16 replies to this topic

[Franrod]

I'm a television reporter in the Washington DC area who's had a major battle going on with CoolSearch. I'm trying to develop a story on this and get the word out. (...in the mainstream, all they ever want to talk about is spam)

I'm looking for anyone in the area who'd like to share the problem they've had with spyware and particularly anyone who's had their browser hijacked to a porn site. You'll be on the ABC affiliate...the neighbors WILL be impressed, not to mention the good deed you'll do for all the uninformed out there.

[Gwyrox732]

I trust you'll also be looking fo people who volunteer their time to combat this? If only I lived a few states south...oh, well. It's good to know that there are people ot there trying to bring this to the masses.

[jasper]

I have a better idea Franrod. Think big and GO GLOBAL. Let us wake the world up and destroy the creators.

[Mike]

Hi Franrod,

If you could send me an email with a phone number or other means for people to contact you, I'll dig around for some victims. mike@spywareinfo.com

[Franrod]

Thanks Mike. My email response is on its way to you.

Gwyrox732...this story wouldn't be complete without a focus on the folks who are on the front lines of this war...thanks for pulling my coat. I've asked Mike to keep an eye out for me in that area as well.

[InTheSpace]

Do you already have TV coverage scheduled for this? Will you definitely get some attention?

FYI - I am very familiar with CoolWebSearch. Did you know that they distribute their junk via PayPerClick advertsiing so the big names like Yahoo (via Overture) and others are profiting when machines get hijacked.

[Tuxedo Jack]

If you can get ABC 13 in Houston to cover this, I would be more than glad to contribute what I can to your cause.

[estrin59]

I would like to send you some links to publications about my criminal case. I was forced to confess for possession of child porn.
This is publication in Wired news

http://www.wired.com...7,63391,00.html

This is publication in Theregester

http://www.theregist...ijacking_risks/

This is article in Washington Times, May 22, 2004
There is information about my case.

http://www.washtimes...84242-5633r.htm

This is publication in Globe and Mail

http://www.globeandm...ory/Technology/


This is my story in www.inquisition21.com

http://www.inquisiti...page_num~3.html

The problems with my case were police forensics never searched for Trojans. They even did not provide Dates of files creation/downloaded.
All they wrote in criminal complaint: all pictures found in unallocated clusters. Illigal pictures were deleted. Probably they were deleted from Internet cash, manually.
I usually did this. I think there was not the same hard drive clusters allocated to Internet Cash all the time. So after they are deleted, pics may be found in unallocated space.
May be I am wrong? My computer was held at Mitsubishi Electric office from July 29 to September 13, when they took off hard drive and sent it to police. HR person was angry with me. She later called the police and made false statement that I told her I had illigal porn on my laptop. If I was an idiot, I could do this. Why worker of Mitsubishi did this terrible thing, I do not know. But this is crime too, and may be much terrible crime.
Police searched my house on september 17, 2002, and found nothing. The confiscated PC, and laptop My friend ordered for me on Ebay. I was owner of this laptop only 4 weeks. In criminal complaint they put 16 pictures found in unallocated clusters,
again without files names, folders, Dates. How it was possible to link those images to me. How It could be from forensic point of view. Also Police officer put in criminal complaint that I told him I downloaded child porn. Again I am not an idiot.
They just needed to create case.

Fima.

[mjp65aa]

I recently was a victim of the about:blank mutant, and I would welcome talking to the media, but i live in Buffalo, NY.

I have been a web junkie for a long time and know my way around, and yes, including porn sites. After a while it gets boring and old, but i can see how people could easily get in trouble, particularly if surfing from work. If you know where to go, it is easy to get free porn safely. But, I used to go to (dont go here unless you are prepared to get lots of malware) hxxp://ww2.ynotnetwork.com/superlinks/superlinks.html. It i just a top list type page with links to porn sites with many samples. No harm there, but many, maybe even most sites linked through there nowadays install malware.

Most of the pages linked from the above site are simular, many thumbnail pics, that when clicked launch a new page, or two or three, sometimes, but not always, with samples like the one you clicked. Often when you close a page, more are launched, and you can get stuck in a loop with several dozen or more windows open, and more opening faster then you can close them (if you are trying to click on the X). If you don't know how deal with this type of situation, you will probably be clicking like a mad person. Good chance (100%) all kinds of stuff is downloaded on to the machine. The original page does not contain illegal porn or links to it, but after a surfer gets linked from one page to another, popups, dialers, etc, you do can easily end up on illegal porn sites. It seems the raunchier the site, the worse the malware. Perhaps some is from law enforcement, some is probably used to blackmail people, etc. Even if a web surfer imeadiately tried to leave when they seen trouble, the home page might be changed to a illegal porn site, and adware installed that launches legal and illegal pop up advertisements. This would be a nightmare at home, but in the work place it would be hell. I am sure sometimes an infested machine get used by persons other than the one who originally looked for porn. I have never seen this situation in anyplace i worked, but i have seen it on puters on a college campus in the puter labs and in the library. It is horrible for the unsuspecting.

My recent experience did not change my home page to a porn site, much less an illegal porn site, but i was extremely distressed by the experience. If i was at work, and the redirected page was a porn, or God forbid, illegal porn site, i am not sure what i'd do. Damn, that would suck! I am glad i only play games on the puter at work.

Edited by mjp65aa, 23 June 2004 - 07:45 PM.

[estrin59]

This was exactly my experience. I tryed to close all those terrible windows, and more were opened. Finally I got CP sites. They changed my start page to CP site. One time web site downloaded porn dialer, and I could not uninstall. I even could not remove porn icon from my desktop. When I opened this porn dialer, there was instruction how to remove it. I needed to go to some web site and download exe file, then run this file. After running exe file, porn icon was removed from desktop.
I think that was trojan.
I worked from my home office, and had company laptop at home all the time. I would never surf the porn sites from company office. After my company laid me off, I think they found some links in favorites, or files in internet cash, and contacted police. Police recovered hard drive. There was illigal pictures only in unallocated clusters, without files names or Dates. I think I cleared Temp folder manually. When you delete file, you cannot recover Dates

[mjp65aa]

estrin59,

I have seen all we both have spoke of above. However, i have never seen illegal porn malware installed from anywhere but crappy porn sites, top lists, etc.. So, if the puter has one user and ends up with this stuff on the machine, the person is a contributor to the situation. Granted, they certainly might not deserve the circumstance, but there action initiated it. They might have never search for illegal porn, but they might have clicked on a banner for school girls. This is all a good reason not to use work machines for anything but work. Few jobs require finding porn as part of the job, (that would be a good job though, lol). If you use a computer for work, i wouldnt surf, check email, or play games if it is going to cause problems with the bosses. Also, any computer i touch i clean up before i use and after. Before, to make sure it running right and fast and the setting are as i like. After, to remove any personal information (mostly user names and PWs) stored in cookies and such. Again, this is more often on public machines during my college years than a work machine. My point is what you said happened to you is terrible and unjust, however you may have contributed to the situation. I wish i had a dollar for everytime some one asked to to fixed a puter because it has sexual content related malware on a machine, but all the users deny ever going to a porn site (friends, family memeber, etc.) Still, I have to admit i cannot beleive anybody would deliberately set thier home page to a child porn site and a short cut on the desk top to this or another illegal site, lol.

I know once i was in the library and i got a porn spam in my email, i clicked it just to see what it was about, and i knew it was porn. It launched a popup bomb, and although nobody said anything and i am not even sure anybody else seen it besides me, i was in a crowed room and sort of imbarrassed by this. I never opened a spam porn mail again, lol. I also seen a trick email that when you opened it, the machine went into full view video of male gay porn and said loudly, "Look everybody, I am watching gay porn." I had a buddy get it just as he was trying to make some moves on the girl next to him in the library. He left immeadiately. lol.

In the end, malware causes lost resources for too many people. In your case, you lost much more. I am sorry to hear about that. With the help of this site, we all can collectively put a dent in the pile of problems these bastards cause.

[Dem]

mjp65aa,

I HAVE seen this crap installed on client's computers without them visiting porn sites. The newest culprit can be the file sharing programs. Folks get infected, it goes through their machine infecting files, including the stuff they have in their 'shared' folders. Trojan explosion, scary in any scenario

There are also trojan worms that infect emails, download silently via supposedly 'safe' sites that get kickbacks, all kinds of nastiness. I think our biggest mistake with the internet was letting the 'non-nerds' in on a good thing! Just joking, sorta.

Franrod, another BIG thing that most folks don't realize is that you HAVE TO UPDATE WINDOWS REGULARLY! This is one of the best ways to nip these problems in the bud. I work with the general public on a daily basis regarding computer internet usage. It gets tiring repeating that mantra every day, and every day there are 10 or so people who didn't know. I think we need to hold the retailers who sell these machine partly responsible, they need to be the frontline for telling folks how to protect themselves. After that, it's all just a game of catch-up.

Dem

[mjp65aa]

Dem,

First, I want to say i do not have much knowledge in the area of malware ( the more i read and learn here, the dummer i feel, lol). If i unjustifiably vilified anybody, i am sorry. I still would like to know if you are saying you have had clients that had a type of hijacker that set the home page to child porn sites even when the machine was not used to search for porn, or just a viariety of hijackers that included some porn sites with legal content? Again, i hate any hijackings and hope all governments pass laws to help prevent and recover damages from the perpetrators.

BTW, i get automatic update for windows, Norton and a few other things. I manually update everything else whenever i used it (Adaware had new update today, as matter of fact)

An ouce of prevention is worth 2 weeks waiting for some one to rescue my butt

Edited by mjp65aa, 29 June 2004 - 03:42 PM.

[estrin59]

What do you think about these web sites
hxxp://www.coolwebsearch.com/search.phpEdited to brak link
Be carefull. I opened these web sites from library. This is clearly criminals

Edited by dave38, 30 June 2004 - 05:01 PM.

[mjp65aa]

lol , i bet they delete your post - and they should. That site is responsible for a large portion of the problems people are seeking help for on this site. I would have changed it like hxxp://google.com to make it unclickable at least if u want to refer to a dangerous site...

Edited by mjp65aa, 29 June 2004 - 05:49 PM.

[Dem]

mjp65aa,

I don't see a lot of the machines that I help clean up (do a lot of phone support as well as in the shop), so I'm not sure what pages they've been set to. I also don't like to look at these sites, so when I'm cleaning them up, I avoid opening the browser or going online until the problem has been dealt with.

I WILL keep an eye on this in the future and see if folks are indeed being hijacked by 'legal' or 'illegal' sites. You've raised an interesting point, one I'd like to verify as I know how upsetting this is to people when they DO get hijacked.

And hey, if we don't learn, how will we know?

Cheers!
Dem

[estrin59]

This is quote from wired news article

>"I have to say it's like insisting the dog ate your homework," said Jeff Bertram, a >systems administrator in New York City. "Are you going to admit that you >downloaded porn to your pissed-off spouse or employer? Or to a judge? Hell no, >your honor, it wasn't me. The browser did it."

People still very, very, hundred times sceptical. Nothing, never can make them believe in this
My previous posting link is a proof of dangerous reality. Do not click.

This is link to homeland security web site.

http://www.us-cert.g.../TA04-163A.html

if you still think I am trying to find convinient excuse.