Trojans and Popups and Slimeball Business 287
Selanit writes "Salon.com is reporting
on a company which exploited a vulnerability in an old but common version of Internet Explorer's Java engine to install spyware on the visitor's machine. " It's a pretty in depth story showing the lack of respect that
some companies have. My favorite part is that the guy who denies any knowledge
of the trojan popup is named 'Frank Bigott'.
Re:'scuse my language, but (Score:4, Interesting)
You notice as available VC goes down, the number of pop-ups, subscriptions and sleazy sites go up.
I like to think that eventually the sleazy and make-abuck-quick companies will finally go under, and the web will be more like it was before. A communications medium for PEOPLE to communcate, rather than a giant catalog that consumers can shop from.
I can dream.
Block Flowgo at SMTP (Score:5, Interesting)
There has to be a solution to this sort of problem. About the only way I could get Flowgo to stop SPAMMING my mail server is to call up a buddy of Tony Soprano to break their knees because Flowgo doesn't care and I have never, ever, ever been able to get one of my elected officials or law enforcement agency to pay any interest in Unsolicited Commercial E-Mail. Its not like Flowgo is hiding its behavior either. It should be easy to get them but no one that matters or has the power, gives a damn about this huge waste of bandwidth.
I complain (Score:4, Interesting)
An email, or written mail, just saying that I don't like it.
I was liquored up and complained about the GAP commercials, I got a very nicely worded response.
Now if I can find the email address for those putting all the pop up ads fo the Mercury Marauder up.....
My email generally says, "I saw a **** at http://****, and didn't like it because *****, why don't you just *****"
for po[p up ads, I'll say something about I prefer the less intrusive advertisements, when they force me, it makes me angry at the product being shoved in my face.
It is really nice if you can mention how you were already aware of their product somewhere else (magazine review, top of page ad, someone told you)
Re:I wonder if this is true... (Score:2, Interesting)
What's kinda scary is the network admin wouldn't do anything to help. Norton Antivirus would say it had been quarantined but after she reboots all the processses are still listed in her Task Manager. I just forwarded this on to her to give to the admin so maybe he can take care of this now.
LA Based ? CPC 502 applies (Score:3, Interesting)
It's about time someone got put away for this sort of crap.
California Penal Code, look for section 502 [ca.gov]
It was only a matter of time... (Score:2, Interesting)
Spyware for targetted ads... Scumware for stealing our resources... using exploits to do whatever they like
whats next?
deleting competitors software? (or even worse, dissabling it/making it give incorrect results in such a way that the user doesnt know its been tampered with)
Installing backdoors so they can verify that your not using their software illegaly?
I feel increasingly that we, the consumers, need to have some sort of protected from spyware, scumware, companies who exploit security problems and the next generation of click through "but you signed your kidneys over to microsoft when you bought office!"
What's scarier (Score:5, Interesting)
Quote
The second is "nonsensitive" information, and among that will include your name, address, and records of anything you buy or surf on the Internet. Under the act, business can't collect or divulge the sensitive bits without your express consent, but anything classified as nonsensitive can be freely collected and sold at will.
End Quote
The article can be found here [salon.com]
Re:Shouldn't this count as a computer crime? (Score:3, Interesting)
Heck, I'm sure if I the same exploits to upload even 1 teeny-tiny file to a PC, let's say, at a local bank. Guaran-damn-tee I'd be in lockup the next day.
The company behind this needs to be more than bitchslapped. They're going down.
Re:r-e-s-p-e-c-t (Score:3, Interesting)
It is their problem that people are abusing it, but it's not their fault people are abusing it. I compare this to the luxery of having a convertable - it'd be really nice if it weren't so damned easy to break into, but it's not the car makers fault it happens - they just need to work on a way to help prevent it. And the fact is that people LIKE convertables - it's a feature.
The sad fact is that while MS is horrible about securing their products, it's the crackers and punks and phreaks that make it difficult for everybody. Sure, I'm approaching this from an existentialist point of view - not particularly realistic - but you have to blame the people that are maliciously taking advantage of a problem as well the company that fails to correct it.
It's crackers fault I have to spend my money and time protecting against break-ins. Even if you are well protected, these people steal my money and waste my time and that latter part is unforgivable. Yes, I feel the same way about the people who make it necessary for my house and car to need locks and an alarm system. I know it's reality, but those are the people I blame for making it reality.
Ok, now I'm venting, pardon the rant. I like dogging MS as much as the next guy, but the people who are violating your privacy are the ones that need your antagonism.
Moot licensing? (Score:3, Interesting)
If a piece of software *is* malicious spyware, it would be counterintuitive to ask the user to authorize its use and consent to a license agreement.
So -- let's assume that the software exploits the hole and, in the process, causes damage to your machine. Because you did not agree to the usual clickwrap, (software is AS IS, etc etc) could you hold the company liable for this?
Just a thought
What bothers me... (Score:5, Interesting)
Its clear that the federal government is zealous in its crusade to protect corporate America from "hackers". But who protects individuals from shady companies?
Its also clear that the company behind the trojan popups has engaged in criminal activity...but where the hell is the criminal investigation -- anyone being brought up on charges? At most -- we might see some fiducary damages awarded to someone (but not anyone here -- and not to anybody we know)...but if the feds can throw Kevin in jail -- I want the fuckers responsible for this kind of malicous marketing in jail too...(don't forget spammers either).
-Turkey
Whats to be done (Score:2, Interesting)
I think using a computer should be though of more like using a car than a calculator - no one would dream of sitting in a car and going for a drive before taking some lessons and getting a license (apart from a joyrider perhaps), yet many people phone DELL-U-WANT, order their box and sit down thinking they will be able to browse away, most getting very irrate when it doesn't work out. People need to realise that to use a computer they need to put in time and effort to learn how to first, which is something not helped by all the AOL type adds saying how easy it is.
Another possible fix I like the idea of is to have a 'safe zone' - The WWW is a large and mostly free place, and I for one do not want to see ANY legislation changing that, whether apparently for the better or not. As anyone who lives in a large city nows, you don't go to the bad end of town unless you now how to handle yourself, people will learn to stay in the safe zone. It could work by having a controlling body which hands out domains (here.sfe etc.). Anyone using this site must sign a rigirous contract of use, forbidding any type of exploitation of the vunerable users. Thus, any company exploiting in the domain will be liable through breach of contract, and leaves the rest of the internet free for those of us who now what we are doing. Systems could come with 'IE-safe', which does not allow browsing outside the safe domain, so only someone who knows what they are doing will be able to download full browser and go to the big bad web.
These solutions are far from perfect, and do leave room for exploitation, but I think the're better than the 'I'm safe, I don't care' attitute, and a bit more constructive than 'lets melt the &"%$ in a vat of acid' solution
Re:Block Flowgo at SMTP (Score:3, Interesting)
This helps. I had to do this last year when Bellsouth just wouldn't kick a joe-jobbing spammer that forged mails in my name. Eventually, I forwarded all the bounces to them (tech support, management, sales, ... and in the end even customers...).
I had GoHip installed from outlook express (Score:2, Interesting)
That was more than a year ago.
Fortunately they just replaced my homepage and search page in IE. No spyware.
Well, I don't use IE now anyways, but I use Outlook Express to read my Hotmail account.
Now I just turned off preview screen so I can delete spam and stuff without actualy rendering it.
Re:Whats to be done (Score:1, Interesting)
I thought they already had that... [aol.com] (at one time anyway)
Software nutrition information (Score:3, Interesting)
Re:i thought flowgo.com was a known spamhouse... (Score:2, Interesting)
Re:Moot licensing? (Score:2, Interesting)
Affected Systems: (Score:3, Interesting)
Systems not affected:
Internet Explorer running on Macintosh
Internet Explorer running on Solaris
Netscape running on Windows
Netscape running on Macintosh
Netscape running on Linux
Netscape running on Solaris
Netscape running on BSD
Mozilla running on Windows
Mozilla running on Macintosh
Mozilla running on Linux
Mozilla running on Solaris
Mozilla running on HP/UX
Mozilla running on BeOS
Mozilla running on AIX
Mozilla running on VMS
Opera running on Windows
Opera running on Macintosh
Opera running on Linux
etc.
(they forgot to mention this in the article. Not that any patterns are starting to appear...)
Re:Yep - definitely (Score:2, Interesting)
It's very hard to be totally secure, and it's not really fair to denigrate Microsoft when a patch has available for months (viz CodeRed/Nimda), or RedHat when people are still using 5.2.