.comment-link {margin-left:.6em;}

I Hate Linux

Tuesday, September 27, 2005

Humbling Experience

We’ve all heard stories about Windows machines being able to be compromised by just browsing to a web page or sitting online. Most of these stories I did not believe or thought due to poorly patched/managed systems... until today.

During a discussion over on Channel 9 on an interesting spyware installer, I chimed in with the following picture (do not go to the site shown):

I ran across this site a couple of months ago, it, like many tries to get you to install an component which you probably do not want. Unlike many though, it displayed a flash animation showing how to enable the download so you could install it, making it a creative attempt IMO to trick a user into installing god only knows what.

Deciding to go back to the site to see if the animation was still around, Symantec Antivirus screamed with the following warning:

Threat Found!Threat: Downloader.Trojan in File: C:\DOCUME~1\brendang\LOCALS~1\Temp\4T2MV5U7.dll by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Ooo, that’s nice. Good thing for... suddenly I saw a new icon in my Task Bar... one for ‘180 Solutions’.

Whipping out Microsoft Anti-Spyware (I know, it should have been running already), I quickly cleaned it, along with 180Solutions.SearchAssistant, WindUpdates, WindUpdates.MediaAccess, IEPlugin, 180Solutions.Zango.SearchAssistant, and ShopAtHome off of my system.

This is more than a little troubling... the PC that got owned is my work PC running Windows XP with SP2 and all updates including IE7 Beta 1. Having been online since the mid 90’s, I’ve always been aware of many of the bad things that can happen... I was not aware however just how real this threat was, even to people like me who are quite skilled with PC’s... boy was I wrong.

A little puzzled as to how any of this might be legal, I ran over to the 180Search Assistant webpage and read:

Where does 180search Assistant come from?
180search Assistant is downloaded and installed as a component of many free software applications, screensavers, games and Internet accelerators. All applications that include 180search Assistant explicitly state so in their terms and conditions. 180search Assistant can only be installed after a user indicates their assent. All of our distributors have different ways of displaying their license agreements, but every user must click "Yes" or "I agree" in order to complete the download. Please be sure to carefully read all agreements when downloading applications - especially music downloads, screensavers and games.

At no time when visiting the site in question (which again, I advice you do not visit in with anything but a disposable install (ie in a VM)) was I prompted with a EULA or given any chance to agree, certainly in violation of 180search Assistant rules/EULA. Given this, I am forced to wonder if they will take any action against the owners/operators of the site in question, or if they will show themselves to be just as bad as those who installed this software without my permission.

This also makes me wonder... in some cases, adware is quite useful if included in moderation with a free application so that it’s developer can derive some money from it... exactly what 180search Assistant claims to be for. This mechanism of course is easily exploited by far worse people who will seemingly go to any means to install such things on an unknowing persons system.

Shame such a potentially useful system has to be abused so.


  • I told my class about a very similar website last year when I was teaching computer applications. The solution is to use firefox.

    Dan tdaxp

    By Blogger Dan tdaxp, at 6:30 AM  

  • The solution today perhaps... but for how long? Can you honestly say that no piece of malicious software will target FireFox and use it as a vector to compromise an unsuspecting user?

    By Blogger Brendan, at 6:45 AM  

Post a Comment

<< Home