funsec mailing list archives
Re: Ben Edelman: Non-Consensual 180 Installations Continue
From: Kevin McAleavey <kevinmca () nsclean com>
Date: Mon, 20 Feb 2006 10:40:53 -0500
Heh. No. really? Well, I s'pose we ought to at least give this reporter a "New York Times" award for at least hearing a cluephone ringing. :) LEGITIMATE COMPANIES control the banners and the installs themselves and NEVER accept "partners" to do so for them. Google toolbar comes to mind here. So Ben Edelman ... COME ON DOWN! Heh. At 10:00 AM 2/20/06, Unca Fergie wrote:
Kudos, Ben Edelman. [snip] On Friday morning (February 17), I received a nonconsensual installation of 180solutions Zango software through a security exploit. I was browsing an ordinary commercial web site, when I got a popup from exitexchange.com (a major US ad network, with headquarters in Portland, Oregon) . The popup sent me to a third-party's web site. (I'll call that third party "X" for convenience.) Then X ran a series of exploits to take control of my test PC, including using the widely-reported WMF exploit uncovered last month. Once X took control of my PC, X caused my computer to install and run 180solutions Zango software, among a dozen other programs. Notably, X fully installed 180's Zango without me taking any action whatsoever -- without me clicking "I agree," "Yes," "Finish," or any other button of any kind. X installed 180's Zango despite 180's new "S3" protections, intended to block these nonconsensual installations. Most aspects of this installation are remarkably standard. "Adware" installations through security exploits are all too common. And it's not that unusual to see traffic flowing through an ad network -- even a big US ad network. But what's newsworthy here is that 180solutions got installed, even though 180 last year told the world that these nonconsensual installations were impossible. Effective January 1, 2006, all 180solutions distributors were required to switch to 180's "S3" installer. [snip] Much more here: http://www.benedelman.org/news/022006-1.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
---------------------------------------------------- Kevin McAleavey at your service Privacy Software Corporation http://www.nsclean.com kevinmca () nsclean com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Ben Edelman: Non-Consensual 180 Installations Continue Fergie (Feb 20)
- Re: Ben Edelman: Non-Consensual 180 Installations Continue Kevin McAleavey (Feb 20)