Results 1 to 4 of 4

Thread: AskJeeves lawsuit?

  1. December 7th, 2004, 08:03 AM #1
    Soda_Popinsky
    Soda_Popinsky is offline
    Join Date
    Nov 2003
    Posts
    1,426

    Corporate owned worm?

    I was investigating an AIM worm today, that linked back to:

    http://www.funbuddyicons.com
    http://www.funwebproducts.com
    http://bar.mywebsearch.com

    to install various toolbars. I am not done reviewing it, but supposedly it also injects ads into sent instant messages. I don't have a default installation to work on now, but I will soon to get the specifics.

    Some interesting things though...
    whois:funwebproducts.com
    Administrative, Technical Contact:
    Focus Interactive, Inc. (7K8J76EVN)
    One Bridge Street Suite 42
    Irvington, NY 10533
    United States
    Phone: 914-591-2000 Fax: 914-591-2000
    whois:askjeeves.com
    Ask Jeeves, Inc.
    DNS Administrator
    5858 Horton Street, Suite 350
    Emeryville, CA 94608
    US
    both are addresses listed here:
    http://sp.ask.com/docs/jeevesinc/a5.html

    I found that connection, so I looked for anything public and found this:
    http://www.infoworld.com/article/04/...20APPLICATIONS
    Ask Jeeves Inc. will buy the privately owned Interactive Search Holdings Inc. (ISH) for about $343 million in a move that the Emeryville, California, company expects will double its search market share, it announced Thursday.

    ISH properties and brands include My Way, My Search, My Web Search, Excite, iWon, the advertising network ********* and Focus Interactive. Berkowitz said that ISH currently employes about 200 people, and that while it has international visitors, it has no international presence. In December, ISH's Web properties reached 17 percent of U.S. Internet users, Berkowitz said.
    Now I am not 100% positive on the AIM worm going around now, but so far it looks like it gets installed in the javascript runaround on the domains listed above and is installed w/o permission. Which is illegal, but I am not positive that is how it is done yet.

    What I am very interested in, is if anyone here has any proof that one of the products listed above were installed on a box through illegal means, (exploit or whatever) at all in the past.

    It is just suprising to me that the crap I have been removing the past 2 years has been linked to a familiar name like askjeeves.com. They could get nailed, class action style. It's not some shady basment run industry, it might be askjeeves?
    Reply With Quote Reply With Quote
  2. December 7th, 2004, 03:29 PM #2
    whatthe
    whatthe is offline
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    Interesting conclusion. I know a lot of our users use AskJeeves and a lot have My Search crap on them. Hmmmm.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
    Reply With Quote Reply With Quote
  3. December 7th, 2004, 10:54 PM #3
    Soda_Popinsky
    Soda_Popinsky is offline
    Join Date
    Nov 2003
    Posts
    1,426
    Update:

    If you receive buddies.funbuddyicons.com in an instant message and click on it, you will be directed to a site that will ask to install a buddy icon software. If you agree, your homepage is changed, (not hijacked forever, idk yet) and more importantly, there are new tools installed in your instant messanger. When you send messages, an advertisement for buddies.funbuddyicons.com is appended and the sender cannot see it being appended. If it exploited the user this would be a corporate worm, but it doesn't exploit anything.

    However, in the EULA:
    http://www.funwebproducts.com/eula_1104/

    It mentions nothing of this way of advertising through AIM message injections. So in a sense, is there a form of exploitation going on? I'm no lawyer, but could someone look over that with me and see where it gives the software permission to alter your outgoing messages?

    Although someone agrees to the installation, this part of the software is not outlined in the EULA.

    I ran all this on a virtual install of a default installation of windows. There was a uninstall listing in add/remove programs, but when I did it, it broke my internet connection on the next reboot. I used this tool:
    http://www.spychecker.com/program/winsockxpfix.html

    , removed a .cab in HJT, and a reboot fixed it. I don't know for sure yet if a second reboot fixed it, the .cab, or the winsock tool fixed it. I will be messing around more to see.

    As for now, I think Focus Interactive broke their license agreement. Could others please have a look at it with me? It's a pretty intimidating document...

    Thanks!
    Reply With Quote Reply With Quote
  4. December 8th, 2004, 04:03 AM #4
    Soda_Popinsky
    Soda_Popinsky is offline
    Join Date
    Nov 2003
    Posts
    1,426
    Well it seems they have changed the URL that infects the clicker... Now it sends them through a description of what they are downloading...

    I still don't like knowing that the software is still out there... being advertised through invisible IM's.

    Wheres a ghost smiley when you need one.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules