Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
 
Recent Posts
Categories
Monthly Blog Archives
Links
Subscribe
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

« A Korean Trick or Treat? | Main | Skype Worm Variant Targets Other Instant Messaging Clients »

  • The Pooo Hijack, and an Empty Sweetbox...

Here's an interesting roundup of unrelated Chinese oddities for you to get your teeth into. First off, let's look at something that redirects you to....er.....well, you'll see.....

poo1.jpg

From this file leaps great things - or at least, a bizarrely named hijack:

http://blog.spywareguide.com/upload/2007/05/poo2-thumb.jpg
Click to Enlarge

That's right, your IE homepage is hijacked to....Pooo.cn (Beta!) and restrictions are placed in the IE settings so you can't change it back easily. The site itself is a typical Chinese multimedia website, with an endless collection of videos and flash animations:

http://blog.spywareguide.com/upload/2007/05/poo3-thumb.jpg
Click to Enlarge

...yeah, makes no sense to me either. So there we have it, short, sweet and, er, odd.

Next up, something that I came across while looking for something else - sadly, the main site this stuff launches from is apparently dead but that doesn't mean we can't take a look at it:

sweet1.jpg

...well, we all like sweets, right? If you run the executable, you'll see what is presumably a EULA:

http://blog.spywareguide.com/upload/2007/05/sweet2-thumb.jpg
Click to Enlarge

Of course, I have no idea what it says but let's press on anyway:

http://blog.spywareguide.com/upload/2007/05/sweet3-thumb.jpg
Click to Enlarge

I can't be sure, but it looks like some sort of media player. Another offering from the same people gives us a (very limited) web browser:

http://blog.spywareguide.com/upload/2007/05/sweetbrowser1-thumb.jpg
Click to Enlarge

...again, with the main site down it doesn't currently do much other than sit there and look nice. However, thanks to the wonderful Internet Archive, we can go back and have a look at the main site:

http://blog.spywareguide.com/upload/2007/05/sweet4-thumb.jpg
Click to Enlarge

...so, it looks like a good bet that both of these applications were simply there to serve up the movies and videos from that website. If the site ever comes back online, we might be able to get a firm answer and wrap everything up in a neat little bow or something...

  • TrackBack

TrackBack URL for this entry:
http://blog.spywareguide.com/mt/mt-tb.cgi/175

Listed below are links to weblogs that reference The Pooo Hijack, and an Empty Sweetbox...:

» Tramadol hydrochloride. from Tramadol.
Tramadol fda. Tramadol. [Read More]


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.