Adware / Spyware Issues: February 2007 Archives

You've probably seen a number of articles regarding the case of Julie Amero, a substitute teacher caught in a storm of porn popups and faced with anything up to 40 years in jail. Well, here's an excellent piece of work that details exactly WHY Julie Amero is the victim of a witch-hunt. Never again will you stumble for an answer to the question "why didn't she just turn it off?"...

Microsoft have had their hands full these past few days, trying to eradicate rogue adverts appearing on banner ads served up via MSN Messenger. Here's the original writeup on this, and here's some coverage in the news with a line or two from yours truly...

An interesting interview with FTC Chairman Deborah Platt Majoras. However, compare and contrast with the reaction to Direct Revenue being fined just $1.5 million Dollars:

FTC Commissioner Jon Leibowitz, the sole vote against the settlement, said the $1.5 million fine "is a disappointment because it apparently leaves Direct Revenue's owners lining their pockets with more than $20 million from a business model based on deceit."

...is it just me, or should more people be thinking the same thing as this guy?

Chinese Adware: Coopen

| | Comments (0)

Here's an interesting one - apparently from a Chinese Trojan bundle, "Coopen" places a media tool on your desktop, which rotates between desktop backgrounds and screensavers. At least your desktop hijack will be a visually striking multimedia experience!

http://blog.spywareguide.com/upload/2007/02/coopn5-thumb.jpg
Click to Enlarge

That's not all, however - the Coopen media player is really only the introductory salvo. From the same bundle, your desktop will end up with a non-closable box on it, which you can only kill off using Task Manager:

http://blog.spywareguide.com/upload/2007/02/coopn1-thumb.jpg
Click to Enlarge

The box itself mostly serves up an endless stream of high bandwidth adverts that seem to do nothing other than promote short movie clips and streamed video:

http://blog.spywareguide.com/upload/2007/02/coopn2-thumb.jpg
Click to Enlarge

There also seems to be a lot of popups from what appears to be some sort of social networking / blogging site:

http://blog.spywareguide.com/upload/2007/02/coopn3-thumb.jpg
Click to Enlarge

You can read more about Coopen here. Although Coopen itself is not particularly high risk - it's a media program rotating screensavers - it does illustrate how complicated things will be for researchers in the West as more of these programs start to appear, such as here where the researcher might not even know if the popup box is related to Coopen, or a different part of the same Trojan hijack. Is it Adware? Spyware? Malware? All one program, or different components doing different things (as is the case here). Is the intent behind it malicious, or is it supposed to serve some useful purpose? How do we track the money streams? Will we be able to penetrate the networks behind the scenes and work out who the key players are? Most importantly, what do we do when faced with a EULA containing six million Chinese characters?

Tough questions, and no easy answers in sight...

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research: CC, and Chris Mannon, FSL Senior Threat Researchers

Pages

About this Archive

This page is a archive of entries in the Adware / Spyware Issues category from February 2007.

Adware / Spyware Issues: January 2007 is the previous archive.

Adware / Spyware Issues: March 2007 is the next archive.

Find recent content on the main index or look in the archives to find all content.