Results 1 to 4 of 4

Thread: Did some testing today...

  1. #1
    Bronze Member
    Join Date
    Nov 2004
    Location
    Narvik, Norway
    Posts
    110

    Did some testing today...

    A few days ago I got my brothers PC back for another turn on the lab bench for some needed spyware removal. As he has a teenager in the house, this is a rather regular affair. All registry guardian software is useless, as long as the teenager in question always clicks on the "allow change" button...

    Well - I can't complain all that much... This round netted me a Shure stylus force gauge (used for setting up turntables) and some other HiFi accessories for free

    The PC were seriously botched - he couldn't get online, his printer didn't work and so on, but some rounds with my regular anti-spyware toolchest fixed it up again.

    Now anyway, I figured out I'll do a bit of research on where all this crap comes from, and ok - if I have to clean up my own PC, so be it. If I am to make a living from stuff like this, I need to do some research anyways...

    His PC had gotten Limewire installed since the last time I checked it, and some of it comes from the installation of Limewire itself. However - nothing of this will prevent the PC from working, but rather display popups, searchbars and so on. Most of the filesharing applications on the PC will install some form of adware or another. Funny enough - the Mac version of Limewire itself is clean...

    Just to check out what's out there, I fired up my old trusty mac, downloaded Limewire and started searching for some files, mostly at random - primarily video files.

    I found a few VMW files of a suitable size, which I downloaded, and sure enough, several of them had DRM-protected vmw3 content, which wouldn't play on the Mac.

    I dumped the files over onto the PC (which is loaded with Spybot, Teatimer, Processguard, Adaware, spywareblaster, Norton and so on), and tried them, to see what happened.

    Sure enough, some updates to Media Player were needed and installed, and then it tried to "get a license". Now, it popped up a small webpage from instantdrm.com which told me to click here to allow active x and so on... Sounds familiar.... ? Instantdrm is a drive-by downloader of various browser hijackers. It actually had one flaw - just closing the window, without letting it install anything activated the license so the file was playable...

    Some googling show that instantdrm and related variant Playadrm and others are agressively marketed to adult webmasters as the solution for getting paid for their content. Ok - the webmasters may get protected files, but their customers end up with a side dish of malware with their prOn....


    Filesharing nets are starting to be poisoned by malware, so if you want to keep the PC clean, at least be careful with what you download, and secondly - VMW files are very dangerous for unprotected PCs. Heck - Since Windows mediaplayer will cheerfully accept a VMW file that's mislabeled as mp3, wma, mpg or whatever format it's set up to handle as default program - any PC with a novice behind the keyboard is in danger.

    If you're in the tech business and want your customers computers to be safe, tell them to stay away from filesharing, and to not click on "Allow this" boxes without reading them first. If you want to fill your pockets, don't tell 'em...

    Some good reading can be found here... http://www.doxdesk.com/

    Johan-Kr
    System1: iMac 27"
    System2: PowerMac dual 800 (mirrored drive doors), OsX 1.5 Leopard
    System3: EPoX 8KDA3+, 1Gb RAM, 4x1Tb - Raid5, CoolerMaster CM Stacker, FreeNAS.

  2. #2
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Nice work - it's always good to see people going the extra mile to understand this stuff. For my own part I agree that most filesharing progs come with some adware/spyware component and DBDs are all over the net. You will also find that things like codec packs and free video codecs include additional spyware.
    I think almost any site which is free ringtones or mp3s is nearly always dodgy and many of the files on filesharing networks have been tampered with, I would expect this to be a common practice among the makers of the original software. If they put up plenty of infected files the cheaters can't get the legit software without paying for it - is it fair, I dunno but most software is sold with no comeback for the end user so how can you test it (shareware aside)?

  3. #3
    Bronze Member
    Join Date
    Nov 2004
    Location
    Narvik, Norway
    Posts
    110
    Overpeer, which RIAA hired to poison the filesharing networks with useless files, has started to send out drm media files which is infected with various malware. Doxdesk has a video of what happens to an unprotected pc here (2.1Mb). Note that you shouldn't be offended by porn to watch this clip...

    One of the sites shown is a beastiality site. I wonder what Sony would say to one of their business partners trafficking in this...

    Johan-Kr
    System1: iMac 27"
    System2: PowerMac dual 800 (mirrored drive doors), OsX 1.5 Leopard
    System3: EPoX 8KDA3+, 1Gb RAM, 4x1Tb - Raid5, CoolerMaster CM Stacker, FreeNAS.

  4. #4
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    There was an article on Lockergnome about how Kazaa employees are refusing to install their own product onto their pcs because of the detrimental effects of the adware.
    http://channels.lockergnome.com/net/...ng_kazaa.phtml

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •