Hotbar - Funny Spyware
A quick look at the link showed it leading to hotbar.com which looked like this to me:
(yes I know, I am a horrible IE user and I am what is wrong with the internet and world today)
Not a lot of useful or informative content existed so I clicked on the 'Click Here' button and was quickly prompted by your standard security warning screen asking me:
Notice how they quickly associate themselves as a Microsoft Certified Partner? We'll come back to that later.
Seeing the sparseness of the main page, as well as discovering that at the time, the click here link simply hid one frame of the page and displayed another without going back to the server (so you couldn't use the back button to go back to the main page), the Intern Brandon suggested I look at the site in Firefox which showed the following:
Quite different eh? In looking, we could not find a hotbar.com download for Firefox.
One thing that did catch our eye was the "Stop Spyware" link in the lower left hand area which gave us:
So all they admit doing is monitoring the sites you visit to hit you with ads... just adware perhaps? Of course... to truly make such targeted ads, some demographics must be related to them or even just inferred from what sites are being visited.
Being more and more suspicious of this site and their wares, I saw the Microsoft Certified Partner logo at the bottom of their stop spyware page.
Being a Microsoft Certified Professional, I am able to put similarly titled logos on my business cards, e-mails, web pages, etc. There are of course rules, 8 pages of them.
Two of the rules that caught my eye were:
- The Logo or Microsoft name may not be included in your trade or business name, domain name, product or service name, logo, trade dress, design, slogan, or other trademarks.
- You may not combine the Logo with any other object, including, but not limited to, other logos, icons, words, graphics, photos, slogans, numbers, design features, symbols, or Web site audio files.
On the 2nd, they added their name to the logo they show on the page, and not only that, but they broke the spacing policy, namely:
The Logo must stand alone. A minimum amount of space must be left between the Logo and any other object such as type, other logos, photography, borders, edges, and so on. The required border of space around the Logo must be x wide, where x equals the height of the word "Microsoft" in the Logo.
They sure put "hotbar.com is a" awful close to the Microsoft name, and much closer than x, not to mention the nearness of the border as you see below (as hosted on hotbar.com)
Granted, I am using the Microsoft Certified Professional logo guidelines for reference as I cannot find a Microsoft Certified Partner logo guideline.
On a related note, I was able to verify that hotbar is what they claim, they are indeed a Microsoft Certified Partner.
Hotbar is also proud to tell you (at least on their Firefox pages) that they have a patent, specifically US 6,784,900 whose abstract says:
A method and system for providing the on-demand addition of graphic and other information to the browser's toolbar of a web surfer. A plug-in is installed or caused to be installed in the browser of the web surfer, and the information is allowed to be added to and/or modified in the toolbar area of the browser by the action of the plug-in. The information comprises a skin or a plurality of categorized or rated links, added to the links line of the toolbar. The skin may comprise a message, such as a greeting or an advertisement. The plug-in and the information may be provided to the surfer by a service web site.
Sure sounds like it has the potential to be a Trojan of sorts, once it gets installed and run it can work pretty much on it’s own and install new components, but then, any such new components would only be hotbar.com specific ones right? After all, on their "Stop Spyware" page they did say:
Hotbar's installation does not install any third party applications without your explicit consent.
Add to all of this that a simple Google search on hotbar does seem to indicate that it is viewed as spyware, or at least adware, heck, even Symantic has a page for it and their virtual definitions will detect and remove it.
In the end, it turns out that two people at my company had installed it and were asked to remove it... but because everyone has admin access to their PC’s (by policy (I know, it’s not good)) it wouldn’t take much for them to reinstall it again.
I know that there is money to be made in the spyware/adware arena, but being on the receiving end of their attempts always bothers me, especially with the deceit they usual conduct their business with.