|
-
December 7th, 2004, 08:03 AM
#1
Corporate owned worm?
I was investigating an AIM worm today, that linked back to:
http://www.funbuddyicons.com
http://www.funwebproducts.com
http://bar.mywebsearch.com
to install various toolbars. I am not done reviewing it, but supposedly it also injects ads into sent instant messages. I don't have a default installation to work on now, but I will soon to get the specifics.
Some interesting things though...
whois:funwebproducts.com
Administrative, Technical Contact:
Focus Interactive, Inc. (7K8J76EVN)
One Bridge Street Suite 42
Irvington, NY 10533
United States
Phone: 914-591-2000 Fax: 914-591-2000
whois:askjeeves.com
Ask Jeeves, Inc.
DNS Administrator
5858 Horton Street, Suite 350
Emeryville, CA 94608
US
both are addresses listed here:
http://sp.ask.com/docs/jeevesinc/a5.html
I found that connection, so I looked for anything public and found this:
http://www.infoworld.com/article/04/...20APPLICATIONS
Ask Jeeves Inc. will buy the privately owned Interactive Search Holdings Inc. (ISH) for about $343 million in a move that the Emeryville, California, company expects will double its search market share, it announced Thursday.
ISH properties and brands include My Way, My Search, My Web Search, Excite, iWon, the advertising network ********* and Focus Interactive. Berkowitz said that ISH currently employes about 200 people, and that while it has international visitors, it has no international presence. In December, ISH's Web properties reached 17 percent of U.S. Internet users, Berkowitz said.
Now I am not 100% positive on the AIM worm going around now, but so far it looks like it gets installed in the javascript runaround on the domains listed above and is installed w/o permission. Which is illegal, but I am not positive that is how it is done yet.
What I am very interested in, is if anyone here has any proof that one of the products listed above were installed on a box through illegal means, (exploit or whatever) at all in the past.
It is just suprising to me that the crap I have been removing the past 2 years has been linked to a familiar name like askjeeves.com. They could get nailed, class action style. It's not some shady basment run industry, it might be askjeeves?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote