Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Trojans and Popups and Slimeball Business

CmdrTaco posted more than 12 years ago | from the remember-when-the-net-was-polite dept.

Internet Explorer 287

Selanit writes "Salon.com is reporting on a company which exploited a vulnerability in an old but common version of Internet Explorer's Java engine to install spyware on the visitor's machine. " It's a pretty in depth story showing the lack of respect that some companies have. My favorite part is that the guy who denies any knowledge of the trojan popup is named 'Frank Bigott'.

Sorry! There are no comments related to the filter you selected.

Hello you fagorts! (-1)

cyborg_monkey (150790) | more than 12 years ago | (#3476897)

Hello again! Kneel before Cyborg_monkey, master of first posts!

You are all worthless and weak!

w00t!

PIM FORTUYN, 54, DUTCH FASCIST, FOUND DEAD (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3477006)

Pim Fortuyn, the renowned far right politician of Holland who was up for election in a fortnight, was found dead outside his limousine on Monday.

Fortuyn, who believed immigrants were a threat to liberal Dutch life, and stated that Islam (but not Christianity or Judaism) was "backward", already had several seats in government.

A rich, overtly homosexual skinhead who campaigned that diversity causes intolerance and wanted a constitutional amendment to repeal the paragraph forbidding discrimination, Fortuyn was a hypocrite on a scale surpassed not even by Slashdot editors and karma whores.

Truly, therefore, a Slashdot icon, he will be sorely missed.

(Moderators, this is not a troll [bbc.co.uk] ).

Re:PIM FORTUYN, 54, DUTCH FASCIST, FOUND DEAD (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3477084)

Wasn't Pim Fortuyn one of Jabba's henchmen in Return of the Jedi?

Re:PIM FORTUYN, 54, DUTCH FASCIST, FOUND DEAD (0)

Anonymous Coward | more than 12 years ago | (#3477177)

Wasn't Pim Fortuyn one of Jabba's henchmen in Return of the Jedi?
I don't know, was there a rich Cuban cigar smoking ex sociology professor in the film?

Re:PIM FORTUYN, 54, DUTCH FASCIST, FOUND DEAD (0)

Anonymous Coward | more than 12 years ago | (#3477211)

No he was one of the "Gentlemen" in the "Hush" episode in Buffy the Vampire Slayer.

Re:Hello you fagorts! (-1)

egg troll (515396) | more than 12 years ago | (#3477061)

Excellent work, CM!

Just in case it's slashdotted!! (-1, Redundant)

Klerck (213193) | more than 12 years ago | (#3476899)

The pop-up ad campaign from hell
It's the latest in Web marketing innovation: Hijacked Web surfers, exploited Web browser vulnerabilities and malicious spyware all wrapped up together.

- - - - - - - - - - - -
By Brian McWilliams

May 7, 2002 | Looking for state-of-the-art Internet skulduggery? Try this: Thousands of unsuspecting visitors to a family entertainment site are discovering a cornucopia of unwanted, potentially malicious software on their computers -- the result of a pop-up ad campaign, a booby-trapped Web site, a compromised Web browser, and strange doings at a shadowy Los Angeles company.

The story starts at Flowgo, a site that prides itself as the leading family entertainment portal. According to officials at eUniverse, the California firm that operates Flowgo, a pop-up ad that ran at the heavily trafficked humor site for a couple of weeks until late April caused the trouble.

The ad, purchased by a Los Angeles Internet marketing firm named IntelliTech Web Solutions, was designed to automatically redirect visitors away from Flowgo (no mouse click required) and to dump them at a booby-trapped site called KoolKatalog.

Once at KoolKatalog, visitors were invited to feed an e-mail address into a digital slot machine created in the Shockwave animation format. Solve the puzzle faster than anyone else, and KoolKatalog would send you a swell prize!

Who's Next, in Salon's new feature, 'Masterpiece' presented by Lexus

In the nanosecond it took most people to recognize the obvious junk mail trap, the real damage was already nearly done. According to virus experts, code in the pages at KoolKatalog exploited a known flaw in an old version of the Java engine of Microsoft's Internet Explorer browser to covertly download the first of 10 files onto visitors' computers.

KoolKatalog is currently inacessible, but its domain name was registered by an IntelliTech employee and the phone number listed in the privacy statement at KoolKatalog is the number for IntelliTech Web Solutions. Phone messages left with the receptionist who answered at that number were not returned.

A contrite spokeswoman for eUniverse said IntelliTech's automatic redirects violated its ad policy, and eUniverse pulled the pop-ups as soon as it learned what was happening. Flowgo has achieved its success, she said -- and helped earn its publicly traded parent several quarters of profitability -- by taking great care to protect the safety of its visitors.

But according to virus experts, tens of thousands of Internet users have been back-doored by the KoolKatalog-distributed "malware," which they have added to their lists of malicious code for scanning.

"When you exploit a security bug to get your program onto someone's PC, you've crossed the boundary into what we consider malicious," said Craig Schmugar, a researcher with McAfee, which refers to the KoolKatalog-served payload as Downloader-W.

While researchers have not yet completely decoded all functions of the programs, they say two of the files, BVT.exe and ABSR.exe, attach themselves to victims' browsers and covertly monitor which sites they visit. Other components, including a file called AUSVC.exe, appear to enable the program's authors to secretly send updates or other files to the infected computer.

What's more, the install program, a file called CoolStuff.ocx, checks to see whether the victim is running a firewall, and terminates if it finds one. If no security software is monitoring outbound network connections, the installer grabs other files from one of two IntelliTech Web servers, online1net.com and wwws1.com.

"Somebody took a lot of time and attention to create this. There's a lot of error checking and careful programming in there," said Vincent Weafer, director of Symantec's virus research lab. Backdoor.Autoupder, as Symantec calls it, quietly made the software firm's list of the five most-prevalent viruses in April.

TWhile designed to be stealthy, the malicious code was revealed to many puzzled victims in recent weeks when it began causing instability in their PCs or crashed them.

Others discovered the program after updating their anti-virus signature files. Sam Evans, security analyst for a Midwestern semiconductor firm, said an anti-virus update in late April caused a sudden flood of reports from company employees. Cleaning the code off affected computers was complex and required editing the PC's system registry.

"We thought we disinfected all the computers, but our intrusion detection system is still reporting that internal machines are attempting to send information out," said Evans, who added that the company had "black-holed" (blocked access to) the range of Internet protocol addresses used by KoolKatalog and related sites.

Trend Microsystems, which since April 23 has received nearly 5,000 reports of infections by TROJ_SUA.A, as it calls the software, has released a free tool that automates the 49 steps required to remove IntelliTech's code from an infected PC.

The Giants' moody superstar in 'Masterpiece' presented by Lexus

IntelliTech itself has done little to clear up the mystery surrounding the surreptitious installation of its spyware.

Frank Bigott, a resident of Santa Monica, Calif., who holds the domain registration for KoolKatalog, said he had "zero knowledge" of the backdoor program prior to being contacted by Salon. Bigott referred all other questions to his attorney.

The lawyer, William W. Bloch of Beverly Hills, said Bigott resigned his position in sales and marketing at IntelliTech after learning of the incident from Salon. Bloch also gave Salon the cellphone numbers of three men whom he identified as IntelliTech management, but voice-mail messages left at those numbers were not returned.

Block says that Bigott determined that IntelliTech's management had placed the spyware programs on users' computers "to gain certain things that would result in increased revenue," such as commissions from affiliate marketing programs.

Susan Henrichsen, deputy attorney general for the state of California, declined to comment on specifics of the IntelliTech situation. But she noted that downloading software onto someone's computer without permission is tantamount to hacking.

"If, on top of that, you track people with spyware with the intent of selling the information, that goes way over into unfair and deceptive practices. It's really pretty appalling," she said.

The spyware tar pit that users encountered at KoolKatalog may have been connected to an earlier software development effort by a company called Volton Technologies, which also had ties to IntelliTech.

The agent of record for the incorporation of Beverly Hills-based Volton Technologies is Michael Osborn, one of the names provided by the lawyer Bloch as a member of IntelliTech management. Volton Technologies previously offered for download an apparently legitimate program that may have provided the technical foundation for KoolKatalog's twisted creation.

The program, which Volton termed a "browser toolbar enhancement," offered access to search engines and e-mail from a control panel at the bottom of Web browsers. According to the program's license, in exchange for the free software, users agreed to allow Volton to collect "anonymous" data on Web page views and responses to ads, as well as an inventory of the software on the user's PC.

The front door of Volton's search site, BestoftheWeb.com, invites users to download the toolbar. But the download page offers no link to the software and merely states, "Our new and improved toolbar is coming soon."

Similarly, a download link at Volton's BrowserToolbar.com site was disabled for weeks -- before suddenly reappearing May 3, when the site was relocated from an IntelliTech-owned hosting firm in Los Angeles, New Directions, to a new ISP in Canada.

Click the download link at Volton's new version of BrowserToolbar.com, hosted by Alberta-based Myrias Computer Technologies, and a message says a file called Coolstuff4.cab is being installed. But the toolbar installation fails because the server containing the file, online1net.com, is unreachable.

Online1net.com, along with wwws1.com and KoolKatalog, was summarily unplugged last week by Alchemy Communications, the Internet collocation facility that services New Directions.

When contacted by Salon on April 26 about reports of malicious code at the IntelliTech sites, Alchemy's vice president Jamie Daquino said his position was Shut down first, ask questions later.

"For someone to get written up as a virus, that's pretty serious. If they're doing what people are saying, it's illegal. We don't want to be associated with that," said Daquino.

Daquino noted that New Directions, which also goes by aliases including AlphaHostCo, Online Connect Group, Zones Now, Interhostland and Quik-Net, appears to be "companies within companies."

With its sites darkened by Alchemy, and its devious pop-up ads pulled by eUniverse, IntelliTech's misguided experiment in viral marketing appears to have been halted.

But Roger Thompson, malicious-code expert for TruSecure, said that spyware like that found at KoolKatalog.com remains a serious threat to the thousands of users who are infected and not aware of it.

"They are definitely still at risk. Only the original authors know exactly how compromised those PCs are. No one should want any uninvited back door on any PC," said Thompson

I wonder if this is true... (2, Insightful)

Marx_Mrvelous (532372) | more than 12 years ago | (#3476901)

There are a few things about the article that don't seem to make sense, aside from the basic premise and the guy's name. Is this another internet rumour that slipped into the press? Anyone have real-live experience with this?

Yep - definitely (4, Insightful)

BenHmm (90784) | more than 12 years ago | (#3477092)

I have.

Many times: it's why I now use Mozilla (well, that and the tabbed browsing and...and...and...) and Ad Aware.

Mostly it seems to be dialler programs for offshore ISPs. Porn, basically.

Use IE unprotected for a while, then run AdAware - it's quite scary.

Re:Yep - definitely (0)

Anonymous Coward | more than 12 years ago | (#3477170)

I have no problems with IE because 1) I have Norton AV running in the background and 2) I use the Proxomitron ad-killer proxy. After all that, only the occasional Doubleclick cookie gets by (which gets blasted by a bi-weekly running of Ad Aware).

Re:Yep - definitely (0)

Anonymous Coward | more than 12 years ago | (#3477207)

I use Internet Explorer because
1) besides lacking a few features, it still is by far the king of browsers
2) i'm not an idiot running internet explorer 4.0

Re:Yep - definitely (2)

5KVGhost (208137) | more than 12 years ago | (#3477262)

I have. Many times: it's why I now use Mozilla (well, that and the tabbed browsing and...and...and...) and Ad Aware.


Regardless of which browser anyone chooses to use, I'd hope they're more dilligent about updgrading and/or patching than the people in this article were. All browsers have weaknesses and vulnerabilities, both known and unknown.

I've never had anything infect or self-install on my machines, even when I ran without virus scanner for a while. About the worst I've seen are cookies, and they're easy enough to deal with.

Re:I wonder if this is true... (2, Interesting)

Parsa (525963) | more than 12 years ago | (#3477097)

Actually I just got off the phone with my mother about this because I was working on her work computer last week because of these viruses. She wasn't sure where they had come from and when I did a search on the Internet for them there were a lot of differing ideas on their origin.

What's kinda scary is the network admin wouldn't do anything to help. Norton Antivirus would say it had been quarantined but after she reboots all the processses are still listed in her Task Manager. I just forwarded this on to her to give to the admin so maybe he can take care of this now.

Re:I wonder if this is true... (0)

Anonymous Coward | more than 12 years ago | (#3477204)

How come the link to the story CRASHES
Opera 6.01 on windows ? , is it trying to do something it shouldn't ?

look here. (2)

leuk_he (194174) | more than 12 years ago | (#3477319)

the hun [thehun.com] It has a warning about exploit a site linked here used.

Investigate this! (warning: lot's of pink images, don't investigate at work).

Not a good day for M$ on Slashdot (0, Redundant)

Tensor (102132) | more than 12 years ago | (#3476903)

First a virus uses a worm that exploits a vulnerability in Outlook and OE to spread.

Now this.

Ouch.

Re:Not a good day for M$ on Slashdot (3, Funny)

spencerogden (49254) | more than 12 years ago | (#3477039)

Please define: A Good day for M$ on Slashdot.

A good day for microsoft would be: (3, Funny)

pommiekiwifruit (570416) | more than 12 years ago | (#3477107)

404: This page not available.

Re:Not a good day for M$ on Slashdot (1, Funny)

Anonymous Coward | more than 12 years ago | (#3477121)

A Good day for MS on /. : Any day that there is no MS related news.

M$ bought by VA Software (2, Funny)

Tharsis (7591) | more than 12 years ago | (#3477147)

although, I admit, all preceding days would have to be pretty bad.

Ah, the irony (5, Funny)

Faust7 (314817) | more than 12 years ago | (#3476906)

I love how the article is titled "The Pop-Up Ad Campaign from Hell"--and you get a pop-up when you first visit it. Also a nice Flash ad delay when you hit Back. Yep.

Actually (4, Informative)

CaptainZapp (182233) | more than 12 years ago | (#3477113)

You can cough up 30$ a year (50$ for 2) and enjoy Salon in its entirety and completely ad-free.

I'm aware, that this doesn't necessarily sit well with a lot of people here, but wtf...

Re:Actually (4, Informative)

benjymous (69893) | more than 12 years ago | (#3477287)

Or just install Mozilla which has pretty decent popup prevention (i.e. it still allows the popups that result from a user click, but not the ones that pages generate on load/exit/etc)

Re:Actually (2)

Krelnik (69751) | more than 12 years ago | (#3477300)

> You can cough up 30$ a year (50$ for 2)
> and enjoy Salon in its entirety and
> completely ad-free.

Or simply do what I do. Put *.salon.com in your RESTRICTED SITES security zone, and have all scripting and plugins disabled in that zone. Voila, I never get popups on Salon. Still see some normal ads, but they are tolerable.

This doesnt work with all sites, because some also use Javascript for navigation or other essential stuff, but Salon currently doesn't.

Re:Ah, the irony (1)

buzzbomb (46085) | more than 12 years ago | (#3477303)

Mozilla is your friend.

Edit > Preferences > Advanced (Scripts & Windows) > Unclick "Open unrequested windows"...and any other shit that irritates you.

Microsoft, security and Java... (5, Funny)

MosesJones (55544) | more than 12 years ago | (#3476909)


Isn't it odd that the only Java security exploit to be used in the wild is in the VM produced by Microsoft that didn't obey the Java spec.

Now a cynical person would say that this would enable Microsoft to point at Java and say "Java is insecure" but of course I'm not a cynical person and I'm sure it was purely an accident.

Re:Microsoft, security and Java... (1, Insightful)

Anonymous Coward | more than 12 years ago | (#3477000)

Come on. Netscape's engine didn't follow the Java spec. In fact, it had more violations that Microsoft's engine.

Look who Sun chose to sue. Hmm...

Re:Microsoft, security and Java... (1, Funny)

knulleke (557202) | more than 12 years ago | (#3477058)

I wonder if it's in the specs that java must be slow. It seems to be implemented that way on all platforms.

Re:Microsoft, security and Java... (-1)

real_b0fh (557599) | more than 12 years ago | (#3477263)

amen brother.

mod this insightful, bitches.

That comment is not insightful (2, Insightful)

Darren Winsper (136155) | more than 12 years ago | (#3477200)

It's just a statement with no supporting evidence.

Re:Microsoft, security and Java... (0, Offtopic)

kneeo (10487) | more than 12 years ago | (#3477038)


The easiest way to get shot is to carry a gun -- Atticus Finch


Are you sure that carrying a gun is the easiest way to go shot? I mean, where do you carry it? In a bag, in your pocket, or maybe a holster. If Im just carrying it, how would someone else know I have it to shoot me. Oh, maybe it will accidently go off and hit me. Im sure there are faster ways of getting shot rather than just carrying it and waiting for it to go off or waiting for someone to shoot me b/c I have a gun.

Re:Microsoft, security and Java... (0)

Anonymous Coward | more than 12 years ago | (#3477132)

Pick up a copy of To Kill A Mockingbird and read the quote in context. You'll get a big plus in that it's quite a good book and it got you away from your computer for a while!

Re:Microsoft, security and Java... (1)

Schnapple (262314) | more than 12 years ago | (#3477152)

and it got you away from your computer for a while!
Yes but if you leave your computer and go into public you might get shot!

Re:Microsoft, security and Java... (1)

benjymous (69893) | more than 12 years ago | (#3477317)

Not if you don't take your gun

Re:Microsoft, security and Java... (0)

Anonymous Coward | more than 12 years ago | (#3477057)

the only Java security exploit to be used in the wild

No, it's not odd that the only Java security exploit to be used in the wild is in the only JVM that is used in the wild.

WORST EVER TROLL FICTION COMPETITION (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3476910)

Mandi's voluptuous curves emphasised the singlemindedness of a Reaganite generation. Her wholesome rump, which would do a farmer proud in even the most competitive Texan meat markets, once again interrupted my field of vision to the birds perching nonchalantly on the roof of the opposite building. Two years, three months, four days and one hour into my job at dotcomrevolution.com, and the word on the seventh floor was that the VC's were about to cut off our air supply. These gulls were my only break from the monotony of BSD server administration, and Mandi had to be punished for her countless intrusive hours at the photocopier.
"Your ass is blocking my view," I mumbled.

"What did you say?" she roared. Well, it was more an angry squeak than a raw. I just had to block out the irritating, high-pitched whine that characterised all Mandi's replies, and my instincts caused my right hand to jump onto the air conditioning knob for the server room, turning it up to full blast.

"You -- that again -- I'll -- the manager!" she continued, her voice drowned out by the healthy whir of the most expensive fans in Christendom. I looked at her and grinned. "I can't think -- that -- noise! Turn -- off now!" She was trying to keep her cool (an act made all the easier by the now exceptional air conditioning), but even a blind man could have felt the heat from her cheeks as they began to turn a rosy red with rage.

"I'm afraid I can't do that, Mandy," I responded. I guess she looked like more of a Dave than a Mandy, her smooth but noticeably dark follicles of facial hair contrasting with her pasty skin under the lifeless fluorescence of office lighting, but she would not have understood the reference anyway.

With that, I turned back to my console and resumed my xtank session. But what was this? Out of the corner of my eye, I saw water begin to drip out of the corner of Mandy's eye, while she was sitting in my assistant's chair. (Well, I called it the assistant's chair, I had not actually had an assistant since late 1999, when I selected him to be the scapegoat for my rather poor backup schedule.)

"Why must you always make fun of me? I'm just trying to do my job," she blubbed. Sitting close to me now, not even $10,000 of Taiwanese ventilation could block out her piercing tone. "Ever since I got this job the guys here have made fun of me for my shape, why can't they just respect me for who I am."

A change of heart that would have made Montgomery Burns proud caused me to stand up and walk over to the wreck. I wanted to explain this rationally to her, in terms of the mating habits of the human male, and the desire for a woman fit for childbearing and housework, but there was no time for that (it was ten minutes to five). "I'm sorry," I uttered, and rested my hand on Mandy's shoulder, fearing a lawsuit.

Mandy stood up, and without hesitation put her arms round me, whispering, "Thank you." I reciprocated, grateful for a secure office lacking in inside windows. Instead of letting go, she squeezed me harder, and her tears began to stain the shoulder of my designer shirt. I motioned to back away, and in doing so my hand slipped downwards, brushing against her behind.

"I'm not so repulsive, am I?" she questioned.

I was racking my brain for a diplomatic response. "I guess there are advantages to looking at you over the gulls and the hypnotising router LEDs," I confessed. "And unlike with the routers, I'm not called out when you break down. And you don't leave a mess on the roof..."

"That's the nicest thing anyone's ever told me," she interrupted. "Do you have a girlfriend?"

(I'm a geek. Do you have a girlfriend? Exactly.)

"I'm, um, er.. I'm playing the field," was my closest attempt at honesty without offending my manhood. "I dont like to deprive others of my attention by focussing too much on one person."

"That's a shame," she said, and then her tone of voice changed completely. "Because I was so hoping to score before next week's lay-off."

"NEXT WEEK?" There was no chance that I would be able to return my home-brewed Beowulf cluster of 'borrowed' workstations so soon, and I had expected at least two week's warning from management. "Oh, and I know about your Beowulf cluster," she whispered, "but I'm sure I can use my special relationship with your boss to make it easier for you to return the equipment. The question is, what can you do for me?"

to be continued...

Re:WORST EVER TROLL FICTION COMPETITION (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3476990)

lol...

Re:WORST EVER TROLL FICTION COMPETITION (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3477045)

very funny!

when will the next installment be?

please continue!

Re:WORST EVER TROLL FICTION COMPETITION (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3477255)

You, Sir, are a fucking God for posting my fiction! If I weren't so busy revising for a most tedious statistics exam, seeing my work here would be incentive to write more.

Note that because I have released my work under the BSD and not the Grimy Pubescent's Licence, everyone is welcome to use my work without mentioning the source.

The line gets thinner (5, Insightful)

ringbarer (545020) | more than 12 years ago | (#3476912)

How is this type of cancerware distinguishable from a virus that spreads by exploiting security vunerabilities?

It seems that all the Klez and Chernobyl kiddies have gone and got themselves some venture capital, and are turning their malware into a business.

Re:The line gets thinner (0)

Anonymous Coward | more than 12 years ago | (#3477180)

Does not self replicate. This is automated cracking.

This one doesn't... (1)

ringbarer (545020) | more than 12 years ago | (#3477223)

What about the next? How trivial would it be to code up some cancerware that gathers addresses from the victim's address book, and sends itself out to them, hidden in some kind of novelty 'Purple Monkey'-type application?

This situation reminds me of a docu-drama they had on the UK's Channel 4 a few years back, set the requisite 20 minutes into the future, about the ultimate video multicasting 'killer-app' that spread itself across the Internet as a virus. When people wanted to view the video files, they found they automatically HAD the right software without needing to run a complicated install.

What if... (1)

xenotrope (86854) | more than 12 years ago | (#3476920)

The interviewer calls him "Mr. Bigott" and then:

Frank Bigott: "Excuse me, but it's pronounced 'Bee-GOH'."

Big-Boo-TAY (2, Funny)

burgburgburg (574866) | more than 12 years ago | (#3477074)

It's John Big-Boo-TAY!!!

Re:What if... (-1)

Anonymous Coward | more than 12 years ago | (#3477110)

Bee-GOH? Ha. Suuure.

And Mr. Fuchs claims it's pronounced "Fooch"

And Mr. Shinewang prfers "Shinna-wan!"

And And Mr. Asshole prefers is people pronounce his name is pronounced "Ash-oley"

When they all get together:

Shinewang: "Hello, Mr Asshole, good to meet you."
Fuchs: "Who are you calling an asshole?!"
Asshole: "It's pronounced Ash-holio!, fucks"
Shinewang: No need for vulgarity, Asshole"
Asshole: And Fuck, you are the one who is mistaken
about asshole. or I mean ass-holio!
Shinewang: Fuck you too asshole!
Fucks: It's pronounced Fooch!

And the conversation went on for a long time after
that and it ended being a very long day for everyone.

i love the fact... (-1)

posmon (516207) | more than 12 years ago | (#3476924)

that the pop-up from hell story has the biggest fucking ad i've ever seen before i can get to the story.

BARBECUED SQUID WITH HOT DIPPING SAUCE (SQUID SATE (-1, Offtopic)

cmdrtacos_mom (578051) | more than 12 years ago | (#3476929)

Yield: 4 servings
2 lb Squid, cut into rings
1 c Coconut milk
2 Cloves garlic, chopped
6 tb Fish sauce
3 tb Peanuts, finely chopped
Juice of 1 lime
Cayenne to taste
1 ts Sugar
Coconut milk is easily made if you have a blender or food processor.
Boil 1 1/2 cups water. Pour it over 1 1/2 cups of fresh or dry grated
coconut. Beat it in the food processor or blender for at least 1
minute. Strain it through a sieve or through cheesecloth. Marinate
the squid for 1 hour in coconut milk to which you have added the
garlic. Prepare the coals and skewer the squid.
To make the dipping sauce which makes this dish so distinctive,
combine the fish sauce, peanuts, sugar, lime juice and the cayenne.
Grill the squid for about 3 minutes on one side. When brown, turn
over and barbecue 3 minutes more.
Serve accompanied by the dipping sauce.
This recipe will produce tasty grilled fish if you use firm varieties
such as swordfish, sea bass or halibut, cutting the steaks or fillets
into large squares.
This dish serves 4 to 6 as part of a larger meal.

Re:BARBECUED SQUID WITH HOT DIPPING SAUCE (SQUID S (0)

Anonymous Coward | more than 12 years ago | (#3477214)

" Coconut milk is easily made if you have a blender or food processor. Boil 1 1/2 cups water. Pour it over 1 1/2 cups of fresh or dry grated coconut. Beat it in the food processor or blender for at least 1 minute. Strain it through a sieve or through cheesecloth"

Mom,
I know that you all are from the midwest and such, but canned coconut milk is readily availible in most liqour stores and specialty food stores. In fact, here in Florida, the damn stuff grows on trees!

You should correct your recipe to reflect that, particulary since this simplifies the preparation by several steps.

So... (1)

Anonymous Coward | more than 12 years ago | (#3476939)

This is, what, the 999th article about how bad/sloppy Microsoft's products are? Or is this the 998th article about slimey business practices.

It's so hard to keep track and the champaign has hardly had time to age.

Obligatory: I don't us IE and I disable Java whenever possible.

Finally... (1)

Jonboy X (319895) | more than 12 years ago | (#3476946)

...a good reason to use an Applet.

Re:Finally... (0)

Anonymous Coward | more than 12 years ago | (#3477096)

Actually there are good reasons to use an applet. Hoverbuttons and crap like that are not among them.

Um.. (4, Insightful)

xtermz (234073) | more than 12 years ago | (#3476947)

...Call me naive, but why isnt that states attorney general investigating this company? This is nothing short of corporate sponsored hax0ring.

I didnt see any mention in the article of somebody lodging a criminal or even civil complaint.

I think a big reason these companies get away with this crap is that nobody takes them to task for what they are doing...

Re:Um.. (0)

Anonymous Coward | more than 12 years ago | (#3477187)

What makes you think the CA AG's office isn't investigating? The article only said they (understandably) refused to comment on the case:

Susan Henrichsen, deputy attorney general for the state of California, declined to comment on specifics of the IntelliTech situation. But she noted that downloading software onto someone's computer without permission is tantamount to hacking.

"If, on top of that, you track people with spyware with the intent of selling the information, that goes way over into unfair and deceptive practices. It's really pretty appalling," she said.


Just wondering... (1)

chazzf (188092) | more than 12 years ago | (#3476958)

I take it this applies only to Microsoft's implementation and not to Sun's Virtual Machine? Not that Sun's is any more stable...(I run Win98 SE, and it dies on me all the time).

Re:Just wondering... (0)

unixmaster (573907) | more than 12 years ago | (#3476997)

Try to run it on a real operating system.

How Exactly (0, Offtopic)

KingKire64 (321470) | more than 12 years ago | (#3476961)

Do people like this sell thier soul to satan? I would like a Cray Computer Im considering selling my soul for it... but i guess satan is backed up with these Popup Companies

Re:How Exactly (2, Funny)

ThePilgrim (456341) | more than 12 years ago | (#3477056)

Sir,

With refrence to your order CR12345778092

We are sorry to tell you that your order is in a holding queue.

As you will be aware all transactions require the primaries signiture signed in triplicate in BLOOD.

Unfortunatly you seam to have taken this to mean the blood of any conviniant human near by.

We require the signature to be in your blood.

We are sorry for the delay this missunderstanding has caused and look forward to taking possession of your soul at the earlist.

Yours,

B. L. Z. Bub

Head of Customour Resources

Hell

Moore's law makes for bad soul trade. (0)

Anonymous Coward | more than 12 years ago | (#3477142)

I bet the guy who sold his soul for an 8088 screams a little louder than the rest when he dropd dead in about ten years.

r-e-s-p-e-c-t (1, Flamebait)

resonator (151559) | more than 12 years ago | (#3476970)

It's a pretty in depth story showing the lack of respect that some companies have.


Are you refering to the lack of respect Microsoft has for those who use their products? :)

Re:r-e-s-p-e-c-t (3, Interesting)

gfxguy (98788) | more than 12 years ago | (#3477243)

I have to take issue with this. I really hate MS, believe me, but the fact is they (as well as a lot of bad things) make products that are user friendly and have lot's of features that, if not abused, could make a much nicer computing experience for everyone.

It is their problem that people are abusing it, but it's not their fault people are abusing it. I compare this to the luxery of having a convertable - it'd be really nice if it weren't so damned easy to break into, but it's not the car makers fault it happens - they just need to work on a way to help prevent it. And the fact is that people LIKE convertables - it's a feature.

The sad fact is that while MS is horrible about securing their products, it's the crackers and punks and phreaks that make it difficult for everybody. Sure, I'm approaching this from an existentialist point of view - not particularly realistic - but you have to blame the people that are maliciously taking advantage of a problem as well the company that fails to correct it.

It's crackers fault I have to spend my money and time protecting against break-ins. Even if you are well protected, these people steal my money and waste my time and that latter part is unforgivable. Yes, I feel the same way about the people who make it necessary for my house and car to need locks and an alarm system. I know it's reality, but those are the people I blame for making it reality.

Ok, now I'm venting, pardon the rant. I like dogging MS as much as the next guy, but the people who are violating your privacy are the ones that need your antagonism.

i like this assumption (1)

igottheloot (573080) | more than 12 years ago | (#3476978)

"Try this: Thousands of unsuspecting visitors to a family entertainment site are discovering a cornucopia of unwanted, potentially malicious software on their computers--"

yeah, ok... i bet people running an old version of ie, visiting a family entertainment site, really figured this out on their own.

Booooring! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3476985)

Not. Trollworthy.

Bring on the Katz! Bring on the Katz! Bring on the Katz!

One thing (0)

Anonymous Coward | more than 12 years ago | (#3476988)

fuck them

mod story as -1, troll (0)

Anonymous Coward | more than 12 years ago | (#3476995)

...or -1, flamebait

'scuse my language, but (4, Flamebait)

eples (239989) | more than 12 years ago | (#3476996)

From the article:
  • Flowgo
  • eUniverse
  • IntelliTech Web Solutions
  • KoolKatalog
  • Volton Technologies


WHO THE FUCK ARE THESE PEOPLE?! Never heard of a single one of them - figures they'd be polluting the Internet.
Shouldn't these shitty companies have DIED last year?!

Re:'scuse my language, but (4, Interesting)

hagardtroll (562208) | more than 12 years ago | (#3477047)

Yes. The .com weenies who are still struggling to survive are doing it with questionable ethics.

You notice as available VC goes down, the number of pop-ups, subscriptions and sleazy sites go up.

I like to think that eventually the sleazy and make-abuck-quick companies will finally go under, and the web will be more like it was before. A communications medium for PEOPLE to communcate, rather than a giant catalog that consumers can shop from.

I can dream.

eUniverse traded on NASDAQ (0)

Anonymous Coward | more than 12 years ago | (#3477280)

Don't know about the other companies, but eUniverse's (EUNI [nasdaq.com] ) site says it is "the largest and fastest growing entertainment orientated network on the Internet. With over 19+ million unique visitors per month, it is consistently ranked as one of the Top 15 Most Visited Properties on the Internet by both Nielsen//NetRatings and Media Metrix"

That would explain... (3, Insightful)

Nos. (179609) | more than 12 years ago | (#3477004)

all those lame server on wwws1.com entries in my log files. My girlfriend's computer got hit by this, and I cleared it out (eventually). Funny, guys who can write these programs to monitor everything you do on the 'net, but can't setup DNS properly.

That would explain why he didn't get it (2)

maggard (5579) | more than 12 years ago | (#3477119)

all those lame server on wwws1.com entries in my log files. [...] Funny, guys who can write these programs to monitor everything you do on the 'net, but can't setup DNS properly.
Whoah there quick-at-the-mouth. wwws1.com was the intended address, not www.s1.com. Their strategy worked exactly as intended by providing a reasuring-looking domain.

Re:That would explain why he didn't get it (3, Informative)

Nos. (179609) | more than 12 years ago | (#3477135)

wwws1.com was the intended address

Yup, like I said, I have a log full of lame server entries for wwws1.com -> translation, the program was sending her to wwws1.com and my DNS server when doing the resolving was reporting the fact that the DNS for wwws1.com is not setup correctly.

Who said anything about www.s1.com?

Shouldn't this count as a computer crime? (1)

swinginSwingler (161566) | more than 12 years ago | (#3477035)

Maybe I'm just talking out of my ass, but, a web-site that just "installs" a program on my computer unbeknownst to me seems not too unlike me sending company X an email that "installs" a program on their computer unbeknownst to them. Yeah, IANAL and all that bull.

Re:Shouldn't this count as a computer crime? (3, Interesting)

RatOmeter (468015) | more than 12 years ago | (#3477175)

I think so. In fact, I'll be surprised if we do not see this going to court. If any of the affected PC's belong to a fortune 500 or larger company, I can nearly guarantee it. What I think should happen is that a class action suit be filed on behalf of all of the common people who were affected.

Heck, I'm sure if I the same exploits to upload even 1 teeny-tiny file to a PC, let's say, at a local bank. Guaran-damn-tee I'd be in lockup the next day.

The company behind this needs to be more than bitchslapped. They're going down.

I heard trojan.. (0)

Anonymous Coward | more than 12 years ago | (#3477060)

and it reminded me to go buy some more, cause I don't want to catch anything from Cowboy Neal tonight...

Block Flowgo at SMTP (5, Interesting)

toupsie (88295) | more than 12 years ago | (#3477062)

Flowgo has been a burr in my britches for quite a while. It appears that everyone of my e-mail users gets "newsletters" from Flowgo. About 30% admit to visiting the Flowgo site but swear up and down that they did not request the newsletter. At first, I tried to be nice and contact Flowgo and ask for them to remove my employee from their newsletters (its easier than trying to instruct them to do it). Got back no response. At first I was shocked that Flowgo would not remove them. So after giving them a week, I went into my Postfix [postfix.org] configuration and blocked off any e-mail from Flowgo. That was 5 months ago. Still today, I bounce 50 to 100 messages from Flowgo from my mail server. I noticed that several blackhole lists are doing the same now.

There has to be a solution to this sort of problem. About the only way I could get Flowgo to stop SPAMMING my mail server is to call up a buddy of Tony Soprano to break their knees because Flowgo doesn't care and I have never, ever, ever been able to get one of my elected officials or law enforcement agency to pay any interest in Unsolicited Commercial E-Mail. Its not like Flowgo is hiding its behavior either. It should be easy to get them but no one that matters or has the power, gives a damn about this huge waste of bandwidth.

Re:Block Flowgo at SMTP (2)

buss_error (142273) | more than 12 years ago | (#3477185)

I've had FlowGo blocked for almost a year. I still bounce mail from them to the tune of several dozen a day. Perhaps it's time for an RBL nomination? SPEWS, anyone?

Re:Block Flowgo at SMTP (2)

Skapare (16644) | more than 12 years ago | (#3477268)

I've been blocking flowgo and euniverse for over a year. These people are totally slimy, and they haven't figured that mail bounces. These people give the human race a bad name.

Maybe I'm a pervert.... (1, Offtopic)

Xenopax (238094) | more than 12 years ago | (#3477071)

But did anyone else read the words "trogan", "pop-up" and "slimeball" and immediately think /. changed it's focus?

Re:Maybe I'm a pervert.... (0)

Anonymous Coward | more than 12 years ago | (#3477116)

Nope you are a pervert, and a waster of +'s

Re:Maybe I'm a pervert.... (0)

Anonymous Coward | more than 12 years ago | (#3477186)

I'm reminded of the "Nudge Nedge" skit in Monte Python.

I complain (4, Interesting)

nuggz (69912) | more than 12 years ago | (#3477085)

When I find an annoying advertisement, I complain.

An email, or written mail, just saying that I don't like it.

I was liquored up and complained about the GAP commercials, I got a very nicely worded response.

Now if I can find the email address for those putting all the pop up ads fo the Mercury Marauder up.....

My email generally says, "I saw a **** at http://****, and didn't like it because *****, why don't you just *****"

for po[p up ads, I'll say something about I prefer the less intrusive advertisements, when they force me, it makes me angry at the product being shoved in my face.
It is really nice if you can mention how you were already aware of their product somewhere else (magazine review, top of page ad, someone told you)

i thought flowgo.com was a known spamhouse... (1, Insightful)

Anonymous Coward | more than 12 years ago | (#3477088)

I am pretty sure that flowgo.com is a known spamhouse that sends fake "opt-in" mailbombs to users. I would recommend that blocking all mail from flowgo.com if you have a large userbase and need to keep spam off your servers.

Look, I'm all for beating these guys with a stick (0, Offtopic)

Unknown Poltroon (31628) | more than 12 years ago | (#3477095)

But do we really have to stoop to making fun of the dudes name?

Well, ok, we do, but it still aint quite right.

.

Re:Look, I'm all for beating these guys with a sti (0)

Anonymous Coward | more than 12 years ago | (#3477165)

Don't mod him down! Show some sense of humor! It's actually a funny post! Perfect example of when =not= to mod down due to Off Topic.

Instability in their systems. (1, Flamebait)

Restil (31903) | more than 12 years ago | (#3477106)

People first discovered the virus when they noticed crashing and instability in their systems. So THAT'S what causes it. And all this time I just thought it was crappy software.

Yes.. I know... this is Microsoft Bashing. Mod me down.

-Restil

LA Based ? CPC 502 applies (3, Interesting)

UncleFluffy (164860) | more than 12 years ago | (#3477138)

It's about time someone got put away for this sort of crap.



California Penal Code, look for section 502 [ca.gov]

Re:LA Based ? CPC 502 applies (3, Funny)

dattaway (3088) | more than 12 years ago | (#3477195)

By "put away," what methods are you suggesting?

Prison?
Concrete shoes?
In the trunk of a car?
Handcuffed to the floor in a crack house?

Sounds good, but could you be more specific?

Another reason why choice is good. (2, Insightful)

aao-brad (542582) | more than 12 years ago | (#3477139)

I think this is the problem with M$ trying to take over the world, so to speak. If all users in the world had to use M$ products and browsers, this kind of thing would happen a lot more. Why? There are a lot of other slimeball businesses out there thinking up ways of doing things, and I bet they'd read this article and wonder why they didn't think of it first.

With that in mind, if the slimeballs knew that they can target one platform / browser (which is the case now as most normal people use IE anyway), they can devise things like this. Personally I use Mozilla, and tonight I'm converting to Linux, so this won't be much of an issue. I just wish more people knew there were other choices out there besides M$, and then they wouldn't fall victim to this.

It was only a matter of time... (2, Interesting)

GnomeKing (564248) | more than 12 years ago | (#3477140)

Companies appear to be using more and more dodgy ways to make money from us

Spyware for targetted ads... Scumware for stealing our resources... using exploits to do whatever they like

whats next?
deleting competitors software? (or even worse, dissabling it/making it give incorrect results in such a way that the user doesnt know its been tampered with)
Installing backdoors so they can verify that your not using their software illegaly?

I feel increasingly that we, the consumers, need to have some sort of protected from spyware, scumware, companies who exploit security problems and the next generation of click through "but you signed your kidneys over to microsoft when you bought office!"

OMG (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3477153)

you guys finally used the internet explorer icon!

i thought I would never see the day where you used it, for about the fifth time in the history of slashdot.

now what you should really do is get a google icon

What's scarier (5, Interesting)

shawnmelliott (515892) | more than 12 years ago | (#3477173)

I don't know what's scarier. This article or that a related article at the bottom of this one talks about our "friend" Fritz who wants to "protect" spyware by defining what's sensitive.

Quote
The second is "nonsensitive" information, and among that will include your name, address, and records of anything you buy or surf on the Internet. Under the act, business can't collect or divulge the sensitive bits without your express consent, but anything classified as nonsensitive can be freely collected and sold at will.
End Quote

The article can be found here [salon.com]

My Turkey-Baster Pregnancy (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3477184)

I am a lesbian, deeply involved with a woman of lusty beauty such as most men will never know. Her hair is short and blonde. Her face is bold, with a nice sexy square jaw. She has small breasts, and muscular arms and legs, and even a slight hint of a six-pack. Just the mere thought of her body gets my juices flowing.

She and I have been carpet munching for well over five years now. We love each other deeply, but it seems we've reached an impasse in our relationship. Every night, I lick and I lick and I lick. I finger, finger, finger. I also get the attention back with all sorts of creative ideas from my partner. Everything from dildos, to finger paints (when I am on my period), to meat tenderizer. However, no matter how much sexual gratification we exchange, it seems to be wearing down.

One day, while surfing on Slashdot, I learned about an interesting technique involving a turkey baster. The basic idea is that you fill a turkey baster [msmagazine.com] with semen [everything2.org] , then insert that tool into the vagina [everything2.org] , and squeeze out its contents. With this in mind, I contemplated the idea of getting pregnant with this method, and having a baby with my partner.

I approached my beautiful mate and asked him if she wanted to have a baby. Her face lit up! She seemed to be excited; imbued with new life! However, the euphoria rapidly dissipated when she came to the realization that she did not possess the proper equipment to get me pregnant. I quickly responded that "indeed you do have the right equipment! It's in the kitchen, I'll show you." Promptly, we waltzed into the kitchen and out of a drawer, I produced the turkey baster that would bring a new life into world.

The next job was to find a source of sperm. Sperm is not hard to come by. Men ejaculate tens of thousands of gallons of it every day [cmdrtaco.net] . We figured it'd be easy to acquire a nice hot, steaming load of cum from virtually any man. One day, I stood outside the door of our home, close to the sidewalk, top-less, and perking my lively breasts at any man who passed. Most simply gawked, but some actually tried to touch, but quickly walked away before doing so. Pretty soon, a nice young man [slashdot.org] came along who took such an interest in my tits that he seemed to forget about all else! Before long, I had him in our house and I was giving him a blowjob before he even knew what happened. As soon as he shot a big load into my mouth, I grabbed the baster and spit the load into it. He looked puzzled, but quickly realized the bizarre situation he was in and left immediately. I paid him no mind.

"Quickly," I shouted to my lover, "fuck me with this thing!" My lover grabbed the baster, thrust it into my eager beaver, and began to thrust like she was a man. I rubbed her clit and fingered her and she tweaked my boobs and fondled my own clit. When we were both about to climax, she squeezed the bulb of the turkey baster, squirting the whole load deep into my uterus. The warm, thick feeling of it drove me wild! When we were done, we rubbed oil all over each other's bodies, praying to the Lord Jesus that we would get pregnant.

Over the next few weeks, signs of something unusual began to show. As it turns out, I was not only pregnant, I had herpes too. Fucking Hemos! My life was turned upside down, but that story is for another day...

happily unsupported (1, Troll)

BroadbandBradley (237267) | more than 12 years ago | (#3477188)

as ISP techsupport front line, I hear about this type of stuff all the time. Customers often think the ISP is the culprit and ask us to stop the pop ups. These are the same folks who can't get thier email after messing with firewall settings (not even knowing what a 'port' is). I'm amazed that novice users put up with all that winblows vrus crap. I guess they don't know there's another way to deal with it, until I tell them about Linux.

As a Linux user, my platform doesn't seem to be supported by any of these AdWare/SpyWare applications.

Sometimes it's good to be unsupported, and I think a lot of these novice users might do well on an unsupported platform.
Long live Tux, Defender of the free!

Are we surprised? (1)

mixbsd (574131) | more than 12 years ago | (#3477192)

Don't forget that this happened via Flowgo, spammers extroadinaire, who have no scruples about using the September 11th disaster [nwfusion.com] for their own ends.

Personally, I hope both IntelliTech (misnomer) and Flowgo are prosecuted for this.

Old version of VM/IE? (1)

ejaw5 (570071) | more than 12 years ago | (#3477225)

The article said the flaw exists in an old version of the Java Engine of Microsoft's Internet Explorer...

The M$ bulliten linked on the article and here [microsoft.com] shows that
The Microsoft VM is a virtual machine for the Win32® operating environment. It runs atop Microsoft® Windows 95, 98, Windows Me, Windows NT 4.0, or Windows 2000. It ships as part of each operating system, and also as part of Microsoft Internet Explorer. The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.x and Internet Explorer 5.x contains a security vulnerability that could allow a Java applet, on a malicious web site to take any desired action on a visiting user?s machine.

Now, to me, Windows 2000 / IE 5.x isn't really OLD , considering that the majority of M$ users have IE 5.x. It may not be "new" like IE 6 or XP, but it doesn't mean 5.x is outdated.

Wow!!! (1)

feloneous cat (564318) | more than 12 years ago | (#3477256)

My day has been ruined! Outlook AND Explorer both can spread virii?

Shit, this is like Microsoft writes bad code or something...

Can this be true or am I just living a nightmare?

Will we end up removing BOTH programs and installing two million candle-power lights to point up into the night sky to symbolize where these two mighty titans once stood?

Will Bush launch a strike against Redmond killing thousands (or putting them out of there misery)?

internet explorer slashdot story icon (2)

ubiquitin (28396) | more than 12 years ago | (#3477257)

This is the first time I can remember seeing a I.E. icon (Mac-style) on a slashdot story. How appropriate that the story is about the most annoying feature of Microsoft's browsing apps: javascript pop-up hell. But seriously, times have never been better for non Internet Explorer browsers: Opera, Konquerer, iCab, Chimera, and Mozilla are all extremely usable at this point.

Moot licensing? (3, Interesting)

Denium (537999) | more than 12 years ago | (#3477279)

IANAL but...

If a piece of software *is* malicious spyware, it would be counterintuitive to ask the user to authorize its use and consent to a license agreement.

So -- let's assume that the software exploits the hole and, in the process, causes damage to your machine. Because you did not agree to the usual clickwrap, (software is AS IS, etc etc) could you hold the company liable for this?

Just a thought :)

Speaking of slimeball tactics.... (2)

artemis67 (93453) | more than 12 years ago | (#3477305)

You may remember that, immediately after Sept. 11, a very popular popup making the rounds was for a game called "Yo Mama, Osama". If you clicked the ad and played the game, of course, it installed a spyware app (don't recall which one).

While technically not any different from the way other spyware are distributed, it still tops the list in my book for the sleaziest thing I've yet seen in spyware, i.e., capitalizing on the emotional turmoil for 9/11.

Trojans and Popups and Slimeball Business.... (1)

josquint (193951) | more than 12 years ago | (#3477307)

...Oh my!

Trojans and Popups and Slimeball Business
oh MY!!

Trojans and Popups and Slimeball Business
OH MY!!!


*out pops the wicked digital witch of the west*

What bothers me... (5, Interesting)

j-turkey (187775) | more than 12 years ago | (#3477309)

What bothers me the most, is that Federal Law Enforcement agencies have been going after individuals who crack corprate machines for years -- and hitting them with hard criminal charges (or in some cases, [kevinmitnick.com] just throwing them in jail without clear or formal criminal charges).

Its clear that the federal government is zealous in its crusade to protect corporate America from "hackers". But who protects individuals from shady companies?

Its also clear that the company behind the trojan popups has engaged in criminal activity...but where the hell is the criminal investigation -- anyone being brought up on charges? At most -- we might see some fiducary damages awarded to someone (but not anyone here -- and not to anybody we know)...but if the feds can throw Kevin in jail -- I want the fuckers responsible for this kind of malicous marketing in jail too...(don't forget spammers either).


-Turkey
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?