
FunWebProducts - some info
#1
Posted 15 July 2004 - 05:53 PM
You get it from several sources, but typically either the iWon.com searchbar or their Smiley toolbar. FunWebProducts.com will show you their applications. They claim it isn't spyware, because it isn't grabbing identifying information. But it _is_ sending them a record of every websearch you made, with your IP address. I don't know what they use it for.
What we see in our web logs are things like:
63.144.42.96 - - [17/May/2004:09:13:12 -0700] "GET
/calldetail/bellsouth?p=8283614550 HTTP/1.1" 200 3471 "-" "SURF"
63.144.42.96 - - [17/May/2004:09:13:14 -0700] "GET
/calldetail/bellsouth?p=8283614550 HTTP/1.1" 200 3471 "-" "Mozilla/4.0
(compatible; MSIE 5.5; Windows 98; FunWebProducts)"
What I notice is that every request from the browser (the one with the UserAgent containing FunWebProducts) also has an identical request from useragent "SURF". FunWebProducts is the user's browser. It downloads all the images and stylesheets and so forth. SURF, on the other hand, just loads the html for the user requested page, without images. This goes back to somewhere other than the user's web browser.
So, they have your IP Address, browser settings (probably no big deal), and the text of every web page you've visited (a more worrisome prospect.) This'll probably slow down your browsing, as you're requesting and downloading the text portion of every web page twice, and then retransmitting it somewhere. (Since it doesn't fetch images, though, it's not so bad unless you're looking at huge text files.)
It's worse news for webmasters, as if many users have this, the bandwidth increases are more noticable.
Also, if you're reading confidential webpages, like on a corporate internal site over a VPN, you could very well be leaking proprietary information to who knows where. Be very concerned if you handle anything you want to keep secret through the web.
I'd recommend users download the appropriate software to remove this product (it's difficult to remove, but there are numerous pages returned on a search for 'FunWebProducts spyware' on google that give help.) I'd also encourage any webmasters with proprietary documents or worried about bandwidth usage from the html part of their documents to ban the "SURF" user agent. (I don't know what the user experience is if the FunWebProducts half of the query is allowed but the spyware part is blocked. I don't really want to test this product on my system.)
Hope this helps! I hadn't previously seen any reports of the SURF user agent anywhere.
#2
Posted 04 August 2004 - 06:01 AM
This goes back to somewhere other than the user's web browser.
Any idea where it's sending it?
Spyware: What you say!!
SpywareInfo: You have no chance to survive. Make your time!
#3
Posted 14 September 2004 - 01:44 PM
Of course it could be spyware that is included in FunWebBar but also spread through other dubious means too.
#4
Posted 04 June 2008 - 06:32 PM
I surmise that the company is interested in what you are searching for, in order to show a "targeted" ad based on the query. So if a person enters "new car", "cell phone", or "DVD"--the program will likely attempt to show related ads to this person/IP address, every chance it gets.
#5
Posted 04 June 2008 - 08:44 PM
This may still be true, but note that the last post to this topic was almost 4 years ago... We clearly classify them as malware these days..."But it _is_ sending them a record of every websearch you made, with your IP address. I don't know what they use it for."
I surmise that the company is interested in what you are searching for, in order to show a "targeted" ad based on the query. So if a person enters "new car", "cell phone", or "DVD"--the program will likely attempt to show related ads to this person/IP address, every chance it gets.
Helpful link: SpywareBlaster...
MS MVP 2006 and ASAP Member since 2004
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"