Our greatest tool against them is exposure.
TeMerc
Originally posted Feb 18, 2005:
Is This Software On Your Hard Drive?
How one of the Internet’s largest and most secretive adware companies really operates. With new regulations coming, will it really reform?
Dec. 9 - In November 2000, yet another e-commerce start-up was grappling with its inevitable fate. Dash.com CEO Dan Kaufman called a meeting of most of the company’s employees in its New York City offices and stared down at the conference-room table as he delivered the bad news. “This is a day I hoped would never happen,” he said, according to an employee at the meeting. The board of directors had just agreed that the dot-com company’s prospects were dim. “Please gather your belongings and exit the building.”
Dash’s business model was ahead of its time—a prototype of what adware companies are doing today. The business asked Web surfers to download a software toolbar that tracked their Internet shopping and offered related e-commerce discounts at the point of purchase. For example, if a user was prepared to buy a book at BarnesandNoble.com, the Dash toolbar could offer a coupon for the same book at Borders. In the midst of a profligate investment environment, Dash.com raised $50 million on this idea from venture capitalists such as AT&T Ventures and the JPMorgan Investment Corp. Now it was preparing to give any leftover cash back to investors and slink off into the dot-com void. “I guess we learned a lot of expensive lessons at Dash,” says Joshua Abram, a former vice president at the company.
As of June 2001, Dash.com and its competitive-coupons idea was officially dead. Or was it?
In this week’s edition of NEWSWEEK, we looked at the growing online presence of adware, software that sits on users’ hard drives and can slow down the desktop with resource-consuming pop-up ads. Adware companies like Claria, WhenU and 180solutions load their software onto hard drives by offering appealing free programs like games, updated weather reports and the like. The adware then serves pop-ups ads on the screen that are often related to the user’s Web activity.
Next year, Congress is likely to pass new legislation regulating the industry. It will require that adware companies obtain explicit permission from users before their programs are populated onto hard drives and to put their name at the top of each pop-up, so users know who’s responsible for it. Most importantly, the new law will make sure consumers can easily delete unwanted adware.
Full Read @ MSNBC
=====================================================
5 March 2005
Complete new update for all CWS Listings
Reprinted with permission by Webhelper
=======================================
24 March 2005
CPVMARKET.COM where they are using the affiliate interface from Mygeek.com from the AdsOn Network.
They also now have a new IPinsight Sentry Stub called mlotus.exe which they have named after their site which does not have an active IP assigned yet called mlotus.com.
They have also changed their Speer.dll from 2004 to a new one called speeryox.dl (More to come on this one)
They are also using their Speer2.dll which creates their buddy.exe like the Speer and ceres variants. See Speer2.dll
Reprinted with permissions by Webhelper
===================================================================
24 March 2005
Looks like the Transponder Gang has finally went over to the dark side of in allowing CWS exploits to not only bundle new variant called kz515.dll BUT I have also found for the first time in 4 Hijackthis logs on the Internet that their offeroptimizer.com is using an IP address for their search.offeroptimizer.com which is to their searchrabbit.com site. Also, search results direct themselves to findwhat.com. Pure Pay-Per Click search.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.offeroptimizer.com/sidebar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.offeroptimizer.com/sidebar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotoffers.info/278/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
The CWS that shows hotoffers.info (See My write up on the dropper.exe)
and is from the IP Block of Atrivo that is infested with CWS
See: CWS Atrivo Listings
Reprinted with permission by Webhelper
===================================================================
25 March 2005
Looks like the KZ515.dll is being installed by a bundled install via a possible CWS exploit. If anyone who is hit by the kz515.dll and knows where it came from, please submit your link here: Submit Suspect Sites so that I can research it and we can see exactly why the Transponder gang has changed their methods by writing to the registry and changing users start pages.
************
About the Grandstreetinteractive.com GSM toolbar. Is Mygeek more than a major Transponder Gang partner?
Read it here
Reprinted with permission by Webhelper