homepage Welcome to WebmasterWorld Guest from 23.20.34.25
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Search Engines / Directories
Forum Library, Charter, Moderators: Webwork & skibum

Directories Forum

    
Attempted scumware download - how to report?
Marcia




msg:475720
 6:10 am on Jul 3, 2004 (gmt 0)

I clicked on a link to a personal homepage, a chat program tried to run and froze the browser - and then Comet Cursor tried to download.

How, where and to whom should problem sites be reported?

Thanks!

 

rfgdxm1




msg:475721
 5:13 am on Jul 4, 2004 (gmt 0)

Did you make this post in the wrong forum, Marcia? Typically the answer is the site's host.

Marcia




msg:475722
 5:27 am on Jul 4, 2004 (gmt 0)

No, I don't think it's the wrong place. A site that's doing that shouldn't be in ODP; it is *not* what I'd call useful original content that's for the benefit of users.

In fact, now that I've had time to think about it, I've figured a few things out. It wouldn't surprise me at all if there are people out there who put up "innocent" personal pages to get included in ODP more easily simply for illicit purposes. There's a LOT of affiliate commission paid out for hijacking browsers and other malicious mischief - the percentages can be very hefty.

flicker




msg:475723
 3:46 pm on Jul 4, 2004 (gmt 0)

Oh... if the site is listed in the ODP and its content has been hijacked to something else (illicit or otherwise), then please let us know about it in the hijacked site thread at the ODP public forum. These tips are greatly appreciated, since our methods catch many but not all of such cases.

If the content is still there we won't want to delete the site, but we'd still appreciate knowing about a spyware or virus issue, since we'd at the very least like to put a warning into the description for our users.

Thanks!

AW_Learner




msg:475724
 5:15 pm on Jul 4, 2004 (gmt 0)

Umm a warning? Shouldn't stuff like this be reported to the feds? They prosecute people for forced spreading of viruses on purpose. It is very serious. A lot of spyware/scumware actually does fall into the same descriptive family as a virus (forced download and installation, can't get rid of it, multiplies itself if you try to get rid of it, Pops up windows everywhere, spies on you, messes up computer functionality etc.) Short of duplicating and emailing itself to other people it is an infection. At least of all it is far worse and more dangerous then Spam (which is outlawed now). All sites and instances of such should be removed from all directories they are in and all search engines. Luckily I'm on a Mac and therefore never had to deal with a virus or scumware/spyware infection. I would be So Pissed if I did. In the future all directories will be deleting sites like that just to avoid massive lawsuits.

rfgdxm1




msg:475725
 5:26 pm on Jul 4, 2004 (gmt 0)

>Shouldn't stuff like this be reported to the feds?

And that will do what good if the site is hosted in Brazil?

motsa




msg:475726
 6:29 pm on Jul 4, 2004 (gmt 0)

I clicked on a link to a personal homepage, a chat program tried to run and froze the browser - and then Comet Cursor tried to download.
How, where and to whom should problem sites be reported?

[report-abuse.dmoz.org...] or the public forum.

hutcheson




msg:475727
 12:58 am on Jul 5, 2004 (gmt 0)

>[The Feds] prosecute people for forced spreading of viruses on purpose.

If it were possible to do this effectively, Bill Gates would be in jail till the sun burns out. But there are too many loopholes, and I don't think anyone's gone to jail yet.

The ODP would appreciate hearing about it, though.

Marcia




msg:475728
 3:19 am on Jul 5, 2004 (gmt 0)

I found where to report it and did so. Thanks!

>loopholes

Yep, including sites on free hosts, some of whom are notoriously bad with removing problem sites; in addition to which, unlike ISP hosting, it can all be relatively anonymous. In those cases, the only potentially identifiable factors are the affiliate codes in the URLs the "browser helper objects" hijack people to.

It's amazing how many ways people will find when they're out to abuse the system - whichever system it happens to be.

kwngian




msg:475729
 3:30 am on Jul 5, 2004 (gmt 0)

No, I don't think it's the wrong place. A site that's doing that shouldn't be in ODP; it is *not* what I'd call useful original content that's for the benefit of users.

LOL. That's why this thread ends up here.

ODP - a thankless job.

hutcheson




msg:475730
 3:39 am on Jul 5, 2004 (gmt 0)

No,it's NOT thankless. Not always.

When someone comes up and makes a constructive suggestion about improving the directory, that's the best kind of thanks!

And we do get a lot of those.

Leosghost




msg:475731
 4:11 am on Jul 5, 2004 (gmt 0)

And that will do what good if the site is hosted in Brazil?

some very bad placez in Brazil...

Marcia




msg:475732
 6:30 am on Jul 5, 2004 (gmt 0)

>>LOL. That's why this thread ends up here.
>>ODP - a thankless job.

I don't understand what you're trying to say, it doesn't make any sense to me. I'm afraid you'll have to explain.

You think there aren't people out there who will stoop to anything for a buck, including (maybe especially) gaming ODP?

[webmasterworld.com...]

Think again.

kwngian




msg:475733
 7:41 am on Jul 5, 2004 (gmt 0)


Marcia, my applogies if you find that offensive.

My thought is why does it has to involve ODP just because they are listing that site.

My nephew has a personal website on Geocities. Sometimes when I visited it, I also get prompt for those drive-by download scumwares.

So if you visit my nephew's site, and you get infected with the scumware, you want this 14 yr old's site removed?

It has nothing to do with the site "owner" nor ODP. It is just Geocities or Yahoo for that matter that accept those type of advertisers.

Also .... Microsoft's IE.

rfgdxm1




msg:475734
 10:31 am on Jul 5, 2004 (gmt 0)

>So if you visit my nephew's site, and you get infected with the scumware, you want this 14 yr old's site removed?

The ODP cares only about what is actually on the site. Not that it is owned by a 14 year old, or a 41 year old.

kwngian




msg:475735
 11:14 am on Jul 5, 2004 (gmt 0)


Irregardless. The point is that those "owner" of free hosted site on Geocities and Fortunecity and many others are not aware of whatever ads that will appear on their pages.

If you visit a top level domain, and you get infected with scumwares, then the owner of that site is guilty of collaborating with spyware companies. Though some unknowingly, eg myself when I put up ads for a company that is supposed to sell spyware removal tools but the software that they sell turns out to be a spyware itself.

In this case, you can write to the own of that domain and voice your disgust. But for people who has their sites hosted on free web host, it kind of unfair to blame them or ODP.

Oh, and if the prompt from Gator asked you for permission whether to install some super duper time sync software etc, even if you click no, they will still put an entry in your registry so that when you restarts your computer, it will activates itself. The exact routine I am not sure but probably to install some other helpful software that would be too good to miss.

hutcheson




msg:475736
 4:50 pm on Jul 5, 2004 (gmt 0)

I don't think Geocities and Tripod do the scumware bit.

cjb.net, however, is the virus vector from the dark lagoon. (They shouldn't ever be listed, but some editors get slimed by them. Every now and then we have to have a crusade to clean them out.)

Other "generic redirector" domains are sometimes no better. (Yet another reason not to list redirector URLs.)

Marcia




msg:475737
 7:51 am on Jul 6, 2004 (gmt 0)

kwngian, I am not offended. I've been known to fall in love at first sight or take an instant dislike within a few minutes, but it takes a good six months for me to get offended.

Just to clarify something for you, with a driveby you're asked nothing. Some of it downloads before the page even loads. For example, site types like some with song lyrics assume you must want file sharing or mp3 crap - even if you don't even ever hook up speakers. I'd imagine those categories could easily become infested. And of course people who look for jokes must love playing online poker.

>>some other helpful software that would be too good to miss.

That's very sweet of them to modify registries for people so they don't miss out on wonderful things. I'll go browse the directory to see if there's an internet benevolence award to nominate them for. Such kindness should not go unrewarded.

kwngian




msg:475738
 11:43 am on Jul 6, 2004 (gmt 0)


Glad that you're not offended. I always find your posts humorous.

To disable driveby downloads, requires a fully patched IE 6 up to SP1 (IE 5.5 and below are ideal victims, no way to prevent them).

Then you will need to disable Install On Demand (Others and IE) in the Internet Options, Advanced settings, plus disable Third Party Browser extensions.

I got infected with spyware on a Geocities site before but that was quite a while back (last year?) or maybe I mistook it to be from them?

These hijackers like to dominate commonly mistype parked domains, warez, hacks and pirated serial sites. So beware.

rfgdxm1




msg:475739
 11:45 am on Jul 6, 2004 (gmt 0)

>I don't think Geocities and Tripod do the scumware bit.

AFAIK, no. While your garden variety free host may have banners and pop-ups, they don't do the scumware stuff that Marcia was referring to. Thus, a 14 year old with a personal site on a free host wouldn't necessarily have a problem getting an ODP listing.

rfgdxm1




msg:475740
 11:56 am on Jul 6, 2004 (gmt 0)

>I got infected with spyware on a Geocities site before but that was quite a while back (last year?) or maybe I mistook it to be from them?

It may be possible for a malicious webmaster to host on Geocities a site that tries to install spyware. However, Geocities didn't do that themselves without the webmaster knowing.

Leosghost




msg:475741
 11:58 am on Jul 6, 2004 (gmt 0)

To disable driveby downloads, requires a fully patched IE 6 up to SP1 (IE 5.5 and below are ideal victims, no way to prevent them).

I run 5.5 never did like the stuff hidden in 6 ..never had a "drive by" ...do have a reg mon installed ..just 20kb of guard dog ...

Apart from all the usual things we can say 'bout IE ..we could add "why the hell did they have to have such things as these enabled by default?"

Like that dumb " always open these type of files with" that is "ticked" by default ..so when you find that prog "X can't actually open File type "Y" ..you've got to hack your own OS to get the damn thing to let something else try to open it because prog "X" is now the default ( but incapable )opener ...

hutcheson




msg:475742
 2:24 pm on Jul 6, 2004 (gmt 0)

>To disable driveby downloads, requires a fully patched IE 6 up to SP1 (IE 5.5 and below are ideal victims, no way to prevent them).

... or, of course, a real browser.

Dunno what country you're from, but MY country's government is warning all and sundry not to use IE for anything anyway. (Almost restores one's faith in the possibility of enlightenment in government agencies.)

>Like that dumb " always open these type of files with" that is "ticked" by default

Dumb as that is (and it is very very dumb) it's a paragon of intellectual acuity beside the decision to hide critical file extensions from the user. And the two decisions together -- taking dumbness to new dimensions, fur sure!

Leosghost




msg:475743
 2:40 pm on Jul 6, 2004 (gmt 0)

yep ..Hutcheson ..forgot that one ..hehe...
there's more virii/trojans lurking on more machines cos of that one ( best place to put yourself is where the OS won't let the owner even know exists )...Then again all flavours of doze share a great deal of things in their characterstics with Virii and Worms ..

some might like to take a look at [annoyances.org...] ..good for a few chuckles and will provide a few answers to some of the more "off the wall" problems with the various flavours of 'doze...

And you can go in safely with IE ...can't say that of many places recently ...

PS.since I made the switch to firefox recently( I keep IE for those "adrenalin moments" when I want to visit the hackwurldz and see whats on "offer" ..always need a good goat tied to stake and IE is about as goat flavoured as it gets )... I noticed that every thing is way much faster apart from all the extra goodies it comes with ...

Grinler




msg:475744
 6:22 pm on Aug 6, 2004 (gmt 0)

Can you send me a sticky mail with the domain where this flyby install tried to happen? My website is very active in cleaning up spyware and gathering information such as this to add to the various protection programs etc..

If you could sticky mail me that domain it would be helpful in seeing if its allready listed in one of the programs.

Thanks

Dynamoo




msg:475745
 11:21 pm on Aug 9, 2004 (gmt 0)

There's an interesting point here - as far as I know attempted scumware downloading sites don't violate the guidelines per se, but can broadly be covered under the "affiliate links" rule.

Marcia




msg:475746
 12:15 am on Aug 10, 2004 (gmt 0)

>>active in cleaning up spyware and gathering information such as this

First of all Grinler, welcome to WebmasterWorld. It's beyond the original site referenced (which I'd have to dig to recall at this late time or hunt through the public forum to find the post), it's the methodology being used that warrants looking into.

>>can broadly be covered under the "affiliate links" rule.

It is an interesting point, since the reason for being of the hijacking is to get PPC or otherwise related affiliate income.

Hypothetical method:

Set up a site worthy of inclusion by outward appearances, get it listed at ODP (which certainly does help with rankings in several ways, despite opinions to the contrary and though maybe not in the ways usually discussed publicly), start getting traffic, serve the scumware/browser "helpers" to visitors and start getting generous % affiliate income *not* by affiliate links visible on the site itself, but by donating the "helper objects" to unwary visitors' computers - AFTER the site has been visited by an editor and included, and some traffic has started to come in following a bit of promotion.

No, it isn't the fault of ODP at all. The obvious merit of sites is there for legitimate inclusion - the "affiliate" part comes after, and is nowhere obvious on the sites themselves. It's just a more clandestine form of bait and switch than the usual.

<sidebar>
Re: the value of listings with sites such as ODP, I once tried to get a discussion going on the value of listings and links from such sites, but the thread got so badly hijacked by whiners and ODP detractors and critics that it had to be shut down.

It's really too bad that it's virtually impossible to have a rational, helpful discussion on the topic without it being destroyed by exceedingly more irritating noisemakers with nothing beyond narcissistic self-interest making vacuous, repetitious and obviously vindictive posts who just happen to have had their own personal agendas thwarted.

It's too bad the few ruin it for everyone else - but that's usually the case, isn't it?
</sidebar>

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Directories
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved