicit icons), replacement desktop wallpaper ("warning! you're in danger! all you do with computer is stored forever in your hard disk ... still there and could broke your life!" (s.i.c.)), extra popup ads, nonstandard error pages upon host-not-found and page-not-found error conditions, unrequested additions to my HOSTS file, a new browser home page, and sites added to my browser's Trusted Sites zone.

    I've been running similar tests on a daily basis for some time. Not shown in the video and screen-shot above, but installed in some of my other tests: Ebates Moe Money Maker, EliteToolBar, XXXtoolbar, and Your Site Bar.

    Installation of 180solutions software through security holes is particularly notable because 180 specifically denies that such installations occur. 180's "privacy pledge" claims that 180 software is "permission based" and is "programs are only downloaded with user consent and opt-in." These claims are false as to the installation occuring in the video linked above, and as to other installations I have personally observed. Furthermore, 180's separate claim of "no hiding" is false when 180 software is installed into nonstandard directories (i.e. into C:\Windows rather than a designated folder within Program Files) and when 180 software is installed with a nonstandard name (i.e. sais.exe) rather than a name pertaining to 180's corporate name or product names.

    What's particularly remarkable about these exploits is that the bad actors here aren't working for free. Quite the contrary, they're clearly expecting payment from the makers of the software installed, payments usually calculated on a per-install basis. (For example, see a 2003 message from 180solutions staff offering $0.07 per installation.) By reviewing my network logs, I can see the specific "partner" IDs associated with the installations. If the installers want to get paid, they must have provided accurate payment details (address, bank account number, etc.) to the makers of the programs listed above. So it should be unusually straightforward to track down who's behind the exploits -- just follow the money trail. I'm working on passing on this information to suitable authorities.

    Note that the latest version of Internet Explorer, as patched by Windows XP Service Pack 2, is not vulnerable to the installations shown in my video and discussed above.
    • by Hatta (162192) on Wednesday November 24, 2004 @02:40PM (#10911021) Journal
      How bad is this problem? How much junk can get installed on a user's PC by merely visiting a single site?

      If you can install 1 piece of spyware you can install 1000 or 1000000. Once you're pwned you're pwned, "how much" is entirely irrelevant.
    • So it should be unusually straightforward to track down who's behind the exploits -- just follow the money trail

      I've been saying this for years about spam, corporate fraud, political corruption, and any number of unwanted irritations in society. No one's ever going to follow the money trail. The money trail is good for the economy. Attempting to hamper business by restricting the money trail makes you a terrorist... yadda yadda yadda.

      It's amazing. Get a room full of politicians and ask,"Which one of
  • Umm... (Score:5, Funny)

    by telstar (236404) on Wednesday November 24, 2004 @02:06PM (#10910654)
    Am I supposed to click that link? Finally, we've found the antidote to slashdotting!
    • Re:Umm... (Score:5, Insightful)

      by Zoop (59907) on Wednesday November 24, 2004 @02:24PM (#10910847)
      Well, he has writing abilities that would fit right in here:

      ("warning! you're in danger! all you do with computer is stored forever in your hard disk ... still there and could broke your life!" (s.i.c.))

      OK, if you're going to make fun of someone's English, don't turn the Latin word sic into an acronym. Super Intelligent Comment? Sick Internet Creep? Silly Immature Cretin? Sadly Impoverished Credibility?
  • Windows XP? (Score:5, Funny)

    by cyfer2000 (548592) on Wednesday November 24, 2004 @02:07PM (#10910665) Journal

    how much spyware can be installed on a Windows XP machine when the user simply visits a single Web site using Internet Explorer.

    Am I safe if I am on a win2k machine?

  • by lxt (724570) on Wednesday November 24, 2004 @02:07PM (#10910666) Journal
    I did (for once...) read the article, but didn't download the video my question might be answered in that (although if it is only answered in the video, that's pretty stupid - I'm sure many people can't view it, and it's WMV, so I wouldn't actually want to...) but does he actually say what the website visited was?

    I mean, I'm guessing most people would visit a reputable search engine, or the default MSN page when they first installed Windows and opened up IE, instead of what I'm guessing must be a fairly dodgy site in order to install so much spyware.

    That's not to discredit what he's done - I'm sure novice users would easily get onto these sort of spyware laden pages by mistake pretty quickly...I'm just interested, that's all.
    • Here's what he types into the browser:
      http://xpire.info/fa/?d=get [xpire.info] Entering this in Mozilla 1.8a4 gives me an authentication dialog. Hitting Cancel pops up a Moz file save dialog for a file containing an authentication error message.
    • by crimoid (27373) on Wednesday November 24, 2004 @02:22PM (#10910821)
      He used xpire.info/fa?d=get which then redirects to a series of other pages on the same site, eventually landing at www.sp2fucked.biz/user28/2DimensionOfExploitsEnc.p hp which in turn prompts him with an error and a dialoge box asking if he wants to continue executing scripts, to which he clicks "yes" after which all hell breaks loose.
    • The video (for me) was oddly enough an upside-down and backwards screencapture movie of his desktop. I couldn't tell the site URL- the resolution wasn't good enough- but I can tell you that there's b00bies in the popups in the movie, so don't go forwarding this link to your boss just yet ;)
    • I'm sure many people can't view it

      Your right. If you did download the video you likely would not have been able to play it. It uses a non-standard codec and every player I have, including MS Media Player for Mac, could not play it...

    • by bedelman (42523)
      Howdy folks. Sorry to take so long to respond -- was in airports and planes all afternoon. Day before Thanksgiving...

      Browsing to the site I showed in my video is one way to get infected. But that's not the most typical infection method. Instead, other sites can and do point to this site (and other similar sites), typically via IFRAMES. I was recently looking at a post in a web-based threaded messaging site, which used a 1x1 pixel IFRAME (basically, hidden) to reference the site shown in my video. Whe
  • And get no spyware at all.
    • The reason Mac OSX and Linux are immune to spyware isn't because it's a superior operating system.

      It's because there's no money in it. Someone is getting paid to bombard you with spyware installations. They want to hit as many workstations as possible. And that means aiming for Windows users.

      Your post suggests everyone should use OS X or Linux. The day Windows looses majority share of the desktop market is the day spyware and viruses will start to pop up on your OS X and Linux workstations.

      The sol

      • by gmuslera (3436) on Wednesday November 24, 2004 @02:36PM (#10910977) Homepage Journal
        They are not "immune", but at the very least is a lot harder to install spyware/virus/etc, and the no-monoculture effect helps too.

        The main defense is their structural strenght, i.e. being thinked from the basis as multiuser, where you have very separated the system admin (the one that have some permission over i.e. what programs are installed) over the user that browses internet.

        And dont forget that here the blame goes both for the operating system author (Microsoft) and the browser author (Microsoft again), both good examples of what happens when security is the least priority.

      • by sulli (195030) *
        The solution isn't to get rid of windows.

        Really?

        It's to .. fortify the OS against spyware and viruses by closing security holes

        Sounds just like getting rid of Windows, or at least IE and ActiveX. Every IE / Windows patch just makes things worse.

    • by CdBee (742846) on Wednesday November 24, 2004 @02:25PM (#10910866)
      Maybe that's why 6% of iPod users want to buy Macs. Nothing to do with iTunes, iPods and OSX, they just want to be free of pop-up ads.....
    • Oh, yeah?

      One word:

      Spector [spectorsoft.com]
  • And one link to a video of the latest cool tech stuff.

    Nuff said.
  • by Sensible Clod (771142) <[ten.retrahc] [ta] [7-cd]> on Wednesday November 24, 2004 @02:08PM (#10910684) Homepage
    Certain .cx sites are all the evidence needed. I rest my case.
  • by RiscIt (95258) on Wednesday November 24, 2004 @02:10PM (#10910707) Homepage Journal
    I LOVE the headline

    Apparently we're forgetting the word "slashdot" as a verb.
  • No surpises here. (Score:5, Insightful)

    by RatBastard (949) on Wednesday November 24, 2004 @02:11PM (#10910716) Homepage
    None of this is a surprise to me. I've been dealing with this crap at work for years now. Spyware is teh single biggest headache the ITS department I work for has to deal with. We spend more time cleaning spyware out than viruses. XP Service Pack 2 has helped a lot, and so has encourgaing the use of FireFox, however, at least 55% of our systems still run Windows 2000 and a lot of the resources we need to access online only work in IE.
  • s.i.c. (Score:5, Funny)

    by Anonymous Coward on Wednesday November 24, 2004 @02:12PM (#10910727)
    From TFA:

    "warning! you're in danger! all you do with computer is stored forever in your hard disk ... still there and could broke your life!" (s.i.c.)

    Anyone else find the improper spelling of "sic" (used by an editor to mark improper spelling or usage in a quoted piece of text) to be humorous, or is it just me?
    • Me, but then I'm the sort of person who likes to use semicolons when writing English; I find that the semicolon is a fun way to join two related sentences without using a period.

      Perhaps we should club together and buy the author of this little article a copy of Eats, Shoots and Leaves [amazon.com].

      John.
    • Re:s.i.c. (Score:4, Funny)

      by tsg (262138) on Wednesday November 24, 2004 @05:50PM (#10912992)
      Do you lie awake at night wondering if anal retentive is hyphenated?
  • if you mean damage as in "the server got slashdotted", of psychological damage as in "someone told me to go to this goatse site" (or tubgirl, lemonparty etc), or FUD as in "this microsoft site says linux TCO is higher"...

    Oooooh you mean by spyware. Sorry, I use Safari, and Konqueror or Netscape when I'm on Linux.
  • by mc6809e (214243) on Wednesday November 24, 2004 @02:18PM (#10910782)
    A site that willfully becomes a source of trojans, exploits, and malware deserves to have all it's packets blocked at a high level or black holed.

    Why can't this be done?

    Just cut them off entirely.

    The big players need to get together on this.
    • A site that willfully becomes a source of trojans, exploits, and malware deserves to have all it's packets blocked at a high level or black holed.

      No way - that is a slippery slope. I don't wany any of the internet censored from me [google.com], thank you very much.

      Even aside from that, it is a fairly complicated problem. Say SiteA is a source of trojans... what happens if they clean up their act and go legit? Is there a time limit that they are blacklisted for? Who decides what qualifies a site for blacklisting an
  • Not impressed (Score:4, Insightful)

    by digrieze (519725) on Wednesday November 24, 2004 @02:19PM (#10910785)
    Okay, let's see, this guy loads up an OS ("fresh", as he writes) that has been targeted by the net scum since it came out, so we know it's vulnerable to every exploit designed for it. Goes to a troll site for 180 and then complains about how awful it is when during installation/first net logon he should have gone straight into the patching process that would have prevented it (in other words, he had to cancel critical patching out intentionally).

    This is akin to throwing matches at a tub of gasoline and writing an expose' when it catches fire. Either this guy had too little to write about, had too much time on his hands, or had to win a bet and is trying to slip this one by someone.

    Even he admitted his lousy methodology in his last sentence.

    This isn't news. It's just a bone thrown out to keep the resident "gotta flame microsofties" happy with a fix for the day.

    • Re:Not impressed (Score:2, Insightful)

      by Yankel (770174)
      I think that says something about Microsoft's installation process.

      My last Linux install included an automatic upgrade of the latest packages that had been upgraded for security reasons - even before X was started for the first time.

      How are the first round of patches applied when you install XP? My guess is after you finish the installation, you must:

      1. Start Windows Updater

      Which, I imagine is where we lose pretty much everybody because:

      a) users just want to get going already - not install secuirty pat
    • by Old Man Kensey (5209) on Wednesday November 24, 2004 @02:53PM (#10911130) Homepage
      The first point, which we all know, is that Windows sucks. However, his main point has nothing to do with the vulnerabilities per se, and everything to do with the culpability of the sites and software authors that knowingly use security holes to install these programs without notice to or consent from the user, and in fact make it as hard as possible to detect them and remove them because they know full well their business depends on keeping the software there by any means necessary, ethical or not.

      If I leave my door unlocked, I'm an idiot, but if you then walk in and steal my TV while I'm gone and sell it at the local pawnshop you're still just as much a criminal as if you smashed a steel door in with an APC: an unlocked door is not in itself an invitation to enter and make oneself at home. The same principle applies here: the sites and software authors are not the legitimate businesspeople they try to convince everyone they are.

    • Re:Not impressed (Score:4, Insightful)

      by Sabalon (1684) on Wednesday November 24, 2004 @04:03PM (#10911846)
      And that would be great - yet tomorrow at thanksgiving I'll be doing god knows what to my aunts computer that is probably infected 200 ways. She doesnt' know about patching, is on a dial-up and downloading a 10-20MB patch from MS is not something she is likely to do.

      Basically, the guy was loading and emulating what is probably 80% of the internet users out there (think AOLers :)
  • Gnome + spyware? (Score:4, Interesting)

    by k4_pacific (736911) <k4_pacific @ y a hoo.com> on Wednesday November 24, 2004 @02:23PM (#10910838) Homepage Journal
    Particularly amusing was that the article mentioned a proposal to bundle spyware into Gnome 2.0 [gnome.org]. I bet that went over like a strip club in the Vatican.
  • For the most part it is the companies making the spyware that get to sell ads to the people it infects and the website publishers that promote "pay to install" affiliate programs.
  • I'd like to know if anyone has heard success stories of legal action against these companies. Forget about targeting Microsoft or their browser holes, forget about using the "right" browser. My mom doesn't understand why I make her click on the red globe icon instead of the blue E.

    I've heard of spammer suits in small claims court being won thanks to the fax abuse law. Has anything similar been done with spyware? If infection and installation can occur and cripple a machine without user permission...req
    • My mom doesn't understand why I make her click on the red globe icon instead of the blue E.

      You can resort to the old standby of car analogies.

      The red globe is a nice new car. The blue E looks like a nice new car but there's a bomb under the hood that has a percentage chance of exploding and messing up your computer whenever you use it.

      So obviously, use it ONLY if absolutely necessary.
      • My mom doesn't understand why I make her click on the red globe icon instead of the blue E.

        You can resort to the old standby of car analogies.


        Or you can just point the blue E to the red globe's exe file and she'll never know the difference :)

        -matt
  • Rhetorical? (Score:4, Funny)

    by zx75 (304335) on Wednesday November 24, 2004 @02:30PM (#10910903) Homepage
    How much harm can one website do? This is slashdot. We blow up poor people's servers for fun!
  • to let a bucket of water run empty?

    Answer: only 1

    Wherever you place the line in defining a 'compromised system', truth is: once defined, anything that crosses the definition, means breakage, and once broken, a single or a dozen occurences is just more of the same.
    As a user, I regard my system to fail when:

    • It fails to provide a function I expect it to provide, like when it hangs, or program calculates incorrect results
    • Info I expect to remain on my system, leaks out unintentionally

    From that view,

  • by Swamii (594522) on Wednesday November 24, 2004 @02:33PM (#10910943) Homepage
    I RTFA, and hidden away deep in the article, we find this gem:

    Note that the latest version of Internet Explorer, as patched by Windows XP Service Pack 2, is not vulnerable to the installations shown...

    In other words, he's running all this on an unpatched XP machine.

    Now, before the Slashdot horde stabs me repeatedly with a big sharp knife for being a Microsoft apologist, consider this situation. I've got an old version of Firefox with a few exploits in it. I report the exploit, and the response I get is that these exploits are already patched. Yet I decide to write a story about the horrific exploits, post it to Slashdot, and stir up a raucus about how bad FireFox's security is.

    What I'm proposing is that Slashdot report it's stories with less sensationalism and more professionalism. Put in the story that all this was run on an unpatched machine, and that the said security holes have already been fixed.

    Thank you.
    • Not so. Millions of users run unpatched IE, XP, Win2K .. even Windows 98. The fact remains that IE is insecure by design, as anyone who read the initial announcements of ActiveX and saw the demos of Internet Exploder could have told you almost a decade ago, and only now Microsoft has started to realize it's a problem.
    • by zulux (112259) on Wednesday November 24, 2004 @02:45PM (#10911060) Homepage Journal
      In other words, he's running all this on an unpatched XP machine.


      The same problem happens on:

      A patched Windows 2000 Machine
      A patched Windows XP SP1 Machine
      A patched Windows XP Machine
      A patched Windows 98 Machine

      To get browser security from Microsoft requirs a user of Windows 98 to spend $100 to get XP and then spend the next two days trying to install it and getting it to work right with his scanner/fax/printer.

      Or our Winodws 98 friend could just download Firefox.

      Why Microsoft wont realease a standaline Internet Explorer for its old systems is obvious: The want to suck more money out of people. And they suck.

      If Slakware can update thier browser - why in the fuck cant one of the largest companies in the world do the same?

      • A patched Windows 2000 Machine
        A patched Windows XP SP1 Machine
        A patched Windows XP Machine
        A patched Windows 98 Machine


        What about Win95, you insensitive clod? Hmph.

        (Note that I'm *not* volunteering to try it out, though I'm typing this on a 95 box. With Firefox, mind.)
    • The difference is that the Firefox patch works with Firefox -- it's an upgrade on all affected Firefox products -- while the Windows patch does not work with non-XP versions of Windows, which still accounts for at least half the market. There is no patch for all affected Windows products.
    • Before you go off half-cocked accusing other people of going off half-cocked, you might want to RTFA, including all you mods who upped this post to 5. The article is not about Windows or IE or what Microsoft shoulda or coulda or woulda done about any flaws.

      The article is about the scumbags that exploit the flaws, and the lengths they'll go to to get their crap onto your PC. It's also about the money trail that can be followed to nail these suckers. The article was trying to demonstrate that there is a wa
  • by Anonymous Coward on Wednesday November 24, 2004 @02:35PM (#10910970)
    ...may I point out that it is NOT worksafe? Thanks, Ben! Appreciate that.

    Glad I didn't have the boss watch it with me in an attempt to convince her of the need to take better anti-spyware measures.
  • by Saint Aardvark (159009) * on Wednesday November 24, 2004 @02:37PM (#10910985) Homepage Journal
    The "Follow the Bouncing Malware" series at ISC's Internet Storm Center [sans.org] has been quite good, too; it looks at what happened to Ordinary Joe's Windows computer when he surfs:

    Part 4 is coming Real Soon Now (tm). The ISC handler's diary is required daily reading; always a lot of good stuff to be found. (And every now and then, there's a tale that'll make your blood run cold [sans.org]...)
  • by serutan (259622) <snoopdoug&geekazon,com> on Wednesday November 24, 2004 @02:38PM (#10911000) Homepage
    I was not shown licenses or other installation prompts for any of these programs, and I certainly didn't consent to their installation on my PC.

    I would love to see somebody slap some criminal charges against the site owner. Hiding behind an obfuscated EULA is bad enough, but installing software without any permission whatsoever has to be illegal, doesn't it?
  • SP2 is immune (Score:3, Insightful)

    by the_mighty_$ (726261) on Wednesday November 24, 2004 @02:44PM (#10911058)
    Interesting to note that Windows XP SP2 is immune. Only old Windows versions are vulnerable. I think its pretty pointless to keep pointing out that OUTDATED products have bugs.
  • by diakka (2281) on Wednesday November 24, 2004 @03:10PM (#10911266)
    I was thinking, what if you could do something to simulate a spyware install on a computer to the point that they would be fooled in to paying out these per-install fees to websites. If they're paying out a lot of money for installs that will promptly be deleted, then it would hurt these companies financially and also hurt the revenue streams to the websites that use these exploits for financial gain.
  • by Anonymous Coward on Wednesday November 24, 2004 @03:17PM (#10911343)
    Twaintec is a spyware company, and upon viewing their website I read their privacy policy regarding their spyware, and they had an e-mail address to report any malicious sites (installing their spyware without customer consent) to...

    My letter (to which I got no reply)

    Hello there. As you can see, I have had to take steps to insure my identity remain secret.

    Due possibly to an oversight on my part (leaving the security level in the internet zone in IE on Low, then going to an untrusted site), I have been infected with your adware. The uninstall procedure on your website does not work -- your software is not listed in add/remove programs. The twaintec.dll in my windows directory is currently being used, however I have removed all permissions to this file so it will not load after I reboot.
    I was infected with this as well as a myriad of other spyware (toolbars, programs, browser hijackers... I didn't bother to make a list but you should see all the pornographic bookmarks I now have, it's very impressive) by simply going to an internet site. I didn't accept any requests, I didn't read any privacy policies, and now I have your program.

    While your privacy policy attempts to divert responsibility by claiming not to allow this, your failure to insure in software that this actually happens makes your company morally, if not legally, complicit. In short, you could have written software that did this, but instead you put the onus on others to ensure that your software was installed on end-users' computers responsibly. Not surprisingly, many third parties do not do this, and privacy policy be damned, *you profit from it*. You acknowledge this by putting, in your privacy policy, instructions to contact your legal department if one should find examples of abuse of your software. I believe that a person of moral integrity would take steps to ensure that your software was not abused, and that by not doing so, you lack moral integrity.

    But I'm not here to put you down. I would like you to stop distributing the software, shut down your servers, destroy the source, and find another job. A company that can produce this software could, instead, produce something like, say, PestPatrol, that would make peoples' lives better, not worse. But the purpose of this e-mail is not to request that.

    What I want from you is simple. I want you to write me back with instructions on unregistering that DLL. I don't know who wrote this program, but this should be a simple task for someone with programming knowledge, such as must have been required to write the program. If you can do this for me, your moral obligation to me may be considered fulfilled. There is still the greater issue of this software, but one that I'll let you deal with on your own time. If you reply to help me fix what your software has broken, I will forgive you.

    If you promise to take steps to ensure that your software is not abused or that you do not profit from it if it is (charitable donations?), I will applaud you.

    But I will never trust you.

    David

    ---
    Protect yourself from spam,
    use http://sneakemail.com
  • by John Sokol (109591) on Wednesday November 24, 2004 @03:19PM (#10911363) Homepage Journal
    I reciently installed a new win2K system and installed the latest service pack 4.

    I also killed all the services. and it never ran a web browser. Just mysql. I didn't have any antivirus software on it.

    So after placing it on an unfirewalled connection in a locked room, withing 2 hours there were over dozens of virus, worm and spyware installed on the system till it crashed and couldn't even boot. Coming up with 100's of DLL errors!

    Again we never open a single web page.

    Specificaly some of what was installed was:

    alte.exe
    beird.exe
    c.bat
    clonzips.ssc
    clsobe rn.isc
    cvqaikxt.apk
    cult.exe
    cygwin1.dll
    dgssx y.yoi
    dual.exp
    emoti.bat
    enotxa2.exe
    explorx.e xe
    ger.exe
    gt.x
    hosts was altered
    knlps.exe
    knlps.sys
    ksat.bat
    medo.dl
    mirc.exe
    nonzipsr.noz
    ntcnsl.dll
    orrl.exe
    Odin -Anon.Ger
    repcale.exe
    riqa
    scheduler.exe
    sysmm s32.lla
    svcshost.exe
    titlex.exe
    w.e
    wshield.ex e
    winguard.exe
    ymnz.exe
    unmt.exe
    vnicmon.exe
    zema
    a qsws directory
    zippedsr.piz

    • by gad_zuki! (70830) on Wednesday November 24, 2004 @04:01PM (#10911828)
      >installed the latest service pack 4.

      You might as well have blessed it with the wave of your hand.

      You must visit windows update to get the post SP4 patches or the very least enable auto-update.

      You probably got all this stuff from the lsass and rpc vulnerabilities which SP4 does not address.
    • I reciently installed a new win2K system and installed the latest service pack 4.

      I also killed all the services. and it never ran a web browser. Just mysql. I didn't have any antivirus software on it.

      So after placing it on an unfirewalled connection in a locked room, withing 2 hours there were over dozens of virus, worm and spyware installed on the system till it crashed and couldn't even boot. Coming up with 100's of DLL errors!

      Again we never open a single web page.

      Specificaly some of what was installe
  • by Serveert (102805) on Wednesday November 24, 2004 @03:25PM (#10911424)
    I spent about an hour trying to figure out all the hacks that website was doing but after all was said and done it was frightening the lengths people go to in order to hack your browser, set your home page then get ad impressions and make revenue.... embeded java code with encrypted javascript with encrypted java code which printed out encrypted HTML which when decrypted had the browser load java code that used a browse helper object to set your homepage.
  • My mom (Score:5, Insightful)

    by ff1324 (783953) on Wednesday November 24, 2004 @04:14PM (#10911978)

    While so many are quick to point out that he used an unpatched machine, that he should know better, that he's just doing it to be difficult, that he can fix it. He know's he should install SP2, he knows he should have his firewall set up. He knows he should practice safe surfing....but my mom doesn't know this stuff.

    For every computer whiz (like most of us that visit /.), there's a thousand users like my mom who know that you turn on the box, move the little mouse around, and she can type emails to the whole family every day. Then she surfs around on the internet, types something in wrong, clicks on the wrong site, and now can't send the emails to the family and can't order my Christmas presents from Amazon.

    Spyware is a pain in the ass for us, but its a nightmare for the computer novices!

  • by jellomizer (103300) * on Wednesday November 24, 2004 @04:27PM (#10912111)
    You know the Spyware companies are pritty dumb. What they should do when they make the program is remove all the other pieces of spyware so only you adds are beeing seen to the User. You know if they all did this then in Theory you should only have one piece of spyware on your system and most people wouldn't notice.

There is no distinction between any AI program and some existent game.

Working...