May 11th, 2002, 05:55 PM
The pop-up ad campaign from hell
It's the latest in Web marketing innovation: Hijacked Web surfers, exploited Web browser vulnerabilities and malicious spyware all wrapped up together.
- - - - - - - - - - - -
By Brian McWilliams
May 7, 2002
Looking for state-of-the-art Internet skulduggery? Try this: Thousands of unsuspecting visitors to a family entertainment site are discovering a cornucopia of unwanted, potentially malicious software on their computers -- the result of a pop-up ad campaign, a booby-trapped Web site, a compromised Web browser, and strange doings at a shadowy Los Angeles company.
The story starts at Flowgo, a site that prides itself as the leading family entertainment portal. According to officials at eUniverse, the California firm that operates Flowgo, a pop-up ad that ran at the heavily trafficked humor site for a couple of weeks until late April caused the trouble.
The ad, purchased by a Los Angeles Internet marketing firm named IntelliTech Web Solutions, was designed to automatically redirect visitors away from Flowgo (no mouse click required) and to dump them at a booby-trapped site called KoolKatalog.
Once at KoolKatalog, visitors were invited to feed an e-mail address into a digital slot machine created in the Shockwave animation format. Solve the puzzle faster than anyone else, and KoolKatalog would send you a swell prize!
In the nanosecond it took most people to recognize the obvious junk mail trap, the real damage was already nearly done. According to virus experts, code in the pages at KoolKatalog exploited a known flaw in an old version of the Java engine of Microsoft's Internet Explorer browser to covertly download the first of 10 files onto visitors' computers.
KoolKatalog is currently inacessible, but its domain name was registered by an IntelliTech employee and the phone number listed in the privacy statement at KoolKatalog is the number for IntelliTech Web Solutions. Phone messages left with the receptionist who answered at that number were not returned.
A contrite spokeswoman for eUniverse said IntelliTech's automatic redirects violated its ad policy, and eUniverse pulled the pop-ups as soon as it learned what was happening. Flowgo has achieved its success, she said -- and helped earn its publicly traded parent several quarters of profitability -- by taking great care to protect the safety of its visitors.
But according to virus experts, tens of thousands of Internet users have been back-doored by the KoolKatalog-distributed "malware," which they have added to their lists of malicious code for scanning.
"When you exploit a security bug to get your program onto someone's PC, you've crossed the boundary into what we consider malicious," said Craig Schmugar, a researcher with McAfee, which refers to the KoolKatalog-served payload as Downloader-W.
While researchers have not yet completely decoded all functions of the programs, they say two of the files, BVT.exe and ABSR.exe, attach themselves to victims' browsers and covertly monitor which sites they visit. Other components, including a file called AUSVC.exe, appear to enable the program's authors to secretly send updates or other files to the infected computer.
What's more, the install program, a file called CoolStuff.ocx, checks to see whether the victim is running a firewall, and terminates if it finds one. If no security software is monitoring outbound network connections, the installer grabs other files from one of two IntelliTech Web servers, online1net.com and wwws1.com.
"Somebody took a lot of time and attention to create this. There's a lot of error checking and careful programming in there," said Vincent Weafer, director of Symantec's virus research lab. Backdoor.Autoupder, as Symantec calls it, quietly made the software firm's list of the five most-prevalent viruses in April.
May 11th, 2002, 06:06 PM
Tss, this is bad! I wonder how many scams like this are going unnoticed...
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
May 11th, 2002, 06:09 PM
Good post.... Some of these companies need to watch out, they are screwing with things that they dont know about
May 11th, 2002, 06:14 PM
May 12th, 2002, 02:15 AM
May 12th, 2002, 03:39 AM
Everytime you think you've seen it all, some moronic marketing-like person finds yet another way to completely baffle and astound you... and that's not in a good way.
People like this need to be handcuffed to a desk while people are allowed to walk by and take a yard stick to their knuckles... 8-10 hours a day for a couple of weeks (or for at least as many cracks as lines of code in that software).
\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"
May 12th, 2002, 07:01 AM
Good post man thats some crazy ****......
May 16th, 2002, 06:40 AM
their black hat hackers, stealing data off of unsuspecting surfers computers for money. teams of people have spent untold hours trying to get their **** off of networks and that kind of work dosn't come cheap.
i hope they make an example of them and they rot in jail for a long time, but on browsing the web page of the calif attorny generals office, this is not even mentioned. Maybe a mail campaign should be started to urge them to act.
They are IMAO the scum of the earth (intellitech not the calif attorny generals office)
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”