Ben Edelman: Non-Consensual 180 Installations Continue

["Fergie" <fergdawg () netzero net>]

Kudos, Ben Edelman.

[snip]

On Friday morning (February 17), I received a nonconsensual installation of 180solutions Zango software through a 
security exploit. I was browsing an ordinary commercial web site, when I got a popup from exitexchange.com (a major US 
ad network, with headquarters in Portland, Oregon) . The popup sent me to a third-party's web site. (I'll call that 
third party "X" for convenience.)

Then X ran a series of exploits to take control of my test PC, including using the widely-reported WMF exploit 
uncovered last month. Once X took control of my PC, X caused my computer to install and run 180solutions Zango 
software, among a dozen other programs. Notably, X fully installed 180's Zango without me taking any action whatsoever 
-- without me clicking "I agree," "Yes," "Finish," or any other button of any kind. X installed 180's Zango despite 
180's new "S3" protections, intended to block these nonconsensual installations.

Most aspects of this installation are remarkably standard. "Adware" installations through security exploits are all too 
common. And it's not that unusual to see traffic flowing through an ad network -- even a big US ad network.

But what's newsworthy here is that 180solutions got installed, even though 180 last year told the world that these 
nonconsensual installations were impossible. Effective January 1, 2006, all 180solutions distributors were required to 
switch to 180's "S3" installer.

[snip]

Much more here:
http://www.benedelman.org/news/022006-1.html

- ferg



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.