|
|||||||
| Spyware / Adware Discuss spyware, adware and other intrusive applications. |
 |
|
|
Thread Tools | Display Modes |
December 7th, 2004, 07:03 AM
|
#1 | |||
|
Join Date: Nov 2003
Posts: 1,441
  |
Corporate owned worm?
I was investigating an AIM worm today, that linked back to:
http://www.funbuddyicons.com http://www.funwebproducts.com http://bar.mywebsearch.com to install various toolbars. I am not done reviewing it, but supposedly it also injects ads into sent instant messages. I don't have a default installation to work on now, but I will soon to get the specifics. Some interesting things though... whois:funwebproducts.com Quote:
Quote:
http://sp.ask.com/docs/jeevesinc/a5.html I found that connection, so I looked for anything public and found this: http://www.infoworld.com/article/04/...20APPLICATIONS Quote:
What I am very interested in, is if anyone here has any proof that one of the products listed above were installed on a box through illegal means, (exploit or whatever) at all in the past. It is just suprising to me that the crap I have been removing the past 2 years has been linked to a familiar name like askjeeves.com. They could get nailed, class action style. It's not some shady basment run industry, it might be askjeeves?
__________________
|
|||
|
|
|
December 7th, 2004, 02:29 PM
|
#2 |
|
Senior Member
Join Date: Mar 2004
Posts: 510
|
Interesting conclusion. I know a lot of our users use AskJeeves and a lot have My Search crap on them. Hmmmm.
__________________
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn |
|
|
|
|
December 7th, 2004, 09:54 PM
|
#3 |
|
Join Date: Nov 2003
Posts: 1,441
|
Update:
If you receive buddies.funbuddyicons.com in an instant message and click on it, you will be directed to a site that will ask to install a buddy icon software. If you agree, your homepage is changed, (not hijacked forever, idk yet) and more importantly, there are new tools installed in your instant messanger. When you send messages, an advertisement for buddies.funbuddyicons.com is appended and the sender cannot see it being appended. If it exploited the user this would be a corporate worm, but it doesn't exploit anything. However, in the EULA: http://www.funwebproducts.com/eula_1104/ It mentions nothing of this way of advertising through AIM message injections. So in a sense, is there a form of exploitation going on? I'm no lawyer, but could someone look over that with me and see where it gives the software permission to alter your outgoing messages? Although someone agrees to the installation, this part of the software is not outlined in the EULA. I ran all this on a virtual install of a default installation of windows. There was a uninstall listing in add/remove programs, but when I did it, it broke my internet connection on the next reboot. I used this tool: http://www.spychecker.com/program/winsockxpfix.html , removed a .cab in HJT, and a reboot fixed it. I don't know for sure yet if a second reboot fixed it, the .cab, or the winsock tool fixed it. I will be messing around more to see. As for now, I think Focus Interactive broke their license agreement. Could others please have a look at it with me? It's a pretty intimidating document... Thanks!
__________________
|
|
|
|
|
December 8th, 2004, 03:03 AM
|
#4 |
|
Join Date: Nov 2003
Posts: 1,441
|
Well it seems they have changed the URL that infects the clicker... Now it sends them through a description of what they are downloading...
I still don't like knowing that the software is still out there... being advertised through invisible IM's. Wheres a ghost smiley when you need one.
__________________
|
|
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 03:47 PM.