April 2006

180Solutions targeting kids
SunBelt Blog
Monday, April 17, 2006

People often get adware on their systems through their kids. Children don’t read EULAs. They want the funny “punch the monkey�? video, so they click away. That’s why advertising adware to children is considered a Bad Thing.

180Solutions, the Yapbrowser and Child Porn
RealTechNews
April 17, 2006
By Jimmy Daniels
Contributing Writer

It seems that every week something bad is coming out about 180solutions, always some zealot as they call them exposing one of their affiliates forcing this crap on users computers, always a sorry, we didn’t know until you told us, we’ve removed them from our program, yadda, yadda, yadda. It’s never 180Solutions that is the problem, always someone else, some bad seed that they can’t bother to monitor. Well, the latest is not a forced download or driveby install, but is much, much worse in my opinion.

Software downloaded from 180Solutions servers is promoting child porn.

Yapbrowser: serves up Zango and…child porn?
Vitalsecurity
Monday, April 17, 2006

Shouldn’t A Child Porn Provider Be Considered A Rogue Distributor?
Tech Dirt
Contributed by Mike
Monday, April 17th, 2006
from the keeping-out-the-rogue-distributors,-huh? dept

Remember how 180solutions had promised that with their latest rewrite they were absolutely keeping out “rogue” distributors? It has already been shown that this isn’t true, but it seems things may be looking even worse for them. Someone who prefers to remain anonymous has submitted a story about a new “browser app” that installs 180solution’s “Zango” adware… and also has the rather damning feature of taking over your browser and sending you to child porn sites, no matter where you try to surf online. As the article notes: “It’s not like it’s a hidden Easter egg, for God’s sake - you come across it by using the primary function of the browsing application. You know, the big, green “Go” button.” If 180solutions can’t even stop distributors like this one from offering their software, you have to wonder which “rogue” distributors they’re actually stopping.

180solutions sponsors Yapbrowser and… child porn?
ZDNet
April 17, 2006
Posted by Suzi Turner

My head is swimming and I feel ill. I just read the blogs about 180solutions’ latest — Yapbrowser, installed from 180’s servers no less, that directs all search requests to child porn sites. And this from a company that has made countless claims of cleaning up their act. Oh, but — 180 does like to talk about the “long tail” of the internet and “trusting the affiliate model”

Excuse me while I get sick.

180 Solutions Re-Revisited Metallica Style- The YapBrowser
revenews
wayne porter
April 17, 2006

While Direct Revenue wrestle with their own problems explaining to Mr. Spitzer about Aurora and nail.exe it appears 180 Solutions has some explaining to do as we see yet another nail driven into the proverbial coffin. Much less a nail but more like someone took a high speed staple gun and went all the way around the lid. Where is that audit department?

ADDENDUM: Suzi Turner of ZDNET’s Spyware Confidential asks and even better question: “What legitimate company would want to be affiliated with 180solutions after learning of 180’s apparent liaison with child porn and CoolWebSearch?”

NOTE: As of 6:00 pm Eastern Time the domains seem to be down: yapsearch, yapbrowser and yapcash are returning page not found and unresponsive to ping.

Copyright © is the original authors.

Problems in Windows Explorer or the Windows shell after you install security update MS06-015

CAUSE

The MS06-015 security update package installs a new binary, VERCLSID.EXE, which validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer. On some computers, VERCLSID.EXE stops responding. The following have been identified to cause VERCLSID.EXE to stop responding:

Hewlett-Packard’s Share-to-Web software. There have been reported issues where HP software causes the VERCLSID.EXE process to stop responding. In particular, HP’s Share-to-Web Namespace Daemon (Hpgs2wnd.exe) which ships with:

HP PhotoSmart software
Any HP DeskJet printer that includes a card reader
HP Scanners
Some HP CD-DVD RWs
HP Cameras

Share-to-Web Namespace Daemon can be found in the “C:\Program Files\hewlett-packard\hp share-to-web\hpgs2wnd.exe” folder. Share-to-Web is auto-started from both the Startup menu and the Run registry key.
The VERCLSID.EXE process is flagged by Sunbelt Kerio Personal Firewall. Sunbelt Kerio Personal Firewall has a feature which flags any attempt by an application to launch another application for the user’s approval. Kerio is flagging Explorer.exe’s launch of VERCLSID.EXE. When this occurs, VERCLSID.EXE’s execution stops until the user clicks through Kerio’s notification dialog. Users can configure Kerio to allow VERCLSID.EXE to execute without prompting.

SYMPTOMS and RESOLUTION
Article ID: 918165

Copyright © is the original authors.

Secunia Advisory: SA19631
Release Date: 2006-04-14
Last Update: 2006-04-18

Highly critical

Impact:
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
DoS
System access

Where:
From remote

Solution Status:
Vendor Patch

Software:
Mozilla Firefox 0.x Mozilla Firefox 1.x

Copyright © is the original authors.

Eric L. Howes updated the Rogue/Suspect Anti-Spyware Products & Web Sites page to add another rogue antispyware product.

Spyware Soft Stop is the newest addition in the list.

Spyware Soft Stop - spywaresoftstop.com - app plants the very files it
falsely detects as malware (1); aggressive, deceptive advertising (1); false
positives work as goad to purchase [A: 4-17-06 / U: 4-17-06]

Total applications listed: 286

False alarm alert
By John Leyden
Published Friday 7th April 2006 13:21 GMT

A rogue anti-spyware application is falsely identifying popular security products and file system tools as spyware. Security firm SurfControl advises users not to touch the application, UnSpyPC, with a barge pole.
False-positive reporting is hardly unknown across many supposed anti-spyware applications, as SurfControl notes, but this case is particularly severe since UnSpyPC could disable critical security and business applications. ®

By Benjamin Edelman

People of the State of New York v. Direct Revenue, LLC

Introduction

This page provides case documents associated with the New York Attorney General’s suit against Direct Revenue, including documents beyond those publicly posted by the Attorney General’s office..

These documents are lengthy, so I have attempted to identify and flag sections likely to be of particular interest to typical readers. In general I flag explicit discussion of malevolent or otherwise controversial actions, financial information (including revenues and payouts), and information about Direct Revenue’s partners. I welcome and specifically solicit readers’ contributions as to other sections of particular interest.

This page currently reflects only a portion of the New York Attorney General documents I have obtained. I am working to add additional documents within the next 1-2 days.

Although many of the documents provided here are labeled “confidential” (e.g. via stamps on the PDF pages), I received these documents with a specific indication that they are all now public materials, and that they may all be shared with the public. My understanding is that all the materials posted on this page are available in the New York County Clerk’s office.

Plaintiff’s Documents

Complaint - Claims a repeated and persistent pattern of non-consensual spyware installation, including deceptive installations and installations through security vulnerabilities. Argues that Direct Revenue is factually and legally responsible for the deceptive installations of its spyware. Claims that Direct Revenue’s spyware is invasive, harmful, and hard to remove. Includes claims under New York’s General Business Law (prohibiting false advertising and deceptive business practices), New York’s Penal Law (prohibiting computer tampering), and New York’s common law prohibitions against trespass. Seeks relief including prohibiting installations of any ad-serving or behavior monitoring software, providing an accounting of all revenues, and paying money damages for deceptive practices.

Introduction - Research - Legislation - Pending Suits - Disclosures page here

Copyright © is the original authors.