IST Adware Via WMV Files

| | Comments (2)

Are you interested to downloadable movie clips? Many people are so be alert!

During the course of research, I tried googling for some popular video albums, I came across a forum that holds many articles and download links based on the users interests. More than ten thousand members are sharing their articles and download links in this forum. Many of these are what you might call spicy material. I suddenly paused when I found a fellow who was posting many adult video clips. Most of the download links are from Rapidshare

Rapidshare is a domain where people can upload / download files of up to 45GigaBytes.

I picked up one of the threads which appeared on May 22, 2006.

http://blog.spywareguide.com/upload/2006/05/ISTAdwareThroughWMVFile/jimpolk-thumb.gif

Jimpolk , the user name of the person who posted the thread did not give any personal information and he is not the member of any public group in the pakkadesi forum so I can deduce this might be a marketing attempt.

http://blog.spywareguide.com/upload/2006/05/ISTAdwareThroughWMVFile/infectionurl-thumb.GIF

I received two download links, which hold the same video clips and I selected via the rapidshare link.

I downloaded the clip and played it using Windows Media Player. It suddenly began acquiring a license rather than opening the media.

http://blog.spywareguide.com/upload/2006/05/ISTAdwareThroughWMVFile/acquiringLicense-thumb.gif

I used Netpeeker to track what is happening with my Media Player and the report showed the Windows Media Player making contact with ysbwebcom to install IST Adware products

http://blog.spywareguide.com/upload/2006/05/ISTAdwareThroughWMVFile/netpeeker1-thumb.GIF

All becomes apparent when an Active X Control pops up. The Active X control is signed by Integrated Search Technologies. (Note: This does not mean a control is safe- only signed.)

http://blog.spywareguide.com/upload/2006/05/ISTAdwareThroughWMVFile/ActiveX-thumb.GIF

They did not allow me to view the video without installing the IST adware.

http://blog.spywareguide.com/upload/2006/05/ISTAdwareThroughWMVFile/License-thumb.gif

The EULA was last updated on May 4, 2006 (Incidentally the very same date which Jimpolk registered in the pakkadesi forum), which is a very recent move by Integrated Search Technologies to distribute their Advertisements. People can also check out EULA Analyzer Beta to help analyze agreements.

Users will need to agree to a license that enables the installment of several applications. These include ISTbar , SlotchBar , YourSitebar and Xxxtoolbar. This is just to view one movie!

They may also install their third parties adware products like Internet Optimizer and SurfAccuracy.

I picked up the network traffic, which helped me to find determine IST might be affiliated with some people who are distributing the WMV files. Of course, it could also be an account set-up for internal analysis.

POST /v7.aspx?id=65181&filename=Desi_bhabhi_******.wmv&affiliate_id=1000656:1913 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: SendHTTP
Host: drm.ysbweb.com

GET /ist/scripts/license.php?key_id=&filename=Desi_bhabhi_******.wmv&affiliate_id=1000656%3a1913 HTTP/1.1
User-Agent: SendHTTP
Host: www.ysbweb.com

Since there is large demand for adult entertainment online it comes as no surprise, companies are distributing their products through pornographic video clips. Likewise it is not surprising people are trying to earn money by becoming an affiliate for adware companies like IST. (In this case, by uploading their movies in sites like rapidshare.) The user, JimPolk, may be one among them who gets their pocket money just by distributing adware through the video clips.

The lesson here is that free often carries a steeper price tag than what you might think- the trade-offs are often hidden. Think before you click and ask yourself is downloading several applications that will throw pop-up ads, make trade-offs in your privacy, and slowing down your computer worth the video you are about to download? Also consider you will have to endure this software long after the video is gone.

2 Comments

Very cool stuff Wayne. I remember those early days as well. I hadn't realized how long instant messaging had been with us! I use AIM but I am going to check out Skype based on your piece. Do you know anything about the Skype phones? Do they work pretty well or still need some polish?

Jim Tonelson

Recently, many of type of internet users take oppurtunities by using internet. I'm already have received many emails including SPAM email in my mailbox. Most of them sent illegal message or picture and the rest always promote their business without my permission. For me that's normal due to we pursue to face billion people in the internet's in the world.

Leave a comment

About this Entry

This page contains a single entry by published on June 3, 2006 12:00 PM.

We Promised Botnet Crazy, and we Deliver.. was the previous entry in this blog.

Skype, IM and VoIP Ignite- The Enterprise Will Embrace is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.