Xupiter and other Parasites
Results 1 to 8 of 8

Thread: Xupiter and other Parasites

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Unhappy Xupiter and other Parasites

    Ok. I'm a bit miffed. Yesterday I got hit twice by Xupiter. If you haven't experienced this, you really don't want to. Basically, Xupiter is a search engine with some not so nice advertising practises. They install their own toolbar, update engine (thus making registry changes) and puts their site as your homepage, WITHOUT ASKING YOU. This kind of activity may be the way that the so-called "All Windows Affected Vulnerability" occurred. It plays on legimate activity.

    That said I do not believe there is a legal right for Xupiter to install on machines without the owner/user's permission as this is a basic "break and enter" concept.

    For those that get infected or want more info, there isn't much but I did find the following site on how to remove these problems.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    I've never heard of Xupiter, and do have a couple of questions. How does it manage to get around a firewall? I'm presuming you're firewalled. How do we do something to stop them? This sounds almost as bad as a virus. I guess it is a virus in its own way.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    You got to this site with your browser and if you have a firewall can do so. It uses the trust of browser activity to gain access to your machine. Given that your browser will open up pop-up ads unless you have a pop-up ad killer, it will gain access that way.

    The link I gave tells how to uninstall them but to stop them from happening I suspect requires filing some complaints with FTC (bad business practises) as well as local authorities and such. Word of mouth is the best form of stopping them. I will be sending a note to my firewall manufacturer as well as a "parasite checker" I have to update this signature activity into their signature.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    Very sneaky. I'm firewalled with cookies set to ask before accepting, and run Proxomitron with many of the filters checked. The most it seems the industry can do is hope to stay a half step ahead of them. It's a world wide game of chess. I'm happy to learn about this site and will be on my guard.

  5. #5
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    This sounds like a more invasive form of the GoHip trap that many ISP customers fell (and continue to fall) into. Basically, the GoHip "browser enhancement" added it's own toolbar, set your homepage to gohip.com, and added an ad for GoHip to all your outgoing email, regardless of your email program. And what did the ad say? "Click here for a free video from GoHip!" For any of your recipients who happened to fall for this, the link would download a short movie as well as the "browser enhancement" and the next victim was suckered. Again, this was done through a series of registry hacks that could only be removed through some wicked-mean knowledge of your registry or the GoHip removal tool. Most people didn't even notice they had it for a week or so! I strongly object to this form of highly invasive, deceitful, and utterly irresponsible advertising. I wonder if there's somewhere to report this kind of activity? Would the FBI consider this fraud, or perhaps false advertising?

    <edit>
    It looks like GoHip is listed on that page, too. It just doesn't have it's own section in the table of contents. It's listed at the bottom of the 'Hijackware' section. Hmm...appropriate name!
    </edit>
    /* You are not expected to understand this. */

  6. #6
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    Roswell, somebody over at wilders.org is keeping a list of sites where people get nailed by xupiter. I don't know exactly what their plans are once they've compiled the info. I suspect they'll contact the sites allowing popups of xupiter or however it's done and present them the complaint list. Not much else can be done, apparently.

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Chuck,

    I would humbly disagree. There is something that can be done. Because Xupiter is gaining unauthorized access to your private machine, especially if you have firewall and anti-virus plus did not click on anything nor allow anything to be installed, it is technically break and enter. There is something that can be done -- file complaints and check with legal authorities. I will looking into filing a complaint with the Hungarian gov't and will be taking this to the media.

    For those that pay attention we pick up on this. For the average user in this day and age, they can be taken advantage of. And that, IMHO, is wrong.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    Excellent, MsMittens. If that's the case, then I would think something could be done about the sites that allow them to place the popups or whatever is used. If they're stopped from plaing their ads on the sites, it would be very helpful, at least until they discovered another way. I think this is the angle wilders.org is looking at.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •