7 replies to this topic

[TeMerc]

On the 16th of February, 2005, we received Certified Mail from the office of Savrick Schumann Johnson McGarr Kaminski & Shirley, attorneys and counselors at law, Mark D. Hopkins, Partner - Austin Office representing iDownload.com. The letter, dated February 10, 2005 begins:
"Re: Incorrect Classification of iDownload's Product as Spyware & Related disparagement of iDownload"

Rest of the letter in full quotation:

Dear Sir or Madam:

          This firm represents iDownload.com with respect to your inaccurate classification of
iDownload's software product, iSearch toolbar, by referring to it as Spyware in its description.
Specifically, a recent review of materials disseminated by your company, via the Internet,
revealed that your company is falsely disparaging iDownload's product, iSearch, in that Castle
Cops f/k/a Computer Cops, L.L.C. classifies the product as Spyware and articulates that,

                      iSearch is certified spyware/foistware, or other malware.

          Castle Cops f/k/a Computer Cops, L.L.C.'s characterization of iSearch as Spyware is
damaging to the iDownload brand.  As we all know, Spyware is a phrase within the public
conscience that has a specific meaning.  A classification of Spyware is usually reserved for those
programs that not only have the ability to scan an end- user's computer, but also seek to remain
unnoticed or hidden, and also seek to gather personal information such as passwords, account
numbers, etc. of the end-user. iSearch does not fit this profile.

          iSearch does not qualify as Spyware.  iSearch is a toolbar that in no way attempts to
remain hidden or evade detection.  Continuing, unlike Spyware, iSearch does not gather any
personally identifiable information about end users, does not collect data about the user's web
usage, does not collect any information entered into web forms, does not share information with
third parties, does not send or cause to be sent unsolicted e-mail, and does not install items such
as dialers on the end user's computer.

          We would request that you correct your disseminated materials immediately to remove
any reference to iSearch as Spyware, Foistware, or Malware.  To the extent you fail to remedy
your improper disparagement of the iDownload brand on or before February 15, 2005, we will
take all necessary action against your company to protect iDownload from your continuing
tortuous conduct.  Should you have any questions regarding the foregoing, please feel free to
contact me.

                                                                                Best Regards,

                                                                                Mark D. Hopkins

We (CastleCops) have retained counsel and are currently evaluating our options. Please stay tuned for details as they develop. This article will also be updated at those times.

=====================================================================

From Suzi's Spyware Warrior Blog:

Today I received a letter forwarded by Domains by Proxy, my domain registrar’s private registration partner – a letter from the law firm Savrick Schumann Johnson McGarr Kaminski & Shirley attorneys and counselors at law, Mark D. Hopkins, Partner – Austin Office representing iDownload.com. The letter, dated February 10, 2005, is quoted in full here:

Re: Incorrect Classification of iDownload’s Product as Malware & Related disparagement of iDownload
Dear Sir or Madam:

    This firm represents iDownload.com with respect to your inaccurate classification of iDownload’s software product, iSearch toolbar, as Malware on the following four websites:

          (1) domain blacked out
          (2) domain blacked out
          (3) www.netrn.net
          (4) domain blacked out

    Specifically, a recent review of materials disseminated by your company, via the Internet, revealed that your company is falsely disparaging iDowload’s product, iSearch, in that Domains by Proxy, Inc. classifies the product as Malware and articulates that,


      iSearch “Desktop Search” hijacker….

      iSearch is unidentified malware….


  Domains by Proxy, Inc.’s characterization of iSearch as Malware is damaging to the iDownload brand. As we all know, Malware is a phrase within the public conscience that has a specific meaning. A classification of Malware is usually reserved for those programs designed specifically to damage or disrupt a system, such as a virus or a Trojan horse, iSearch does not fit this profile.

    iSearch does not qualify as Malware. iSearch is a toolbar that in no way attempts to remain hidden or evade detection, Continuing, unlike Malware, iSearch does not gather any personally identifiable information about end users, does not collect data about the user’s web usage, does not collect any information entered into web forms, does not share information with third parties, does not send or cause to be sent unsolicited e-mail, and does not install items such as dialers on the end user’s computer.

    We would request that you correct your disseminated materials immediately to remove any reference to iSearch as Malware or Spyware. To the extent you fail to remedy your improper disparagement of the iDownload brand on or before February 15, 2005, we will take all necessary action against your company to protect iDownload from your continuing tortuous conduct. Should you have any questions regarding the foregoing, please feel free to contact me.                                                                                Regards 
        Mark D. Hopkins

As owner of this domain, netrn.net, the home of this blog, I am currently obtaining legal counsel and evaluating my options. I will post additional details as they develop.

Interestingly enough, I’m not the only site in the anti-spyware community to receive such a letter from Mr. Hopkins. CastleCops.com published an article yesterday revealing they received a nearly identical letter.

[TeMerc]

Recently we received a letter from a law firm titled "Incorrect Classification of iDownload's Product as Spyware & Related disparagement of iDownload". We retained counsel to evaluate our options and last night sent our reply which will be quoted in full below.

There has been a public outcry over such a "cease and desist" letter as it has come to be known in the online communities. However, it appears that CastleCops is not the only recipient of such a letter.

Suzi at SpywareWarrior Blog also received one.

At DSLReports.com there is a thread, now 3 pages in length, titled Silencing the Critics: ISearch/IDownload. A news article was published there yesterday as well, Marketers Try to Silence Spyware Critic.

Wayne Porter of ReveNews wrote about
Deceptive Is as Deceptive Does, where he posted no less than 18 links to articles describing what he calls “savage behavior”.

Wilders Security Forum has a thread going as well, and one user (Key-U) posts the details of his installation of iSearch.com’s toolbar.

And now onto the full text of our response...

Re: Settlement- Not Admissible for Any Purpose Pursuant to CA Evidence Code § 1152
Our File No. CY757-515

Dear Mr. Hopkins:

I write you on behalf of my client ComputerCops, LLC regarding  the letter you sent on
February 10, 2005 in which you alleged that the castlecops.com website has disseminated
information improperly disparaging the iDownload/iSearch brand. I have spoken with officers of the
company about the allegations made in your letter and they have stated clearly that they have not
made or published any statement which can be said to disparage the iDownload/iSearch brand.  My
client has asked me to contact you in the hope that this matter can be resolved outside the courtroom
through a dialogue between ComputerCops and iDownload/iSearch.

Contrary to the assertion made in your February 10 letter that, “spyware has a well known
meaning within the public conscience that has a specific meaning,” spyware is actually capable of
many definitions.  In fact, there is no universal definition of spyware, nor is there a well known
meaning within the public conscience. Nevertheless, it appears that software disseminated by
iDownload/iSearch would likely be regulated as illegal in California under California Business And
Professions Code Sections 22947-22947.6 otherwise known as the Consumer Protection Against
Computer Spyware Act.

A cursory search of the Internet reveals that the iDownload/iSearch brand has quite a
controversial image to be sure:

http://abcnews.go.co...id=99522&page=1

In addition, Symantec, Lavasoft, Computer Associates, Spyware Warrior, Spyware Blaster,
and Doxdesk, to name a few, report that the iSearch toolbar, published by iDownload is spyware
(see links below). This information is publicly available and was obtained in a manner of minutes
using the iDownload “brand” as a search term.

It is clear that the issue of whether or not iDownload distributes spyware is a controversial
one which is a matter of public interest and any discussion or publication of web page links referring
to this controversy cannot be damaging to the iDownload brand.

In short, ComputerCops categorically disagrees with your letter, but remains willing to listen to
iDownload’s side of the story and offers further to allow iDownload a public forum on the
castlecops.com web site in which to respond to the questions raised in many circles about iDownload
distributing spyware. 

This is ComputerCops final good faith attempt to resolve an uncomfortable matter in an
amicable manner. Should iDownload fail to respond to this letter before March 15, 2005,
ComputerCops, LLC will take any and all legal measures necessary to protect its rights. 

Very truly yours
BENJAMIN Z. RICE

Internet Resources on ISearch

http://securityrespo...re.isearch.html
Type: Spyware
Behavior: Spyware.ISearch is an Internet Explorer Browser Helper Object and functions as a
toolbar. It is a search hijacker and also tracks user activity on a remote server at isearch.com.

Symptoms
One or more files are detected as Spyware.Isearch.

Transmission
The ISearch toolbar can be manually installed through ActiveX installers, or it comes bundled
with other software.

http://www.edbott.co...ves/000340.html

http://www.tenebril....hp?id=431726676


http://www.spywaregu...show.php?id=732
# Adds other software
# Shows ads
# Changes browser
Danger Level: 6"

http://netrn.net/spy...blaster-update/

http://www.doxdesk.c...asite/Pugi.html
http://doxdesk.com/p...te/ILookup.html
http://www.doxdesk.c...ite/rogues.html

http://windowsxp.mvp.../lockedbars.htm

Isearch is listed as "Rogue/Suspect Anti-Spyware Products" at Eric Howes list:
http://www.spywarewa...nti-spyware.htm
"SpywareAvenger spywareavenger.com
idownload.com no trial version locatable; company is known adware
distributor (1); "strict no-refund policy"; advertises through adware (1);
"negative option" coupled w/ outrageous pricing [A: 9-22-04 / U:
12-28-04]"
http://www.kephyr.co...rch/index.phtml
http://www.sysinfo.o...?filter=isearch

http://www.infopacke...te/20040420.htm
Title: Remove / Uninstall iSearch toolbar?
Excerpt:

"Although many would disagree, the iSearch web site claims that their
toolbar is not Spyware because it "in no way tracks you or the web sites
that you visit." (Source: iSearch.com FAQ). Instead, iSearch intrudes on
your browsing sessions by invoking ad-related activity and reportedly
blocks access to certain web sites.”

[TeMerc]

Suzi Responds to ISearch\IDownload:

In response to the Cease & Desist letter I received from iDownload/iSearch, I sent the following response.


Re: Incorrect Classification of iDownload’s Product as Malware & Related disparagement of iDownload

Dear Mr. Hopkins:

This letter is in response to your letter to Domains by Proxy dated February 10, 2005 wherein you named several domains, including www.netrn.net, and requested that any reference to iSearch as malware or spyware be removed.

I have done a thorough search of my site and found only the following references to iSearch:

1.
This link contains a list of updated definitions as published by Lavasoft, the makers of Ad-Aware. The original list is posted here:
http://www.lavasofts...=0

2.
Again, this link contains a list of updated definitions as published by Lavasoft on their forum here:

http://www.lavasofts...=0

3. http://netrn.net/spy...-aware-updates/
Again, this link contains a list of updated definitions as published by Lavasoft on their forum here:

http://www.lavasofts...showtopic=24278

4. http://netrn.net/spy...blaster-update/
This page contains a listing of newly added definitions to SpywareBlaster, which can be found here:

http://www.javacools...areblaster.html

You will note that I made no personal comments about iSearch or any of the other items in the lists. I merely copied information that was posted elsewhere If you have a complaint with your product being listed and targeted by Lavasoft and Javacool Software, you should contact them directly.

You also stated:
“Specifically, a recent review of materials disseminated by your company, via the Internet, revealed that your company is falsely disparaging iDowload’s product, iSearch, in that Domains by Proxy, Inc. classifies the product as Malware and articulates that,

“iSearch “Desktop Search” hijacker….”
“iSearch is unidentified malware….”

That is simply untrue; I made no such statements anywhere on the netrn.net domain. Moreover, even the program update notices described above that were reproduced on my web site include no such statements—they merely list the name of your company’s programs. If you will insist that such statements are included on my web site, please supply URLs for the pages you believe include those statements.

Should you decide to pursue a complaint against my site, perhaps you should be aware of the California anti-SLAPP legislation:

http://caselaw.lp.fi....10-425.16.html
http://www.thefirsta...urcecenter.html

The Cease & Desist letter you sent to me as well as any further complaints to me will be submitted to ChillingEffects.org for review and publication:

http://www.chillingeffects.org/

In summary, after reviewing my site, I have concluded that your allegations and requests are based on inaccurate, false information and are thus completely unwarranted and utterly without merit.

Yours truly,

Suzi

[TeMerc]

From Suzi at Spyware Warrior Blog:

This story continues to spread on the web. I’ve been meaning to update the links here, but life got in the way. Thanks to eveyone for the support, comments and trackbacks to the blog.

Here’s some additional links:

http://www.techweb.c...curity/60403277
Spyware Warrior and Castle Cops are mentioned in the lower portion of the article.

http://www.dslreport.../shownews/60722

The Inquirer carried the story: http://www.theinquir.../?article=21415

P2pnet.net has some good comments. http://p2pnet.net/story/4001

Here’s a great write-up by Wayne Cunningham of Download.com.
IDownload hires a lawyer


While adware makers such as WhenU and 180Search try to play nice and reenter decent society, spyware vendor IDownload.com, which also operates under the name ISearch.com, tried to silence its critics. The company hired an, in my opinion, unscrupulous lawyer to send out cease and desist letters to Web sites such as Castle Cops and Spyware Warrior, telling them not to call the ISearch toolbar spyware. This lawyer, Mark D. Hopkins, doesn’t appear very competent, as Spyware Warrior points out that she did not actually refer to ISearch as spyware on her site. This attempt to silence critics of spyware is so ill-founded as to be laughable. It’s pretty easy to send out a cease and desist letter; all you have to do is type. Actually learning something about the law is a lot harder.

iDownload’s itinerary by Zhen-Xjell.


The Internet has been buzzing with the keywords iDownload and iSearch the past week. There exists a great deal of talk all over the web, and it is mind boggling trying to read it all. I’ll try to put everything into this article, sort of a encyclopedia of all the comments, or an itinerary of iDownload. The public has provided a lot of information and much of the links supplied were returned by querying search engines for ‘idownload’ or ‘isearch’. Lets begin.

BlogCritics weighs in. Spyware: First, infect all the lawyers….

Tales Of Horror: The iSearch Toolbar from The Abusive Hosts Block List.

Kye-U started a website to track the tale of iDownload and iSearch, including an illustrated example and analysis of iSearch’s download and installation.

JD asks Are you keeping up with the iDownload/iSearch spyware controversy? He also created a poll at VirusIntel.com; see the left side column.

From Donna’s Security Flash: re: CastleCops.com and Spyware Warrior was asked to correct the what?

Alex Eckelberry, president of Sunbelt Software, makers of CounterSpy, posts about receiving a Cease & Desist letter from iDownload as well, and says they responded with a 16 page letter detailing iDownload’s practices. The letter is not posted at this time, but Alex says it might be in the future.

[wng_z3r0]

what do these adware people even hope to gain by sending such letters? And why dont people send the spyware companies cease and desist letters? just my 10 cents wng

[TeMerc]

Since CastleCops publically shared with the community that we received a letter from iDownload demanding we reclassify their software, several other sites have also stepped forward indicating that they have been sent the same kind of letter including: Spywarewarrior, Spyware Guide, and Sunbelt Software. We believe in information sharing and ensuring the community is aware of the latest trends and threats in the world of Security/Anti-Spyware, which is why we decided to publish not only the iDownload letter to us, but our response to iDownload because we feel it is necessary to educate the public on the kind of tactics and pressures being used against the Anti-Spyware community.

Yesterday we received a response via Fax from iDownload's attorney Mark D Hopkins, of Savrick Schumann Johnson McGarr Kaminski & Shirley.

March 7, 2005

Benjamin Z. Rice                                                                                                        Via CMRRR
Law Offices of Benjamin Z. Rice
P.O. Box 1206
Pleasanton, CA 94566

              Re:    ComputerCops, L.L.C's Improper Classification of iSearch Product
                        File Number: CY757-515

Dear Mr. Rice:

        Thank you for your recent correspondence regarding iDownload and its software product,
iSearch. As we are both aware, a lively internet debate currently exists over the functionality of
the iSearch program, as well as the questionable classification of iSearch as malware, spyware,
etc., by various security companies.  As counsel for iDownload, our goal is singular in purpose,
that being to assist iDownload in correcting the current dissemination of incorrect information
surrounding iSearch.

          We recognize that much scrutiny exists with respect to our actions, and that we may be
perceived by some in the internet community as being on the wrong side of the ongoing fight
against "internet malfeasance." This perception is contrary to reality. We are currently engaged
in an open dialogue with several large security firms, with the end goal being to reach a
consensus as to the proper characterization of iSearch.  We trust that you will conform your
published materials, as we previously requested, once some of the industry leaders analyze
iSearch more thoroughly and release their classification of iSearch.

          Please do not hesitate to contact me if you have any questions about the foregoing.

Best Regards,
Mark K.Hopkins

Intially we offered iDownload the opportunity to come into our forum and answer some questions from the public about their product iSearch, in order to be fair and eliminate any possible confusion about what the product does or does not do. To date they have not taken us up on that offer. Our position remains the same now as it always was concerning iSearch.

[TeMerc]

iDownload, the company responsible for a toolbar known as iSearch, has resorted to threatening to file lawsuits against several web sites that categorize the software as spyware or malware. Claiming that their brand has been disparaged falsely, iDownload is demanding that these web sites remove any material which labels iSearch as malware, foistware or spyware.

Is iSearch malware? Yes, it is. And I can prove it.

You may remember that a few months ago, trojans began circulating file sharing networks disguised as protected media files.
Windows Media Player (WiMP) has DRM features that allow music and video files to be restricted. The restriction may be that you can only listen to the file a certain number of times or for a certain period of time. To determine this, when the file is loaded into WiMP, it will contact an internet server to retrieve information about the license and any restrictions. If a license is not found, WiMP will load a license window using the Internet Explorer browser engine.

An antipiracy company named Overpeer has been exploiting this behavior to infect unsuspecting computer users with spyware and adware. They have been flooding file sharing networks with fake music files with embedded DRM instructions. When played in WiMP, these files cause WiMP to open a license acquisition window in Internet Explorer. When that happens, the page loaded within the license window tries to install spyware using various security flaws.

Among the dozens of programs that could be installed by way of these trojans is the iSearch toolbar. If you run one of these trojans, it will pop up a license window which loads a page prepared by iDownload. That will load an ActiveX applet which attempts to install iSearch. If your security settings are configured properly, you will see a security warning asking your permission to install software. This security dialog claims to be a required update to "Media Player 9". In fact, it has nothing to do with Media Player but is really iSearch software from iDownload. You can see an example of this security warning pop-up at DSLReports.

The security pop-up is intentionally misleading. It is designed to trick the user into thinking they are installing some sort of update for Windows Media Player. Since the process that leads up to this security warning is the playing of a file in Windows Media Player, no doubt many people would be fooled into installing it. This behavior, on its own, is malicious.

If you are unfortunate enough to be fooled into installing iSearch, your computer undergoes one of the most serious hijacks I have ever witnessed. There are three different pieces of software from iDownload with which you may end up. A single piece of iDownload software might not exhibit all of the behaviors listed below, but between the three, these are the behaviors you may encounter.

1.) Your Internet Explorer home page is changed to isearch.com. You cannot change the home page to point it to any other web site while the software is installed.

2.) If you mistype the name of a web page and the web site's server returns an error, instead of seeing the error message, you are redirected to isearch.com. You cannot change this behavior while the software is installed.

3.) The software will begin launching a barrage of pop-up and pop-under ads.

4.) The software will store logs of your web surfing habits.

5.) The software will connect to iDownload servers to download and install updates to itself. It also may install completely unrelated software from other adware and/or spyware companies. Further, it may also scatter icons all over your desktop.

6.) The software may disable competing adware software. While that in itself is not such a bad thing, disabling some of those adware programs may render inoperable the programs they are "sponsoring". For instance, if Cydoor adware is disabled, KaZaa stops working.

7.) There have been numerous reports of antivirus and antispyware software being disabled by iSearch. I haven't seen this for myself but there are numerous reports of it.

8.) If you try to delete the files involved with iSearch, the software will reinstall itself. If you run the company's uninstaller, rather than uninstalling the software, it simply reinstalls anything you might have removed yourself (Sources [1][2]). This behavior is soon to be outlawed if the US House of Representatives passes the SPY ACT. So not only is it malicious, it also soon will be illegal.

iDownload knows that if they actually were to take an antispyware web site owner to court, they would lose the trial. It would be a simple matter to demonstrate the behavior of this software. I have no doubt that any judge and/or jury would agree that the software is malicious and deserves the label of "malware". This explains why all of the sites that have received these threats are independent sites run mainly by volunteers. Even when you are right, it still costs anywhere from $10,000 to $12,000 to prove it in court.

There is a difference between SpywareInfo and most other antispyware sites. The difference is that SpywareInfo makes money. Between the loyal readers of this newsletter who buy the products promoted here and the grateful former spyware victims who send donations through Paypal or by mailing checks, SpywareInfo has the resources to face any threat to its existence.

You may remember last year that a powerful denial of service attack was launched against SpywareInfo. For a brief period, the site was gone. Then, three weeks later, SpywareInfo came back to the web and it has stayed ever since. This was accomplished through the purchase or rental of nearly a dozen redundant web servers. The attackers tried for months to knock down the site. When they realized that I had more resources to fight them than they had to fight me, they finally gave up. There hasn't been a serious attack on the site for several months.

iSearch is malware. This is easily demonstrated. Any sane jury would agree once they see the demonstration. Simply put, I have more than enough resources to fight a frivolous lawsuit. I have more than enough evidence to win a lawsuit. If iDownload wants to challenge my statements in court, the mailing address is PO Box 2378, Reidsville, GA USA 30453.

Full Read @Spyware Info Newletter

[TeMerc]

Mar. 15, 2005

This was posted by Eric Howes tonite:

180 Solutions has been trying to become legitimate (see, for example, Wayne Cunningham's post on his blog). Their joining COAST (the antispyware consortium) was the ptimary reason COAST fell apart.

As a result of 180 Solutions contacting us, we followed up with our usual extensive analysis of their practices. You can see our analysis here.(pdf)

I should explain that that one PDF file actually contains two different documents:

1) a white paper titled "Alleged Improvements to 180solutions' Software" (pp. 1-28 ) -- this document includes screenshots and is based on the second document in the PDF;

2) a write-up on 180solutions (pp. 29-55) -- though it comes second in the PDF, this was actually written first; it is a bit more thorough than the white paper.

Given that the first document is based on the second, you'll find quite a bit of overlap. You'll also find that the second document contains quotes from 180 itself that aren't included in the first.

For those who are interested in jumping to the juicy bits, see these pages from the white paper:

pp. 9-10, 18-26

For the same material in the write-up (2nd document):

pp. 35-36, 45-50

And to see how 180 gets assessed under Sunbelt's listing criteria, see:

pp. 50-53

Note, pagination refers to the internal pagination of the document, not the pagination assigned by Adobe Acrobat Reader.


Best,

Eric L. Howes

=====================================

Mar. 16, 2005

There’s a lot in this writeup, but as Suzi of Spyware Warrior Blog pointed out, the areas that are probably most interesting to people are on pages 9-10 and and 18-26.

Here’s the quick and dirty:

As part of 180’s COAST certification, 180 agreed to a “CBC Force Prompt”. This feature is designed to alert users to the installation of 180’s software.

This prompt is shown when a certain registry key is set to “0”. If it’s set to “1”, there is no prompt.

This is a serious weakness in the 180 installer. It is trivially easy for a rogue affiliate to simply set the value to 1, and the 180 install sails through, with the end-user none the wiser.

However, it appears that 180solutions is itself electing to bypass the "CBC Force prompt" in order to avoid alerting users to the installation of 180's software, and the implications of this are serious.

Sunbelt observed several installations of older versions of the 180search Assistant in which that software was updated to the latest version. After older versions of the 180search Assistant were "stealth-installed" via a Windows Media Player file and via a Java applet at lyricsdomain.com, that software called out to 180's servers, and downloaded and installed the latest, COAST-certified version of the 180search Assistant.

This behavior is especially disturbing because many of the installations that 180solutions is silently updating through this method are the possible products of "force-installs" of 180's software of users' PCs, where those users received no notice or warning whatsoever of the 180search Assistant.

Instead of alerting users to the presence of 180's software on their systems, 180 is updating those older software installations and versions to the latest 180search Assistant, allowing 180 to continue deriving economic benefit from those installations, entirely contrary to its publicly stated intention to clean up its distribution channels.

Alex Eckelberry

Sunbeltblog