Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy

Spyware in Audio Galaxy 373

LintMan and a zillion other people wrote in about the story on Portal of Evil discussing spyware bundled with Audio Galaxy that seems to be even more nasty than usual. Others have written about it as well - there's Counterexploitation and Wired stories. Frankly, we're kind of bored by all these spyware/shareware stories (don't people learn?) so we let it sit around in the submissions bin for a few days, until, say, a slow Saturday night.
This discussion has been archived. No new comments can be posted.

Spyware in Audio Galaxy

Comments Filter:
  • No Problem (Score:2, Insightful)

    by epsalon ( 518482 )
    I'm using the Linux version of the AGSattelite [audiogalaxy.com] and have no spyware whatsoever. Sheesh. When will people learn?
    • Re:No Problem (Score:5, Insightful)

      by reaper20 ( 23396 ) on Sunday January 27, 2002 @01:35AM (#2908787) Homepage
      Agreed, this is a huge advantage that the linux desktop has that no one seems to mention. In Linux, apps don't generally take over my mime types, install spyware, or my personal favorite, insist on putting "neatpp" in C:\progra~1\company name\neatapp\neatapp.exe.

      Sometimes I sit there and tell myself, "Good thing your company puts all its products in a folder named after your company, that way I can easily manage the multitude of apps that you guys provide." After a while, my Program files looks like a freaking billboard ....

      I HATE software that does this. Especially when 90% of windows applications believe that they deserve and absolutely must have an icon in the system tray. Even better is when they don't put the icon in the startup folder, so you have to go Registry hunting. Anything by Real does this. "By closing MemoryLeakLauncher Plus, you could lose some of the great features of the Real Player." Fuck off and die Real.

      The Linux desktop may not have some of the "great applications" that you see in windows, but I have yet to see a linux app that maximizes its install, hiding my taskbar with that dumb blue screen, and insisting on stealing focus. This is the desktop that people think we should emulate? No thanks.

      Good thing my Windows bozen have ad-aware.
      • Agreed, this is a huge advantage that the linux desktop has that no one seems to mention.

        ...No one gives a shit about linux on the desktop.

        If linux on the desktop held as many users as say, Windows, I can guarantee there would be just as many spyware and generally rude apps.
        The only thing linux is relatively immune from (assuming you're not a dumbass that always runs as root) is viruses.
        Linux is just as vulnerable to spies and trojans, it's just there are so few desktop linux users that it's not even worth it for someone to write them.

        You're only immune because no one has targeted you.

        C-X C-S
        • there would be just as many spyware and generally rude apps.
          On yours maybe, not on mine.

          Rude apps can be niced.
        • by sjames ( 1099 )

          Actually, Linux is intrinsicly less friendly to spyware. The simple reason is that because it is op0en source, if spyware becomes a problem someone (probably several someones) will come up with a kernel patch that provides a complete audit trail for all created files and network accesses. There'll be no buying them off because the patches will be released under GPL.

          Even without such a patch, Linux is less friendly to spyware. One reason that spyware gets away with it is that Windows by design hides system activities and data from the user. Since most software quietly adds to the registry without asking or informing the user, nobody notices when spyware does the same. To my knowledge, Windows doesn't ship with anything like strace (Which could be used as a userspace auditing tool for installers).

          It is true that the millions of AOLers using Linux wouldn't likely know how to use any of those features, but they would know how to read the reports from other users who do know how to use the tools.

          Look honestly at the differences between a proprietary OS vs. Linux. Who would be more likely to add a stealth API to the kernel in exchange for cash from a spyware vendor, MS, or the Linux kernel developers? Which OS would be most likely to carry around such an API without anyone finding out about it?

          Now, ask which OS would be more likely to get features designed specifically to defeat spyware, written by people who are concerned more about the moral and ethical issues, as well as the users control of the system than they are about the bottom line.


      • In Linux, apps don't generally
        [...] insist on putting "neatpp" in C:\progra~1\company name\neatapp\neatapp.exe


        No, they put it in /usr/bin/neatapp... or /usr/local/bin/neatapp... or /opt/neatapp... or somewhere else.

        Granted, there are definite advantages (as well as disadvantages!) to the organization of the Linux (et al) filesystem heierarchy, but do you really want to go back to the DOS scheme of every company putting their software in some random directory of their choice so you can never find it?

        Furthermore, I don't know many installers that "insist" on installing to C:\Program Files\. Usually, it's a changeable default. Now, gripe about installers not giving you a (useful) option for placing start menu icons, and I'll agree wholeheartedly.


        Especially when 90% of windows applications believe that they deserve and absolutely must have an icon in the system tray


        This is certainly annoying, but your "90%" figure is a wild exaggeration. Running Windows, I typically have in my system tray: the Task Scheduler and Volume icons (both OS level annoyances, not applications), Mozilla (optional during the installation), and sometimes AIM (You can turn off automatic startup, but I'll concede that it's a pain that it doesn't exit when you logoff.) Considering that I've probably installed over a hundred windows programs since I got this PC, and only had to go out of my way to clean up a couple of them, I think that's a tolerable (if not great) ratio.


        Fuck off and die Real.


        Agreed. Real sucks big rocks in this regard.
        • Furthermore, I don't know many installers that "insist" on installing to C:\Program Files\. Usually, it's a changeable default. Now, gripe about installers not giving you a (useful) option for placing start menu icons, and I'll agree wholeheartedly.

          Well it is a changeable default in theory, but there are a LOT of programmers out there who are either stupid or lazy and simply hardcode "C:\\Program Files\\..." in their routines. You'd be well advised to NOT change the default install directory to avoid bugs, or you might be surprised when the uninstaller doesn't work.
          • C:\\Program Files\\..." in their routines

            I guess that is why I don't install my OS in the C:/ drive. I think that you would have to be mad to ignore the OS calls as that drive might not even exist (under NT/2K/XP).

            I don't do this to screw up spyware, just to have separate partitions for data and programs.

            Michael.
      • linux app that maximizes its install, hiding my taskbar with that dumb blue screen, and insisting on stealing focus.

        StarOffice/OpenOffice install program.

        Not that it's a big deal, but you did say you've not seen any so here are two examples, if you're interested.
      • Yes, that is true.
        But, if the linux desktop ever achieves the level of integration that the sheeple want, and get, with windows.... then the same spyware will happen in linux. it's not immune.

        Obviously, when all the software we use is written by us, for us, rather than by corporations to make money, it's not going to be spyware.
    • Re:No Problem (Score:2, Informative)

      by sharkman67 ( 548107 )
      Im using Sniffles [aol.com] on OSX to check for spyware.

      It allows logging of IP traffic in either TCP, UDP or ICMP protocols, over any ethernet or PPP link on your system. It also allows the use of custom filter programs, of the same syntax as that used by tcpdump, which allows you to specify a ruleset for determining which network packets are passed from the kernel into Sniffles for analysis.

      Nice to find a slick app like this freeware for OSX.
    • I run the audiogalaxy satellite inside a chroot jail.
  • License? (Score:3, Interesting)

    by Phroggy ( 441 ) <slashdot3@@@phroggy...com> on Sunday January 27, 2002 @01:25AM (#2908746) Homepage
    Does AudioGalaxy's EULA have anything interesting to say about this? Like the license in Windows Media Player that says Microsoft has the right to erase your hard drive if they want?
    • Re:License? (Score:3, Informative)

      by epsalon ( 518482 )
      Read the article!
      It says that it is mentioned at the end of the EULA, but only vaguely. In any case, do you actually read all those EULAs before clicking "I Accept"?
  • by MiTEG ( 234467 ) on Sunday January 27, 2002 @01:27AM (#2908751) Homepage Journal
    It isn't really a surprise to me about the spyware in Audio Galaxy, I've heard people talk about how it should be classified as a trojan rather than a piece of software. MusicCity's Morpheus [musiccity.com] is by far the best spyware free program, but unfortunately there is no linux version. The best part is that it runs on the same network as Kazaa, without the spyware (which doesn't matter since Kazaa has halted downloads of their software anyway). You can find any file you want on it, and I think it is even better than Audio Galaxy.
    • I use mutella. Open source, no spyware, doesn't randomly drop connections like LimeWire.
    • by BCTECH ( 540338 )
      Morpheus is not spyware free. It installs B2d projector from briliantdigital.com. If you are running it check out c:\bde
  • VX2 - Devious (Score:2, Informative)

    by Tony.Tang ( 164961 )
    I've written about this before [slashdot.org], but in the interest of karma whoring, here it is in full:

    AudioGalaxy's [audiogalaxy.com] [audiogalaxy.com] software unfortunately now installs VX2 by default. We didn't know this when we installed AG, and were subject to a pop-up ad so frequently, it was unbelievable. At first, I suspected the sites we were visiting, but they were even coming up on Google!

    The big throw was that the ads that were being served up always seemed to come from different places. One day, I decided to look into it, and discovered that all the ads were being downloaded from VX2 [vx2.cc] [vx2.cc].

    VX2 is a very devious piece of sofwtare, logging every one of the sites you visit, and then popping an ad every once in a while. If you surf quickly, throttles itself; surf slowly, and it pops for every site. Quite devious, really.

  • I have AudioGalaxy 0.608W installed [Windows 2000] and don't have any of the files listed [vx2.dll, iehelper.dll, domlst.cch] on my hard drive, nor any of the related registry entries.
  • Remove it easily (Score:5, Informative)

    by DiveX ( 322721 ) <slashdotnewcontact@oasisofficepark.com> on Sunday January 27, 2002 @01:31AM (#2908766) Homepage
    Hopefully Ad Aware (http://www.lsfileserv.com/index.html) will include it in their list soon, but until then it is an easy remove (http://www.vx2.cc/uninstall.html)

    The VX2 software is a single program file in the system directory called VX2.dll.

    To remove VX2:

    1) From the Control Panel select ADD/REMOVE programs. Select "VX2 RespondMiter" and "Remove".

    If VX2 RespondMiter is not present:
    2) Close all internet explorer browsers.
    3) Search your "C" drive for VX2.dll
    4) Delete VX2.dll

    If the system does not permit the file to be deleted proceed as follows.
    5) Select "Start" and then "Run" and type "regedit"
    6) Find the and delete the entry named "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Explorer\Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662}".
    7) delete the {00000000-5eb9-11d5-9d45-009027c14662}entry.
    8) Reboot computer.
    9) Search your "C" drive for VX2.dll
    10) Delete VX2.dll

    It seems to just plug itself in IE, so as usualy Netscapers are pretty safe from this one....for now.
    • Support lavasoft! (Score:3, Informative)

      by Graelin ( 309958 )
      If you're unfortunate enough to be running Windows. You will need to protect yourself.

      Lavasoft is helping you wage your war against the marketing droids. Support them! Let them, and the rest of the world, know that you won't stand for these kinds of privacy intrusions.

      Support lavasoft in their mission, buy their stuff [lsfileserv.com]!!

      [Disclaimer: I do not work for them, I just like my rights granted by being human.]
    • From what I understand 5.62 of Adaware will kill this.
    • Re:Remove it easily (Score:2, Informative)

      by dan133 ( 213607 )
      I found VX2.dll in C:\WINNT (running win2k) but I couldn't delete it
      so I proceeded to follow the registry key deletion outlined above but couldn't find such an entry at the given path.

      So, an easier way for everyone, would be to search for "00000000-5eb9-11d5-9d45-009027c14662" and delete the result.
      That's what I did and then deleting VX2.dll was possible.

      Just letting those of you stumped know :)
    • AdAware 5.62 does remove VX2. You have to get the latest signature file, though. The easiest way to do that is to get their new(er) Refupdate program. When you run Refupdate it connects to the Lavasoft servers and pulls down the latest signature file.

      The newest sig file is 005-16.01.2002. That file will allow AdAware to detect and remove VX2 and all of its variants.
  • by Pituritus Ani ( 247728 ) on Sunday January 27, 2002 @01:33AM (#2908772) Homepage
    ... that if J. Random Hax0r writes and distributes a piece of software that collects information clandestinely from computers on which it's installed, he gets his door kicked down and everything with a byte of RAM or potential for magnetic storage confiscated, his life ruined, and possibly sent to prison
    but
    when a barely legitimate distributor of file sharing apps produces a "product" with these same attributes, there doesn't seem to be a great presence of Federal law enforcement at its place of business?
    • by epsalon ( 518482 ) <slash@alon.wox.org> on Sunday January 27, 2002 @01:45AM (#2908810) Homepage Journal
      The only problem is the Hax0r doesn't have an EULA to protect him.

      Consider this: Write an Outlook worm that disguises itself as some useful app and sends itself to your entire addres book. Enclose a EULA in microscopic letters, pointing to a privacy policy on your website. Now you're 100% covered.

      You can write:
      YourCompanyName will not be responsible of any billings made using your credit card number collected by our software

      Free money!
      • Two (or more) parties can agree to any terms in their contract, but it's useless unless a court will enforce it. Courts will not enforce contracts that "shock the sensibilities."

        An EULA is under even tighter scrutiny since it's an attempt to get the benefits of a contract without the hassles of actually giving the other party any opportunity to negotiate. (Since most stores will not accept opened software for refund, you're forced to pay for the software whether you use it or not.) Courts have generally refused to enforce most terms in EULAs for a number of such reasons - that's why it literally takes a law changing the ground rules (UCITA) to make them enforceable.

        Of course, if you want to be a test case....
    • how many times must we tell you, these are FEATURES!!
      :)
  • by Trepidity ( 597 ) <delirium-slashdotNO@SPAMhackish.org> on Sunday January 27, 2002 @01:33AM (#2908774)
    This story is not very timely, as the entire issue has been resolved for at least a week now. Audiogalaxy did include the VX2 spyware in their application, was thoroughly lambasted for it, and finally gave in to user complaints and removed it. The current version of audiogalaxy available on their website has no spyware in it (or at least no VX2 spyware, and no mandatory-install spyware; it might still include Gator or something as an optional install, I haven't checked).
    • the entire issue has been resolved for at least a week now

      That's the problem with sitting on news for days as Michael interestingly acknowledges. Why is he always so hostile?
    • Well according to the Wired story given above [wired.com], AudioGalaxy stopped including it due to unpaid bills of Onflow Corporation [onflow.com], who were including it in their third party add-in to AG Satellite. It wasn't removed because of any complaints, although perhaps there wasn't much opportunity to react to complaints anyway.

      If this is true then I guess it could mean that AudioGalaxy didn't know what they were including at the time, which I don't personally think is an acceptable excuse but it might explain why the installation opt-out screen allowed opting out of other third party spyware but didn't even mention this one.

      Luckily the story's not completely past its use-by date, since there are lots of people out there who still have vx2.dll installed. I found it on my windows partition the other day when I saw the story on k5 [kuro5hin.org].

    • This story is not very timely, as
      the entire issue has been resolved for at least a week now. Audiogalaxy did include the VX2 spyware in their application, was thoroughly lambasted for it, and finally gave in to user complaints and removed it. The current version of audiogalaxy available on their website has no spyware in it (or at least no VX2 spyware, and no mandatory-install spyware; it might still include Gator or something as an optional install, I haven't checked).

      Begging pardon, but the issue hasn't been resolved until (a) there are no longer people whose form submissions and other data silently leeching off to an unknown 3rd party, and (b) the legal ramifications of what's been going on are tested in court. Judging by the number of Code Red hits I'm still getting on a daily basis, I'd say Joe Windows User will obliviously exist with this illegal spyware for some time to come.

      And don't say that nobody's broken any laws here. Minors aren't held responsible for for small type warranties and disclaimers in the United States. All that's needed to take this to court is proof that one minor ended up installing something that sent his daddy's VISA number to a spyware company, or proof that personal information about a kid under 13 was sent as a result of the spyware, even if the kid knew exactly what he or she was installing.

  • by RareHeintz ( 244414 ) on Sunday January 27, 2002 @01:33AM (#2908775) Homepage Journal
    This has also been covered in a story at Kuro5hin [kuro5hin.org], and in slightly more depth.

    OK,
    - B

  • by Kiwi ( 5214 ) on Sunday January 27, 2002 @01:42AM (#2908800) Homepage Journal
    Spyware is a natural consequence of the gratis (free beer) approach of proprietary software. While there is no monetary charge for downloading the software, the gratis software can have features which the end user considers undesirable; such as violating their privacy.

    A system based on software libre (free speech software), on the other hand, is much less likely to have spyware. First of all, since there are "more eyeballs" looking at the source code, people who make libre software are less likely to add features to the software which the end user may not like. Second of all, the mindset behind making libre software is different than the mindset behind gratis software; there is more desire to give people features they want and less desire to make software which has undesirable features to increase one's bottom line.

    While I do feel that propritary software works better than libre software for many things, such as video games, I am glad that I have a system that is over 90% libre software; this minimizes the chances that there is undesirable spyware on my system.

    This may be why the editors are reluctant to post spyware stories; people using software libre instead of proprietary software do not need to worry about this kind of thing.

    - Sam

  • by bluelarva ( 185170 ) on Sunday January 27, 2002 @01:43AM (#2908802)
    I prefer Open Source because of this sort of trojan/spyware apps on closed source. I admit I don't examine every line of the source code before I compile it but I tend to trust it more just because everything is out in the open. I'm sure there has been cases where even open source app had some questionable hidden code but I bet it's exposed fairly quickly. I just think it's one more positive aspect of Open Source.
  • I'm almost sick of hearing about all the "spyware", "policeware" and other [insert bad connotation here]-wares making their ways into consumer products. This can only lead to one thing, in my view, and that's eventually having all of our own belongings spy on us and rat us out. Why?

    I strongly believe that the stronger "they" push for more control over our lives, the worst things will get in terms of "their" profits or whatever, because people will want to work around. It's like the parent telling their kid what not to do, so the kid does it just to be a rebel.

    • I strongly believe that the stronger "they" push for more control over our lives, the worst things will get in terms of "their" profits or whatever, because people will want to work around.

      Absolute majority of computer users (probably 99.99% at home and 99% at work) don't know, don't want to know and don't care about software or computers in general: It is flashy? Good! I like flashy thingies! When I tell them about spyware the universal response is I don't care, I don't do anything bad and Let them have it if they want it, as long as I am getting my free whatever...

      Some people (/., for example) will indeed not want to use this software... unless they are forced to, or convinced to. But even if every single computer scientist on the planet rebels against this very foggy threat, nobody will listen to them anyway. Majority rarely listens to minority - "might makes right", and we see examples of that just everywhere.

      So if 0.5% of population refuses to run spyware-laden apps, who cares? Majority of people just want to get some work done, they don't want to know what's going on inside their computers. As long as spyware-infected app works and does what the user wants, the app and the parasites will be successful.

  • Well hmmm (Score:5, Insightful)

    by Palapatine ( 208816 ) on Sunday January 27, 2002 @01:44AM (#2908806) Homepage Journal
    This is interesting.... For a site dedicated to "news for nerds" and" stuff that matters" they hold a story back untill a slow newsday(night) to post it. Now as a Windows/linux/Beos user the Windows third of me wants to know when some program is installing what amounts to a data harvester on my machine, whether or not a story which followes the same path as this one has already been posted, I still would like to know what new programs are out there taking my info.
    perhaps Slashdot should put up a bi-weekly "security update" in order to address these issues which do not warrent a full post.
    • I think it was the "Stuff that matters" bit which prevented them from putting it up right away. If you want security alerts, then there are plenty of other sites which will do that, but I'd hardly count this as "News".
  • spyware/shareware? (Score:5, Insightful)

    by istartedi ( 132515 ) on Sunday January 27, 2002 @01:56AM (#2908843) Journal

    spyware/shareware

    Spyware has nothing to do with shareware. You may not like the shareware business model but please do not associate it with spyware. Spyware can be distributed under all business models. Yes. Spyware could even be distributed as Open Source on a mass-market Linux distro since many users never recompile. If Linux is ever mass-marketed on the desktop by AOL, I expect to see such things happen. It will work because most users don't read security journals and won't bother to recompile.

  • typical (Score:2, Insightful)

    by boojit ( 256278 )
    Michael, in your "editorializing" on this submission, you managed to sum up pretty much everything that bugs me about Slashdot. Thanks for that.

    Did you even read the Portal of Evil post? Apparently not. If you had, you'd realize this particular brand of spyware is installed without the users' consent. "When will people learn?"?!? When will Slashdot editors learn to read articles first, and cast their pompus, overbearing comments later? Like a lot later. Like maybe never.

    This software affects Windows users, and therefore, not the sort of user that goes around compiling his or her own kernels on a daily basis. I believe this, and this alone, is the reason it upsets you so much. You're the kind of guy that will scoff at an everyday Windows user who accidentally opens a virus attachment, then goes on to pay his mechanic $500 dollars for what should have been a routine $50 repair without batting an eyelid. In short, you're a dick.

    Comments like yours are typical of the smug, unbearable technodweeb -- the kind doomed to spend the rest of his life relegated to the back room with his precious computers, far away from those people who actually use them.

    Do me a favor from now on. Post the damn story, and shut up.

    Regards;

    DaC
  • by jesterzog ( 189797 ) on Sunday January 27, 2002 @02:07AM (#2908872) Journal

    ..from you, you can fill in this online form [vx2.cc]. Any volunteers? By the look of it, I don't think I'll personally be filling in that form anytime soon. :)

    This thing was really nasty with how much it spies on a user's everyday activities, and I was surprised that slashdot didn't report it sooner. There's the word of a very dubious company's word that they'll purge any bank account numbers that they accidently collect from keylogging your online forms to get them before you submit over an SSL connection, but they might as well be storing and mining all of the email you write to people.

    • I, too, find it extremely difficult to believe that they'll just throw away all of the data they've collected on you just for asking. The amount of money that could be made with this kind of information is huge -- especially bank account numbers, which can be used to defraud a lot of people of a lot of money (and then the VX2 people would move to Switzerland or some such place and retire). Selling all that email information to spammers could also be quite profitable. Oh, and they'd have gotten credit cards, too, so they can also commit credit card fraud, writ large.

      *Whistle* Pretty bad...

      • It's not so much the fraud possibility that concerns me, since I think it's at least reasonable to assume that most companies won't go out of their way to break the law so obviously.

        I'm more worried about the fact that they might be storing it at all. Whenever another company stores personal information about me, it means that I'm required to trust someone else to look after it properly. For every other entity who has personal information about someone, there's another entity that it can be stolen from.

        VX2 has been trying hard to go unnoticed but even if they hadn't, why should anyone have to assume that the security on their system won't be cracked? Even if it does seem that they're taking reasonable precautions, nobody should feel obligated to trust them.

        All it takes is for one wrong person to get bulk personal information and do a little data mining, and five years from now your name, address and estimated income could be on a regionally sorted list being sold on the black market.

    • Any volunteers? By the look of it, I don't think I'll personally be filling in that form anytime soon. :)

      Why not fill it out many times? As John J. Smith, George Bush, etc. That database might taste a bit better with some salt after all.

    • View the HTML source to that page, and you'll find something interesting:

      <form METHOD="post" ACTION="mailto:vx2org@hotmail.com? subject=delete page" ENCTYPE="text/plain">

      Somehow sending all these requests through a Hotmail account, of all places, isn't very reassuring.

  • by Rayonic ( 462789 ) on Sunday January 27, 2002 @02:11AM (#2908885) Homepage Journal
    Spyware aside, shouldn't it be illegal to infect^H^H^H^H^H^H install software on someone's computer without their knowledge? My computer is MY private property, and sneaking little programs onto it is tantamount to trespassing.

    I mean, would anyone put up with someone putting little "Buy Hood(tm) milk" ads in their refrigerator all the time? Or how about little spycams hidden away on your bookshelf? This case isn't much different.
  • by Animats ( 122034 ) on Sunday January 27, 2002 @02:17AM (#2908900) Homepage
    After searching state corporation records [state.nv.us], we find "VX2 Corporation" in Nevada. Address is "PO Box 21703, Las Vegas, NV, 89107", which isn't too helpful. The company president is listed as "Maurice O'Bannon".

    Looking up "Maurice O'Bannon" in Google, we find that name associated with a major Internet fraud case [ftc.gov] in Nevada and California involving $37 million of phony credit card charges which resulted in jail time [keytlaw.com] for some of the participants.

    Uh oh. Spyware from people involved with credit card fraud is big trouble. This needs to be followed up with law enforcement.

    • by theancient2 ( 527101 ) on Sunday January 27, 2002 @03:38AM (#2909020)
      This one seems to be a lot worse than the other spyware programs I've read about. Most just track things like the URLs you've seen. This one "collects some information from online forms that you fill out. This information is automatically sent to VX2 in order to save you the time and trouble of submitting such information to us yourself." (I love the way they word this thing. Save me the time and trouble. Thanks guys.)

      The spyware doesn't even stop collecting data when you're on a secure (SSL) site -- they'll just encrpt the data they collect. (Is their no end to VX2's thoughtfulness?) We're told to look for the "secure" icon before giving away personal information, and to deal only with reputable companies... but what good does that do when a very popular software program has installed a trojan which may or may not be sending credit card numbers to someone who may or may not be a convicted criminal?

      Adding popups to any random site you visit is along the lines of those programs that replace ad banners with their own, hijacking the site's revenue stream and making it appear that the site owner supports an advertiser they have no relationship with.

      To top it all off, they have the right to update their software in the background, and possibly install third-party applications without the user being aware. Does accepting this licence agreement mean I accept the licence agreements of any third-party software that may be installed at a later time?
    • Nevada is a relatively easy place to become incorporated. This O'Bannon guy is using the service of a firm specializing in doing incorporations (Budget Corporate Renewals [budgetcorp...newals.com]), which is located in 89107. Upon closer examination of the address, I see that it is located in a residential area [mapquest.com] behind a Target. Their phone numbers (702-870-5351 and 702-880-7044) correspond with this area of town. My guess is it is some home business thing.

      I doubt if O'Bannon has any base of operations out of Vegas at all.
    • After searching state corporation records [state.nv.us], we find "VX2 Corporation" in Nevada. Address is "PO Box 21703, Las Vegas, NV, 89107", which isn't too helpful. The company president is listed as "Maurice O'Bannon".
      Looking up "Maurice O'Bannon" in Google, we find that name associated with a major Internet fraud case [ftc.gov] in Nevada and California involving $37 million of phony credit card charges which resulted in jail time [keytlaw.com] for some of the participants.

      Uh oh. Spyware from people involved with credit card fraud is big trouble. This needs to be followed up with law enforcement.

      important after all, so micheal, what do you have to say to that? just another spyware story?

      they better put this in slashback...
  • by Graymalkin ( 13732 ) on Sunday January 27, 2002 @02:22AM (#2908913)
    The whiny bitching about when will people learn is ludicrous. Wah wah Windows users ought to use Linux because it is a million times more better than everything. Fuck that. Alot of these shareware/spyware schemes are complete asshole tactics and could affect Linux users too if anyone gave a shit about them.

    I recently rant into a nice little spyware program called winad (wnad.exe) which somehow ended up on the machine (nothing has been installed on the system in eight months) and would hook into IE and launch pop under windows at random when IE was sitting idle viewing a web page. My only guess is some ActiveX program loaded it onto the system from a website somewhere. This program disturbed me a bit because it got onto the system and though didn't do any damage it had the potential to. For elitist Linux users who think they're hot shit, the same thing can be done (though limited to a user's access privileges). It would annoy the piss out of alot of people to have $HOME rm -rf'ed. The whole invasion of privacy in the name of advertising crap is a blow to the whole freedom to roam thing the web is all about. Thinking you're a badass because you can compile a kernel doesn't mean you're somehow better than somebody else who doesn't compile their kernel. It gets real old real fast.
    • Alot of these shareware/spyware schemes are complete asshole tactics and could affect Linux users too if anyone gave a shit about them.


      Bah you're talking out of your fucking ass. The fact is, there is no virus and no spyware on Linux. Now you can hypothesize all you want, it's NOT THERE NOW.


      And you know why it's not going to happen anytime soon? Should a real virus happen, counter measures would likely be introduced in new distros or even kernel if needed, instead of relying on costly third party schemes.

      • Actually, I remember seeing someone port Melissa to Linux as a shellscript (rather then a VBscript) on k5 a while back. Sure, the user would have to manually save it and run it, since most Linux mail apps wouldn't do it for you, but the code was still there.

        Also, there have been a few viruses [vnunet.com] on Linux, to say otherwise is the height of idiocy. Just do a damn google search.

        As far as spyware goes? Yeh, there is none (that we know off...) But that doesn't mean that there won't be in the future. There's no technical reason why it couldn't be there.
    • This is a good flame, but my comment didn't really have anything to do with Windows(tm), only installing binary software from unknown sources.

      In the days pre-Internet, it didn't make sense to send out fucked-up shareware. There was no way for you to receive any benefits from it, since the computer it would be installed upon was not part of a network, couldn't communicate back to you. That dynamic has now changed, and it isn't going to change back. Most binaries available for download used to be non-dangerous, with only a few dangerous ones. Now most are dangerous (at least judging by the number of installs - all of the "most-installed" shareware either is, or will become dangerous), and only a few are non-dangerous. Because the owner of the program can expect to have the dangerous program communicate back, sending information (=money) back up the wire.

      This fact is operating system independent. Right now, Windows(tm) is far more affected than any other operating system, because most of the dangerous software is written for the dominant operating system. But there's no reason that has to remain true in the future.
  • by Mustang Matt ( 133426 ) on Sunday January 27, 2002 @02:33AM (#2908932)
    I got much more info back than him. Just have to use the correct whois server.

    Registrant:
    vx2 (VX52-DOM)
    po box 27103
    Las Vegas, NV 89126
    US

    Domain Name: VX2.CC

    Administrative Contact, Technical Contact, Billing Contact:
    vx2 (D25000-OR) vx2org@hotmail.com
    vx2
    po box 27103
    Las Vegas, NV 89126
    US
    212 255 1008 fax: 123 123 1234

    Record last updated on 05-Oct-2001.
    Record expires on 31-Jul-2003.
    Record created on 31-Jul-2001.
    Database last updated on 26-Jan-2002 12:04:00 EST.

    Domain servers in listed order:

    NS1.VX2.CC207.246.124.6
    NS2.VX2.CC207.246.124.7
  • by sam_handelman ( 519767 ) <samuel.handelmanNO@SPAMgmail.com> on Sunday January 27, 2002 @02:39AM (#2908943) Journal
    And this time, it isn't "Let's get him!"

    Okay, I was just chatting with my teenage cousin on Kazaa, and that got me thinking. Her father is a lawyer (a defense attorney). She doesn't have Audio Galaxy, but I bet some lawyer, somewhere, has a kid who installed Audio Galaxy on their home machine; and I bet they sent work related web-based E-mail.

    If I'm right and if this person can be found, surely you can subpoena Mindset to get logs of what they did with the information. IANAL myself, could you do anything else to them? The guy at www.cexx.org evidently spraypainted Blackstone's entire server pink - is that evidence that your legal communications could have been compromised? Is this stuff that cexx found utterly inadmissable?

    Failing that, there are lawyers here. Set up a scheme to make Mindset/whoever they actually are defend themselves in court - if 100,000+ people really installed this software, they have to have something they're not remotely supposed to have.

    Anyway - read the last bottom of the cexx story - it has the missing pieces of the story on HellPortal.
  • onflow (Score:4, Informative)

    by kz45 ( 175825 ) <kz45@blob.com> on Sunday January 27, 2002 @02:52AM (#2908964)
    We know nothing about VX2," Merhej said. The VX2 program file (called vx2.dll) was part of an advertising graphics enhancer made by the Onflow Corporation, he said. Audio Galaxy offered the Onflow program as part of its software package from Oct. 1 through Nov. 4, 2001, Merhej said. The partnership was cancelled due to unpaid bills.

    Onflow is the worst company I have ever dealt with.

    Our company (which shall remain nameless) used onflow technologies in our product for about 2 years. They paid us for the first few months of operation, but when they owed us a total of about $30,000, we received a letter claiming they had lost overseas investments, and they couldn't pay us.

    Funny enough, it look like they are still in business.......
    • Our company (which shall remain nameless) used onflow technologies in our product for about 2 years. They paid us for the first few months of operation,

      So how did they stall you for the other 21 months?

      Those bill-avoidance tactics might come in handy next time I'm short on cash.

      -Legion

  • vx2org@hotmail.com (Score:2, Interesting)

    by footility ( 541226 )
    If you want to find out where this users is, why not
    compose an html email containing an image on a
    server whose logs you can read. You'll be able
    grab the client IP address from his browser when
    the image is displayed.

    b
  • here's the slime. (Score:3, Informative)

    by footility ( 541226 ) on Sunday January 27, 2002 @03:35AM (#2909017) Homepage
    There is a reference to joshua@abram.com on the
    "contact" page at vx2.cc. This is the whois
    from vx2.org. coincidence? I think not.
    go get him ;-)

    Registrant:
    Abram, Joshua (VX54-DOM)
    444 east 57th street
    New York, NY 10022
    US

    Domain Name: VX2.ORG

    Administrative Contact, Billing Contact:
    Abram, Joshua (FSQYHRRZLI) joshua@abram.com
    444 east 57th street
    New York, NY 10022
    US
    212 255 1008
  • by DarkZero ( 516460 ) on Sunday January 27, 2002 @03:54AM (#2909047)

    Spyware that transmits anything you put into a form (web-based e-mail, credit card information, address information) back to its parent company, as well as the usual tricks of recording every webpage you visit and adding banner ads to webpages you visit bores you?

    I would've thought that a program attached to a major P2P program that records your credit card data and sends it to a shady company that no one knows anything about would be sort of important. If it were a group of self-described crackers that did this, it would probably be really big news. But because it's a corporation, just like all the others, it gets passed over?

    Every small Microsoft security hole that no one has even exploited yet is big news, but corporations stealing credit card numbers and reading every bit of a person's e-mail apparently does not mean much. It wasn't even mentioned in the /. blurb.

  • Man, at least with Audio Galaxy you can remove the spyware with Ad Aware (From Lavasoft). Grokster and Kaaza have taken it to a new level and now require that the spyware exists on your system to run their client. Take out the spyware (like anyone with half a brain would do) and the client ceases to run.

    What worries me is that this is the beginning of new trend where all this adware will start this. I'm sure all the rest of the marketing departments in these scum factories will start to do this now.

    Ya know, I really wouldn't mind PAYING money for some of these clients (if it was reasonable), but to force someone to run sketchy software reporting back to god knows who with god knows what information is complete bullshit. As far as I'm concerned, all these companies that put spyware in their software are even worse than the RIAA/MPAA/etc. This revenue model is fucked, and I hope that if their is even the slightest hope for humanity that these companies go out of business with the quickness.

    BTW, I found out somebody put out a "crack" for Kazza to allow it to run without spyware. That makes me giggle. These companies get what they deserve.
  • Having worked at Audiogalaxy this past summer, I can assure you its not the case that they meant to bundle this, it had to have happened by accident.
    Its bundling goes against their views of making all bundled software opt-in, meaning the user must check a little box to opt-in otherwise the default setting is to not install bundled stuff.

    After reading the wired article, I think its pretty understandable how this slipped past the guys at Audiogalaxy. The spyware mentioned is just one little file vx2.dll. Since it came with onflows advertising software, To the guys at AG it must of looked like it was a dll that onflow dynamically linked their code to. It just goes to show you how sneaky companies like vx2 are. I bet spyware companys just try and sumberse themselves further like the parasite they are, and just go tag their BS onto legit dll's.

    Knowing how the folks at AG are they'll be taking a fine comb thorough their bundleware to maintain that opt-in philosophy.
    • by StrawberryFrog ( 67065 ) on Sunday January 27, 2002 @05:14AM (#2909157) Homepage Journal
      I can assure you its not the case that they meant to bundle this

      So how is that relevant? If I drive my car into someone and kill them, but I was asleep at the wheel, does that mean that I am therefor innocent of any wrongdoing? Nope.

      After reading the wired article, I think its pretty understandable how this slipped past the guys at Audiogalaxy.

      I say judge them by their deeds not thier intensions - Audiogalaxy is in the business of distibuting software. How the crap can they not know what they are distributing? And if that is truly the case, it is thier problem.

  • by jeti ( 105266 ) on Sunday January 27, 2002 @05:41AM (#2909204)
    I've just run Ad-aware on my Windows configuration,
    and I'm just glad that I don't seem to have caught
    anything.

    This kind of spyware is at least as dangerous as
    any worm or virus I've heard about. I think Norton
    and McAffe will have to extend their products /
    product lines.
  • My ad hell (Score:5, Informative)

    by hyrdra ( 260687 ) on Sunday January 27, 2002 @06:04AM (#2909234) Homepage Journal
    It may be bad popping up ads when you're surfing the web, but what about just whenever. That's what happened on my system.

    I, like Chet & Eric of the linked article do support programs having internal ads to support themselves as free software. However, monitoring users behavoirs is another story -- that's your computer and most contracts (as I have heard from a lawyer friend) cannot "sign" that away; for example your landlord cannot include a clause stating he has the right to monitor your mail, who you talk to, etc. and by living in the property he owns, you forfeit those rights, and if you do not agree with them you cannot live there. Well, folks, this is exactly what most of these programs are having you agree to. The fact is, they're illegal contracts. You cannot gather personally identifiable information (it's identifiable because they are able to deliver targeted advertisement thus they must have a system to know who you are) if you signed the rights away or not.

    I have accepted that companies do this and there really isn't a way of getting around it (heck, I don't really care what they do with the info, I'm not going to buy something from any ads they use and that'll be my contribution). So I have tolerated these commercial bombardments. That is until something strange happened.

    All of a sudden while I would be at my desk in the same room (this is at work mind you), I would notice activity on the monitor. Going over to look at it, I would notice an ad window had mysteriously popped up, when no programs were running and I hadn't been using the computer for hours. In the morning I typically had several windows to close after the nights ad-popping fun.

    Thinking it was a web site which some how introduced a popup delay, I dismised it at first. But it got worse. It was impossible to work on a Word document without having an ad popup and steal focus from my document. I also came to the realization when you close a browser window, its process ends and thus a delay javascript wouldn't work.

    I finally decided that it must be some program launching these ad windows. Searching the running process list, I noticed an interesting program happily running. Savenow was the culprit. This program was actually popping up windows on my personal desktop, on my computer (yes, I do own it) and collecting web browsing data in the background, even when its associated product wasn't running! Deleting the savenow executable, I was free of the ads yet outraged of how this company violated my privacy and my computer, and also comprimised the security of my employer. What if they could learn something about our project based upon my web browsing habits and sell that to another company?

    After that incident, I went in with a resource editor on every single ad-supported program on my computer and removed the ad resources. I also installed ad-blocking software. Still though, I do occassionaly get ads and various brandings. I have since persuaded my boss to let me put my Linux box on the network, but still, how long until we see these ads and tactics on Linux? How long until these ad programs start embedding ads in your paid for software, or interfacing with your printer driver to print a banner ad out on every page?

    The point I'm trying to make is I am all for advertising and realize it does support free products quite nicely, but when it invades my privacy and makes me sign illegal contracts, I get angry. Anyone would. And something should be done about it. I don't have the resources, I can only not buy the products they force on me and put a dent in their success rate thus no ads. But someone with the resources and time should go after these bastards.
    • Re:My ad hell (Score:4, Insightful)

      by sholton ( 85051 ) on Sunday January 27, 2002 @09:32AM (#2909457)
      This program was actually popping up windows on my personal desktop, on my computer (yes, I do own it)...

      No, you don't.

      Get that fact through your head and you'll understand everything much more clearly.

      Computers are not like oil or steel or cotton. Computers have loyalty. A comupter is owned by whoever wrote the software making it run. You can only trust a computer as far as you can trust the person (or people) who wrote the software that runs on it.

      This is one of the reasons why allowing a single, for profit corporation to own a monopoly on proprietary software is orders of magnitude worse than allowing a single, for profit corporation to own a monopoly on something like oil or steel.

      You purchased the hardware, you pay for the electricity to run it, you provide the real estate where it sits, you pay for the air conditioning to keep it cool, and you pay the parts and labor when it breaks. But as soon as it starts running someone elses software, it will start doing what that other person want it to do. There's no reason for them to respect your wishes once they own your computer.

      So ask yourself: Who wrote this software? What was their motivation for writing it? Was it about money? And where is that money coming from? What is their cause? And do you want to contribute to their cause?

      Then choose your friends carefully.

  • Someone PLEASE... (Score:3, Insightful)

    by cwm9 ( 167296 ) on Sunday January 27, 2002 @07:33AM (#2909310)
    Someone PLEASE sue these jerks for wiretapping.

    It's defined as someone who:

    Knowingly intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire communication

    Since the information they are aquiring is information which is sent out over the web, (I.E. a URL, albeit represented in a slightly different form) this kind of suit should stick.

    This kind of behaviour sticks of wiretapping to me. Please sue.

    -me
  • Just say no!! (Score:2, Interesting)

    by debber ( 65147 )
    The installer asks you if you wanna install that spyware proggie. Well, just say no. I agree that many people may not know this and always press the 'Yes-Ok-I Agree-I don't care' button. My advice: 'Read the dialogs'
  • by phagstrom ( 451510 )
    We have undertaken technical measures to make sure that VX2 never collects credit card numbers, account numbers or passwords.


    I wonder, since they admit that it is possible to send private data to them, is the stream to their server encrypted (SSL or something)? I mean, even if I DID trust them, I am not sure I trust EVERYONE along the way to their server.

    Good thing the AG/Linux does not spyware, I hope....
  • quality (Score:5, Insightful)

    by spoonyfork ( 23307 ) <spoonyfork&gmail,com> on Sunday January 27, 2002 @09:57AM (#2909497) Journal
    Frankly, we're kind of bored by all these spyware/shareware stories (don't people learn?) so we let it sit around in the submissions bin for a few days, until, say, a slow Saturday night.

    Now THAT'S quality journalism.

  • I like Gator! (Score:2, Informative)

    by genka ( 148122 )
    I've been using it for several years, and it does pretty good job filling out forms and remembering passwords. All personal data is stored locally, encrypted and easily exported or imoprted. After each install I go through little procedure to "pull Gator's teeth"
    1 Uninstall "Offer Companion" from Control panel
    2 Open Regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn
    3 Change servers URLs to 127.0.0.1
    After this I never see a banner.
    Downside:
    1 Gator runs two memory-hungry processes
    2 I don't know if their encryption for my data is any good
    You can start throwing rocks at me now.
  • I tend not to install much shareware for precisely this reason - so I've tried Ad-aware a number of times over the past year. Crashes on Win2K like clockwork. Differnet machines, installs, etc - Always crashes - not sure if its Mozilla, or what. But the only computer I ever got it to run on was a Win98 box (my kids machine) and it found little. Anyone else seem to have torubles like this?
  • ...but in the last story Slashdot ran on spyware [slashdot.org], a mere three weeks ago, I replied with this post [slashdot.org] that identified VX2 as spyware that came with AudioGalaxy and told how to get rid of it.

    Pay attention people! You there, in the back, is that gum in your mouth?

  • by Kjella ( 173770 ) on Sunday January 27, 2002 @10:58AM (#2909643) Homepage
    I mean, any program I run will have right to do pretty much *everything* (Since I'm lazy I usually run as admin too, shoot me). The problem is there's an all-or-nothing mentality in Windows that creeps me out. I wish Windows had some kind of "learning mode" just like my firewall, not just a run/don't run program. I know I could create a unique user for that program, with mostly the rights I want, but it's not nearly enough.

    I want to control what directories it can act on (I.e. limit them to C:\Program Files\, limit their registry options (deny takeover of extensions, allow changing other programs' editions) etc etc., if it can steal focus, talk to other programs, go fullscreen, how it can talk to other machines on the net (ok the winxp firewall might be a start). And I mean in real-time, not having to set up all in advance and have the program crash on me if it's not enough. And this doesn't have to be default or anything, I just wish that us powerusers could assist windows in not getting fucked up.

    Kjella
  • My wife installed AudioGalaxy last summer, and we just went looking for any signs of this vx2 software on her machine and found nothing. I wonder if there's any data on what the window was that it was being bundled with AG?
  • by Legion303 ( 97901 ) on Sunday January 27, 2002 @12:14PM (#2909850) Homepage
    People have been bitching about VX2 on AG's forums for at least 4 months now. If you still think AG didn't know about it, I have some wonderful waterfront property in Florida you should buy.

    -Legion

  • KazAa is even worse as it installs a lot of ad-ware and stuff in the registry. As explained on this site [sandiego.edu], it installs multiple things that are very nasty to remove afterwards, including the onflow thing discussed in other posts.

    The worst part is the newdotnet thing.

    Just do a "kazaa spyware" search on google and read.
  • by Animats ( 122034 ) on Sunday January 27, 2002 @02:10PM (#2910237) Homepage
    OK, let's recap what we now know about VX2 Corporation. Some of this info is corrected from the last posting.

    The Nevada Secretary of State Corporation Search [state.nv.us] gives us.

    • President:MAURICE O'BANNON

    • Address: PO BOX 27103
      LAS VEGAS NV 89126
    Checking "vx2.cc" with Network Solutions WHOIS: [netsol.com]
    • vx2 (VX52-DOM)

    • po box 27103
      Las Vegas, NV 89126
      US

      Domain Name: VX2.CC

      212 255 1008 fax: 123 123 1234

    The post office box addresses match, so the Nevada VX2 Corporation is the correct business.

    "Maurice O'Bannon" is mentioned in several legal documents related to the J.K. Publications [ftc.gov] scam. In that case, O'Bannon was on paper an officer or director of several dummy Nevada corporations which were fronting for a multimillion dollar phony credit card billing scam operated by Kenneth Taves of Malibu, CA. (Mr. Taves is currently Inmate #12289-112 [bop.gov] at the Los Angeles Metropolitan Detention Center). O'Bannon, though, appears to be some guy in Nevada who just signed whatever was put in front of him. In the judge's words [ftc.gov] [large .PDF] "Maurice O'Bannon had an informal agreement with Nevada Corporate Headquarters, Inc., an incorporator, to act as a nominee for their client-corporations and sign whatever documents Nevada Corp wanted him to sign." The judge was bothered by O'Bannon's actions, but the FTC didn't have enough evidence that he had control of or profited from the scam to put him away.

    The J.K. publications scam [ecommercetimes.com] involved obtaining a database of 3.6 million valid credit card numbers and charging them small amounts each, supposedly for use of a porno site. The mess involved offshore bank accounts in the Cayman Islands and Vanatu [robbevans.com], but much of the money has been recovered. Company names involved were JK Publications, Inc., MJD Service Corp., Netfill, N-Bill, Webtel, Billing On Line, Fun On Line, and Discreet Bill.

    We're not at the bottom of this yet, but it looks very suspicious.

  • AGstreme (Score:4, Informative)

    by eries ( 71365 ) <slashdot-eric@@@sneakemail...com> on Sunday January 27, 2002 @03:36PM (#2910552) Homepage
    Here's a plug for AGstreme, which I switched to after I heard about this latest round of spyware nonsense. It's a GPL AudioGalaxy client replacement, which a boatload more features. My favorite: it can read CDDB entries and then request download of one or more tracks from a given CD. Pretty darn cool:

    http://www.ractive.ch/gpl/AGStreme.html

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Working...