Copy of letter of Aug 6, 2004 to:
Security@Mozilla.org
I am writing to notify you of a behavior which is unacceptable, privacy concerns, security concerns
Behavior
Your default search is Google
Your default Google Search is “I’m feeling Lucky”
Now go to WWW.Google.com and into the Google search window
TYPE WILDERSSECURITY then choose GOOGLE SEARCH note the results
Now TYPE misspelled WILDERSECURITY you should get “Did you mean WILDERSSECURITY”
TYPE WILDERSSECURITY into the window and NOW choose I’m Feeling Lucky
On my machine the site
http://www.javacools...areblaster.htmlThat’s not perfect but I can live with that
Now Misspell WILDERSECURITY and choose “I’m feeling lucky”
You will get the same results by misspelling WILDERSECURITY in the FIREFOX address box with default settings i.e. most people will get this behavior
Notice how you are taken to apps5.oingo.com on this SEARCH ERROR condition
Apps5.oingo.com will access domainepark and try and do a “contextual search” and will transfer to PAID ADVERTISERS who will have no relationship to the searched for site except some name similarity or if you have OINGO or domainepark cookies will try and track your habits
This transfer to paid advertisers is without notice to the user
There does not seem to be much control over the paid advertisers
In one case the transfer was to a bridge site with the message SBYBOT SEARCH DESTROY and 3 more lines of text and a message “click to continue” without clicking the searcher is taken to a SPYWARE KILLER site with the heading SPYWARE FOUND ON YOUR MACHINE (and a hard sell)
Spyware Killer is a known hostile product
The trademark, unfair competition, and FTC (last weeks d squared decision) connections should be obvious
If this type of transfer is possible then transfer to phising and other hostile sites is probable
Other places transferred to are equally obnoxious. Usually phony pay per click “search pages”
HOWEVER I’ve the error mechanism has transferred to dp.information.com another “banned “site and banned host
It seems that during this process that scripts/ applets are executed on your users machine
This process tries to install cookies and the paid advertiser tries to install cookies
Needless to say this raises both privacy and security concerns
I’m current lost in google e-mail and tech support (sic) and help (sic)
I assume you have a contract with Google so can get to the bottom of this a lot easier than I can.
Possibilities I currently see are (none of them good)
1 This is a normal part of the ad-sense program
(Google acquired ad-sense from Applied Semantics which used to be OINGO)
2 Some one is using one of the known pirated copies of the old OINGO search engine
3 Someone has done a clever hack on Google search errors
4 The advertisers have run amouk
I would suggest:
1 that you immediately change default search to normal google search
2 that you post a call for vigilance and comments to see if anyone else has been harmed by this behavior (paid money, gotten porn, found themselves being spamed, etc)
3 You post a section in MOZILLAZINE to help follow up on this issue
4 (you can reference post by Wyrmrider)
5 You can educate your staff and volunteers that as of NOW even if this IS default Google behavior (and we are not certain that it is) it is not acceptable
References
Do searches in the usual places for OINGO, Applied Semantics, go back several years
Reply to this messages for additional links and details and links to many victims around the web
Does this happen with other browsers. Yes it can but others do not use “I’m feeling Lucky” as default
I also have a problem with the different results for “SEARCH GOOGLE” and “I’m feeling Lucky” on errors and/or that “ I’m feeling Lucky” results are not consistent in their treatment of search errors.
Thanks to:
Pieter Arntz (Metallica)
Cexx.org Forums
Tom Coyote Forum
Wilderssecuity forums LowWaterMark
SpywareWarrior forum
Spywareinfo
Eric L Howes / IE-Spyads (blocks in I.E)
TDS-3 and Wormguard /Diamond C.S forums
TeamSPYBOT Chi-Va
SBYBOT SEARCH & DESTROY (blocks some behavior in HOSTS)
I have been contact with the FTC and would appreciate any input on this issue
Wyrmrider