Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Advertising Spyware can now read your mail

By cafeman in Internet
Wed Jan 23, 2002 at 11:19:28 PM EST
Tags: Freedom (all tags)
Freedom

Did you think Spyware is a problem that happens to other people? Well, there's a company out there that you may have unknowingly been sending all of your email, your bank account numbers, and anything else you've typed into an online form. The company is VX2, the product is Sputnik, and until recently, Audiogalaxy was helping them.


Interestingly, it looks like Spyware has taken a great leap forward. Here is a story about a new Spyware package, Sputnik, that has the capability to monitor not only what pages you visit and what links you click on, but also how long your mouse hovers over pictures and, frighteningly, what you enter into any online form. You thought your bank account numbers were safe because you were using SSL? Think again. You thought Microsoft was the only one to be worried about when using Hotmail? Well, these guys theoretically could have every single email you've sent since you unknowingly installed their software.

Here are the culprits, VX2, and here is their privacy policy. Three paragraphs are particularly interesting:

VX2's software also collects some information from online forms that you fill out. This information is automatically sent to VX2 in order to save you the time and trouble of submitting such information to us yourself. We have undertaken technical measures to make sure that VX2 never collects credit card numbers, account numbers or passwords. If such data data were, despite VX2's best efforts, ever inadvertently collected VX2 would immediately purge such information from its database.

VX2's software also collects the query terms entered into search engines. VX2 uses this information to help generate a more complete summary of its users' interests and general internet trends.

From time to time, VX2 may decide to update it's software in order for it to work at it's peak performance. Upgrades may include third party applications. Certain third party applications may have to be installed in order for the software to work properly. VX2 users are not responsible for these additions and/or updates, they will be done automatically in the background while you are surfing the web in order to cause the least amount of inconvenience to our users as possible.

So, you've agreed to let them potentially harvest all information you ever type into an online form. Of course, this is only their being helpful and saving you the time of sending it to them manually. Additionally, they can also capture every search you do. And, if they so desire, they can install any software they wish on your machine. All because you've agreed to this.

And where can you get this time saving package? Well, you might already have it. If you installed certain versions of Audiogalaxy, you also installed Sputnik. The second page of the article explains how you agreed to participate in this program. Here is Audiogalaxy's response. The quickest way to find out if you've been infected is to search for a file called vx2.dll. If you have it, you've consented. For those that are infected, here's, the uninstallation procedure.

Hoax? Paranoid? Overstatement of functionality? Who knows. The important thing is the intent. Yet another reason to be concerned. Remember - you're not paranoid if they're out to get you.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Here
o Here [2]
o here
o second
o Here [3]
o here's
o Also by cafeman


Display: Sort:
Advertising Spyware can now read your mail | 72 comments (72 topical, editorial, 0 hidden)
Old Man Murray (3.33 / 3) (#1)
by johnny appleseid on Wed Jan 23, 2002 at 09:58:04 PM EST

Just as a sidenote, the article is written by Old Man Murray's Erik Wolpaw.

It is official (3.83 / 6) (#18)
by chet on Thu Jan 24, 2002 at 05:06:11 AM EST

I get no respect. None. Zero. I am the Rodney Dangerfield of the Internet.

We are going to be updating the story later today with all we have learned. So far, through all of this, Audio Galaxy has really come off as arrogant and uncaring.

I would say boycott their advertisers, but then who would buy their t-shirts?

Chet

[ Parent ]
Fine, fine (3.00 / 1) (#33)
by johnny appleseid on Thu Jan 24, 2002 at 11:50:56 AM EST

It's an Old Man Murray article written by "Chet and Erik". Now all is right in the world?

[ Parent ]
At what point does spyware become illegal? (4.85 / 14) (#2)
by greenrd on Wed Jan 23, 2002 at 10:06:17 PM EST

Just how much can these bozos get away with, legally?? If a fake p2p app that actually formatted your hard disk contained a clause in its clickthru license that said "I agree to let you format my hard disk right away", would that legitimise it and protect the author from lawsuits and/or criminal prosecution? I hope not, but IANAL.

This is not entirely hypothetical - Apple's iTunes installer actually did contain a script which accidentally formatted some users' hard disks (well, rm -rf'd the partition actually - but same effect). Of course, the key word there was accidental. I would hope that an app that tricked the user into formatting their hard disk would be treated the same as a virus that just went ahead and formatted it anyway, no questions asked.

Seeing as most people do not actually read clickthru licenses, and their legal validity is very dubious anyway, I'd say there is a strong commonsense argument that this is equivalent to selling a piece of software with a secret backdoor, and then logging in via the backdoor and logging all keystrokes. The latter would surely be actionable under "hacking" law, because you don't have the permission to log on to that system. The only difference here is (a) the clickthru and (b) the fact that it's automated - no actual person is hacking into your box, or even running a script to hack into your box, it's just some code spying on you. But the fact remains that chances are you haven't given them your informed consent to log all keystrokes (all except the "private" ones that they've managed to think of - yeah, really reassuring, that is!)

Though law != common sense, as we all know.

In the UK the main law covering hacking is the Computer Misuse Act. It's very broad. If I go up to a computer and I've haven't been given explicit permission to access it, and I press a key, I can theoretically be sent to jail. (God knows how this applies, or not, to portscanning etc., but anyway.) If I access a computer without permission to commit a crime, that's a crime in itself (therefore three crimes in total - one for the original crime, one for illegal access, and one for illegal access with intent to commit a crime). Etc. etc.

I would like to know (any lawyers here?) how bad this has to get before we can get the creators personally sent to jail under laws like the Computer Misuse Act. (Of course, the courts are probably going to treat some smarmy CEO much lighter than a poor kid who only wanted to experiment, but what can you do?) There's some spyware that already installs itself even if you say "no" (I think it was bundled with Audiogalaxy - bastards!), and some that doesn't allow you to reject it without uninstalling the app (Cydoor, part of Kazaa).

Isn't there something we can do, apart from boycotting? If they instead installed a backdoor [and who's to say some of them haven't??] and logged in to read our private conversations whenever they felt like it, there'd be an outcry. But because it's automated it seems less dangerous. If they have the ability to read private things sent over SSL by using keylogging, it doesn't really matter whether they telnet in to a backdoor to read it, or read it on their boxen. It's still outrageous.


"Capitalism is the absurd belief that the worst of men, for the worst of reasons, will somehow work for the benefit of us all." -- John Maynard Keynes

Clickthru shmickthru (4.25 / 4) (#7)
by Tatarigami on Wed Jan 23, 2002 at 11:07:33 PM EST

As far as I can recall, Audiogalaxy's clickthru agreement says only that it installs some extra software to 'enhance your browsing experience'. I axed the spyware from the original version, then paid very close attention to both the agreement and what actually got installed with the upgrade -- it said nothing about tracking anyone across cyberspace.

These days my policy is to assume any download is spyware unless proven otherwise. I pay very close attention to my firewall configuration.

[ Parent ]
Data Protection Act is your friend. (5.00 / 1) (#34)
by pjc50 on Thu Jan 24, 2002 at 12:34:39 PM EST

Unfortunately, all the relevant parties are in the US, but the Data Protection Act 1998 (available from www.hmso.gov.uk somewhere) requires companies to secure your express permission before storing "personal data" about you.

Not many people know that anyone can initiate a criminal prosecution in the UK. You just have to get some evidence together, fill in some forms, and go to court...

I'd advise you to:
1) Report these guys to the Data Protection Commisioner
2) Seek the DPCs advice about prosecution
3) Seek legal aid
4) Sue the bastards

Then see what happens...

[ Parent ]
To find more spyware... (3.87 / 8) (#3)
by landryjf on Wed Jan 23, 2002 at 10:17:10 PM EST

You can use Ad-Aware to check your computer for spywares.

But a better way to keep those things out is to read before you click the "NEXT>>>" button when you install something, because "download free xyz program" frequently means "download adware xyz and get big brother over your shoulder".

Agreed (none / 0) (#39)
by suick on Thu Jan 24, 2002 at 04:52:07 PM EST

If only the Audiogalaxy users affected by this VX2 program were running Ad-Aware...

order in to with the will I around my effort sentences an i of more be fuck annoying.
[ Parent ]
Agreed, but... (4.00 / 1) (#64)
by Dallan on Sun Jan 27, 2002 at 03:55:21 AM EST

...what really bugs me about this is that this was installed without my knowledge. If what I read is accurate, only a detailed search through the EULA would have given me any clue as to any of this...and hardly a clue, at that.

How many thousands of users does AG have, who have Sputnik on their systems, and don't know about it? I think most of the uproar is because this represents a new and very disturbing trend in this ongoing privacy war.

Simply put, no previous incarnation of this technique has this kind of scope, or this kind of insidiousness. Sheesh, it's even spying on this post, in all likelihood.

How long were they doing this, before that guy at POE spotted pop-ups where there shouldn't have been? Pop-ups are everywhere these days; they're generally ignored. Sneak a spy in with a useful program? Been there, done that, got the T-shirt.

But sneak a spy with this kind of scope in, without the slightest warning? That certainly worries me.

You can't be suspicious during the install process if the only program you're apparently installing is what you're asking for. The detection programs like AdAware, while excellent, only search for what's known. There isn't even a telltale tasklist entry to kill, just a line in System Info's '32-Bit Modules Loaded' section. And most users would balk at that, let alone monitoring and accounting for all outgoing net traffic.

I shouldn't have to be this paranoid, should I? Should I have to sift through every program I install, for one unusual DLL, one odd Registry key, just so I can post messages, write e-mail, buy stuff over the net, whatever, without some nosy bugger reading my forms over my shoulder?

--
Dallan
As far from God as heaven is wide
As far from God as angels can fly.
-Garbage, "As Heaven is Wide"
[ Parent ]
Additional information (4.11 / 9) (#4)
by cafeman on Wed Jan 23, 2002 at 10:28:04 PM EST

Apparently Sputnik is a repackaged version of Blackstone Data Transponder. iMesh appears to be infected as well. A complete (and useful) explanation is given here. A leaked image is located here specifically refers to "data mining" and "direct mail". Be afraid, be very afraid.

As someone else has already pointed out, Ad-aware is a very useful tool for detecting these and killing them. I know what I'm going to be installing tonight.



--------------------
"No Silicon heaven? But where would all the calculators go?"


I hope the major media get to hear about this (4.54 / 11) (#5)
by greenrd on Wed Jan 23, 2002 at 10:43:33 PM EST

If there ever were a story that deserves to be on Slashdot, this is it. Although Audiogalaxy claim to have gotten rid of the VX2 software, it's still installed on countless people's machines who downloaded the earlier version. The Audiogalaxy clickthru license itself says nothing about logging filled-in forms. This is a joke.

Like the original article, I suggest contacting:

  • Your friends - especially anyone who uses AudioGalaxy
  • Slashdot
  • Your elected representative(s)
  • Any popular weblog, like Plastic.com or Metafilter - try and get something on the front page
  • Your local friendly tech journalist - especially ones who work for major newspapers.
  • Or just the major media generally. To those in the UK - I have a list of UK media contacts - I don't know how good or secret they are, but I'll email them to anyone who can convince me they can spell and are not going to make us look like zealots/fools/nutters
  • Or even your lawyer, if you think there might be grounds for suing
The media really can be interested in stories like this - there was a big fuss over the DoubleClick "tying online data to offline data" fiasco (although that was partly because actual lawsuits were filed).

IMPORTANT CORRECTION: One of the updates makes clear that this (apparently) has nothing to do with OnFlow. VX2 and AudioGalaxy are the guilty parties here.

You can also join a discussion on the site of the person who first broke the news (can't think of a better word - "the newsbreaker" maybe??):


"Capitalism is the absurd belief that the worst of men, for the worst of reasons, will somehow work for the benefit of us all." -- John Maynard Keynes

Slashdot (2.85 / 7) (#6)
by cafeman on Wed Jan 23, 2002 at 10:52:41 PM EST

I submitted it to /., but it was rejected for some reason. I assume it'll hit there eventually (probably after they get 300+ submissions).



--------------------
"No Silicon heaven? But where would all the calculators go?"


[ Parent ]
/. rejects this story, unfortunately (3.50 / 8) (#15)
by quistas on Thu Jan 24, 2002 at 04:06:57 AM EST

I submitted the story with a decent write-up almost immediately after I saw it on OMM, and it got rejected, like the previous poster. Between this, the unlimited-moderator revelation, and the general decline in quality, I'm coming to the realization that /. isn't at all what I want it to be. It took me a long time because it was one of the first really cool things I found back in the day, but now I give up. I'm better off emailing the local paper's tech reporter.

--q

[ Parent ]

If more people had emailed local tech reporters... (3.00 / 1) (#23)
by la princesa on Thu Jan 24, 2002 at 06:32:02 AM EST

in the first place, slashdot might never have turned up at all.

[ Parent ]
Finally! (none / 0) (#66)
by greenrd on Sun Jan 27, 2002 at 11:23:38 AM EST

The story is now on Slashdot.

It also turned up in Wired.


"Capitalism is the absurd belief that the worst of men, for the worst of reasons, will somehow work for the benefit of us all." -- John Maynard Keynes
[ Parent ]

hahaha (4.80 / 5) (#8)
by spacejack on Wed Jan 23, 2002 at 11:17:31 PM EST

I just love this page on the VX2 site.

I'd love to fill that out... (5.00 / 1) (#14)
by nstenz on Thu Jan 24, 2002 at 02:13:48 AM EST

...but why do I get the feeling I'd probably regret it?

[ Parent ]
Have a look at the source of that page... (5.00 / 2) (#25)
by knarf on Thu Jan 24, 2002 at 08:24:05 AM EST

The 'Delete my info' page submits the data to a hotmail account:

"mailto:vx2org@hotmail.com? subject=delete page" (yes, there's a space between the '?' and the 'subject' parameter, so it probably won't work anyway).

Easily scriptable, I'd say. But, don't bother, I guess that mailbox is full anyway.

[ Parent ]
It's good (none / 0) (#40)
by suick on Thu Jan 24, 2002 at 04:59:13 PM EST

that that goes directly to the Administrative/ Technical/Billing account.

order in to with the will I around my effort sentences an i of more be fuck annoying.
[ Parent ]
Contact page e-mail address (none / 0) (#55)
by protactin on Fri Jan 25, 2002 at 10:56:04 AM EST

Notice the contact page mails to a different e-mail address than the 'delete my info' page:
mailto:joshua@abram.com? subject=contact page

However, abram.com turns out to be a 'NetIdentity' owned URL, which is basically another web-based e-mail service.

Though it does (possibly) suggest the name of somebody associated with VX2, Joshua Abram...

[ Parent ]

Almost as bad as M$ (4.00 / 1) (#52)
by notcarlos on Fri Jan 25, 2002 at 09:42:32 AM EST

I tried to remove myself from one of their newsletters (for SoCal Techies -- I work for a college in the Upper South), and when I did, they flatly stated that before I could remove my name from their list, I had to sign up for a passport account. In short, to remove myself from their database, I have to add myself to their /other/ database. Excuse me?


He will destroy you like an academic ninja.
-- Rating on Rate My Professors.com
[ Parent ]
WHOIS Record (4.28 / 7) (#9)
by bobothy on Wed Jan 23, 2002 at 11:38:41 PM EST

The author of the article does a whois query, but didn't check the correct whois server. Here is the proper WHOIS record for VX2

Registrant:
vx2 (VX52-DOM)
po box 27103
Las Vegas, NV 89126
US

Domain Name: VX2.CC

Administrative Contact, Technical Contact, Billing Contact:
vx2 (D25000-OR) vx2org@hotmail.com
vx2
po box 27103
Las Vegas, NV 89126
US
212 255 1008 fax: 123 123 1234

Record last updated on 05-Oct-2001.
Record expires on 31-Jul-2003.
Record created on 31-Jul-2001.
Database last updated on 23-Jan-2002 11:55:00 EST.

Domain servers in listed order:

NS1.VX2.CC 207.246.124.6
NS2.VX2.CC 207.246.124.7

Why don't antivirus programs pick this up? (2.71 / 7) (#11)
by theboz on Thu Jan 24, 2002 at 12:04:40 AM EST

Since a lot of the antivirus software out there detects various trojans, I would think it should detect this as well.

I guess we all know about those whores Symantec and McAffee though. They expect you to pay for the software, then "subscribe" for it to continue working, and even then any corporately sponsored virii and trojans are allowed to wreak havoc on your computer. I wish there was a decent antivirus company out there that did their job and only made you pay for the software once.

Stuff.

Because by their definition it isn't a "troja (3.33 / 3) (#12)
by Trepalium on Thu Jan 24, 2002 at 12:36:06 AM EST

During the installation, you consented to the installation of the spyware (even if that consent was because of in-action while installing something else). The other problem is that nearly all anti-virus software vendors don't want to be responsible for "altering" installed programs, when it might open them to lawsuits from companies that make such spyware. Some companies have used the "derived works" sections of copyright legislation to attack products that operate on products you have legally acquired and installed.

[ Parent ]
I know this is offtopic... (3.25 / 4) (#13)
by Tim_F on Thu Jan 24, 2002 at 01:03:32 AM EST

But if paying for antivirus software upsets you that much, please check out http://www.grisoft.com. And make sure you are running the Tiny Firewall as well. Have control of what programs on your box access the net.

[ Parent ]
I don't have vx2 (5.00 / 3) (#16)
by vrt3 on Thu Jan 24, 2002 at 04:14:10 AM EST

I installed Audiogalaxy more than 4 weeks ago. According to the article, that would mean VX2 is installed on my system. I checked it, and fortunately it wasn't there. Ad-aware only finds a bunch of Doubleclick-cookies. Does that mean the story is a hoax, is my version of Audiogalaxy too recent, or am I just lucky?
When a man wants to murder a tiger, it's called sport; when the tiger wants to murder him it's called ferocity. -- George Bernard Shaw
Audiogalaxy and VX2 (3.66 / 6) (#17)
by cafeman on Thu Jan 24, 2002 at 04:23:09 AM EST

I just checked my PC at home and confirmed I had been infected. It doesn't appear to be a hoax, his version calculations may be out by a few weeks / months. For reference, my version of Audiogalaxy was 0608, saved on the 5th of November 2001. There's a chance that it might not have been Audiogalaxy that installed it though.

I'd say you're pretty lucky ... I've had 2 other friends so far who have been infected. That makes three direct cases I know about



--------------------
"No Silicon heaven? But where would all the calculators go?"


[ Parent ]
Is the plugin signed? (2.66 / 3) (#19)
by imrdkl on Thu Jan 24, 2002 at 06:04:17 AM EST

You'll forgive my ignorance about this, but in order to do all this spy-stuff, doesn't this plugin have to be signed code? If so, who signed the code? Sue the bastards. If not, why did you install it?

I guess this is obvious to everyone, but why run browser plugins? I don't even enable jscript by default, unless I explicitly trust the site.

I submit that user awareness of how to play on the internet will increase logarithmically to number of netophiles.

It's not a browser plugin (4.00 / 1) (#21)
by Joyrider on Thu Jan 24, 2002 at 06:25:07 AM EST

The Audiogalaxy installer sets it up along side the AG Satellite, without even asking you if you want it, as far as I know...

[ Parent ]
Sue whoever signed the code? (none / 0) (#43)
by Robert S Gormley on Thu Jan 24, 2002 at 07:18:44 PM EST

All they're doing is verifying the author, not the purpose. Even were this the case (it's not), your recourse is against yourself, or the vendor, not the signing authority. They've done nothing wrong.

[ Parent ]
Thanks, that needed clarification (none / 0) (#56)
by imrdkl on Fri Jan 25, 2002 at 11:15:46 AM EST

Sue the owner of the signing certificate, who also produced and signed the code. Not the signer of the signing certificate (the CA).

[ Parent ]
No it doesn't (none / 0) (#62)
by greenrd on Sat Jan 26, 2002 at 11:07:28 AM EST

You'll forgive my ignorance about this,

Yes. but in order to do all this spy-stuff, doesn't this plugin have to be signed code?

No. That would only apply if you clicked a link on the web to download it (well, you did in a way, but not explicitly - it was part of Audiogalaxy). When you run an application or load a plugin from the HD the OS does not necessarily check certificates. It is the browser that asks you "Do you want to download and run XXX?" and warns you about certificates.


"Capitalism is the absurd belief that the worst of men, for the worst of reasons, will somehow work for the benefit of us all." -- John Maynard Keynes
[ Parent ]

Linux users aren't affected (4.00 / 2) (#20)
by Joyrider on Thu Jan 24, 2002 at 06:13:29 AM EST

The author forgot to mention that this only affects users of the Windows version of the satellite; surprisingly enough, Linux users (who are stuck with an ancient version of the code, but it works) aren't affected by this - there's no spyware included with the standard binary version.

Apologies if I sound like a Slashbot ;)

Bastards (4.20 / 5) (#22)
by sypher on Thu Jan 24, 2002 at 06:29:27 AM EST

I hope this turns out to be not as bad as it sounds in the linked POE article :(

What the hell is happening to the web these days?

If people arent careful, the whole thing will become either too invasive or too greedy and force people offline.

DOS attacks to websites are illegal, but grabbing info in this way isnt?

The user cant fight back, all he or she can do is visit lavasoft and get protection they shouldnt need in the first place.

I dont like swimming in armour, and i dont like to have to use a resource sapping personal firewall when browsing the web, or having to scan my system every other day to remove this kind of shit.

Audio Galaxy and / or whoever else is behind this should have their products boycotted, the only way we as enthusiasts will beat this shit is to vote with our wallet.

As a side note, i once worked for an OEM machine manufacturer, and mostly all second rate hardware driver cds were packed to the gills with this kind of trojan crap, imagine all the internet newbies browsing and sending all this information back to 'base'.

How are consumers protected if this software has been installed by their oem as part of the system setup routine?

Just my two.

I dreamt of it once, now I fear it dreams of me
I didn't realise. (4.00 / 3) (#31)
by h i r 0 on Thu Jan 24, 2002 at 11:35:44 AM EST

I didn't realise until I read your post quite how paranoid I've become when online at home. Before I got ADSL I never even ran a virus checker. Now I have McAffee, ZoneAlarm Pro and I run AdAware every other day or so. I watch ZA-P like a hawk and never allow anything access to the internet without checking it out thoroughly. Even my girlfriend has got into the habit of saving attachments and downloaded files, and scanning them first.

I don't even run self-extracting files if win-Rar, Ace or Zip will do it instead. Just because I don't trust exe's any more.

If I was to live my day to day life exhibiting this level of paranoia I'm sure I'd be spending at least an hour a week on the psychiatrists couch at the insistence of my friends and family.
--

http://rochan.co.uk -- game on.
[ Parent ]

Motto (none / 0) (#70)
by dennis on Sun Jan 27, 2002 at 10:11:17 PM EST

I didn't realise until I read your post quite how paranoid I've become when online

It's not paranoia if they're really out to get ya.

Which, as this story and many others illustrate, they are.

[ Parent ]

Not to be confused with- Sputnix (3.25 / 4) (#24)
by imperium on Thu Jan 24, 2002 at 06:32:53 AM EST

Sputnix is the innocent Mac OS X satellite for Audiogalaxy. At least, I presume it's innocent, having examined the package contents. Besides, who'd bother writing spyware for such a minority OS?

x.
imperium

minority os? (4.00 / 2) (#37)
by mandria on Thu Jan 24, 2002 at 02:23:23 PM EST

The five percent market share that they have is bigger than the BMW market share in cars. Around twentyfive million users are enough for any company
to write spyware for that platform.

Just a thought that came to mind.

[ Parent ]
quiet, you (none / 0) (#44)
by rebug on Thu Jan 24, 2002 at 08:25:04 PM EST

Yes indeed, no one is using OS X.

Now let's all get back to work on our windows software.

[ Parent ]
Shhh! They might hear you! (none / 0) (#48)
by yonasa on Fri Jan 25, 2002 at 06:08:22 AM EST

I for one am quite content to remain the member of an unnoticable minority if that means they don't bother writing spyware for my OS of choice.

Speaking of which, shouldn't running OSX prevent this stuff? Doesn't unix require some authentication / permission system to alter stuff / install / run apps? Or do you have to run in some strange user mode? It it the default setting?

--

I wish I was more eloquent
[ Parent ]

I doubt it's safe (none / 0) (#50)
by crayz on Fri Jan 25, 2002 at 08:37:40 AM EST

The idea is, you have an installer for one app and the spyware gets piggybacked. So even if you had to authenticate to install the spyware, as long as both programs were in the same installer there'd be no permissions problems.

The other thing is that assuming you are logged in as an admin user(which almost everyone is w/ OS X), I don't think an app needs to ask permission at all to install stuff, just like I can download/install apps with drag&drop in the Finder without authenticating. Same with the terminal.

[ Parent ]
uggh (none / 0) (#49)
by crayz on Fri Jan 25, 2002 at 08:33:50 AM EST

I get really sick of hearing the same figures/argument over and over and over again. It's always 5%, it's always 25 million, it's always BMW.

First off, current market share analysis(even by pro-Mac sites like MacCentral) has shown Apple to be below 3% for worldwide computer HW marketshare

Secondly the car analogy.....*shudder*. I don't want to get into it. It's just a really, really bad analogy.

Thirdly, I believe the original poster said "minority OS". You really think Mac OS X has sold 25 million copies? That 25 million figure IIRC came out in like 1997 and included every Mac ever made. Apple has probably sold less than 15 million machines that are even capable of running OS X, and I would guess the vast majority of the owners of those machines(i.e. normal users, not ones who are technically inclined enough to be posting to K5) haven't switched yet.

And lastly lest you think I am some "PeeCee weenie" - I have been an Apple/Mac user practically since birth(using an Apple IIe at a very young age) and I'm typing this on a Blue G3 running OS X.

[ Parent ]
yes... (none / 0) (#59)
by flummox on Fri Jan 25, 2002 at 04:55:17 PM EST

yes, 5% is good market share. if you're comparing auto companies which we have about 3 dozen or so of... but not OSes, which there are basically only 4 or so... 5% isn't anything when compared like that...

"Good Evening. For those of you who have candy, I hope you brought enough for all of us."
- Maynard James Keenan
[ Parent ]
5%? (none / 0) (#73)
by imperium on Tue Mar 12, 2002 at 01:46:43 PM EST

Irrespective of whether or not 5% is a good percentage market share for Apple, Surely it counts as a minority?!

x.
imperium
[ Parent ]

How to prevent this reliably ? (4.00 / 2) (#26)
by fhotg on Thu Jan 24, 2002 at 08:59:57 AM EST

The solutions I'm aware off (searching for known spyware) are not satisfying.

Would it be possible to have your firewall getting info from the application (browser) to dump all traffic to destinations you didn't explicitly asked for ?
~~~
Gitarren für die Mädchen -- Champagner für die Jungs

Specific product... (4.66 / 3) (#28)
by RareHeintz on Thu Jan 24, 2002 at 10:09:46 AM EST

On Windoze, there's a product called ZoneAlarm - available as a freebie download or as a beefed-up payware package - that does a fair job of restricting Internet access to only those programs you tell it are OK. You might want to give it a try.

OK,
- B
--
http://www.bradheintz.com/ - updated kind of daily
[ Parent ]

Yeah thanx (none / 0) (#38)
by fhotg on Thu Jan 24, 2002 at 03:30:04 PM EST

Thinking it over, it's probably not a good idea to try to handle this at the packet level. So the first step would be to monitor all connections with originating prog, port, protocol and destination.

I think, that's what ZoneAlarm is doing, unfortunately (sic) I'm not running MS-Windows.

Anybody already wrote a script using netstat and fuser to accomplish this ?

If then there were an opportunity to chose a suspicious connection and have the packet contents sniffed, I would feel secure.
~~~
Gitarren für die Mädchen -- Champagner für die Jungs

[ Parent ]

Doesn't work (5.00 / 2) (#67)
by pyramid termite on Sun Jan 27, 2002 at 12:23:24 PM EST

I have Zone Alarm and much to my surprise VX2 on my hard drive - VX2, from what I understand, piggybacks on Internet Explorer, and therefore Zone Alarm doesn't know about it. Fortunately, I'm using Opera these days ... Last night, I was using Voyager 3.2 under the WinUAE Amiga emulator. Yeah. Let's see them come up with spyware for THAT. Or maybe I'll just get used to rebooting a lot and use Linux for most of my net surfing ...
Damn, but I'm getting tired of this spyware problem.
On the Internet, anyone can accuse you of being a dog.
[ Parent ]
Quite difficult to block, but possible (5.00 / 2) (#35)
by panum on Thu Jan 24, 2002 at 01:01:51 PM EST

The firewall doesn't know what traffic you asked and what you didn't. You see, from the firewall point of view, all the requests come from your computer (browser?). Let's take K5 as an example.

When I ask for www.kuro5hin.org by typing www.kuro5hin.org into my browser's Open dialog, it asks the OS for a connection and speaks to the K5 server:

GET / HTTP/1.1
(snip)
Host: www.kuro5hin.org
(snip)

Hopefully K5 answers something like this:

HTTP/1.0 200 OK
(snip)

After a while, the HTML code for the front page is loaded. The browser starts to parse the code and load images. Guess what? It makes lots of requests without informing you at all. (This, of course, makes perfect sense -- you asked for the page in the first hand.) Anyway, IE says among other things:

GET /Kuro5hin/pc.gif?whatever HTTP/1.1
(snip)
Host: k5-images.osdn.com (LOOK HERE!)
(sinp)

What do we have here? A request to some totally different address that we asked for. The firewall could not really intercept it, since it can't know whether you typed
http://k5-images.osdn.com/Kuro5hin/pc.gif?whatever to your browsers Open dialog or wether it was done by Some Evil Spyware app or wether it was just browser's internal request caused by parsing the HTML code.

If you use an internal firewall, like Zone Alarm, you are noticed about every app asking for a network connection. Once you accept the connection, the firewall won't ask you about them anymore. If it would, how could you surf anywhere?

There are basically a few trivial solutions to the spying problem, namely:

1) Use your firewall to explicitly block all traffic to the known spyware server addresses. This is difficult since spies come and go and change names. Disallow all connections (both originating as well as incoming) to uncommon ports.

2) Use such a browser the spies don't support. Opera comes to mind. Since it won't work with all the sites, this is a problem.

3) Do not use any 'cool' binary-only software. The simplest solution. But hey! Where do I get my britneyspears mp3 filez without one? Tough luck, baby.

4) Do not use Windows as an admin. Do not install applications as an admin user. Windows NT/2k/Xp is supposed to protect the system files, so tampering with IE shouldn't be possible for ordinary users. (For this I am not so sure. Should build a honey pot and try it out. And yeah, I run my W2k box as admin since su is missing.)

There is a problem still. What if the spy uses ordinary protocols or ports like HTTP & 80 to send the data to a well-known service like Hotmail? Or posts it to Usenet via groups.google.com? This is a bit tricky to implement, but not impossible.

-P

-- I hate people who quote .sigs
[ Parent ]
Run As... (none / 0) (#42)
by Robert S Gormley on Thu Jan 24, 2002 at 07:16:24 PM EST

Whilst 2k doesn't have su, it does have Run As... Hold down shift, right click the program you're looking to run, and an option Run As appears, allowing you to run just that program as another user. You could run cmd in this way...

[ Parent ]
Well, yes. (5.00 / 1) (#53)
by haflinger on Fri Jan 25, 2002 at 10:43:06 AM EST

For example, if you run an IP filter on your firewall, you can block specific addresses. For example, on my FreeBSD firewall, I have ipfw installed. Inside my bootup is the following hack:

# block doubleclick's nameservers
/sbin/ipfw add 01500 unreach host ip from any to 205.138.3.20 > /dev/null
/sbin/ipfw add 01501 unreach host ip from any to 208.211.225.10 > /dev/null
/sbin/ipfw add 01502 unreach host ip from any to 204.176.177.10 > /dev/null
/sbin/ipfw add 01503 unreach host ip from any to 204.253.104.10 > /dev/null

These four IP addresses are doubleclick's nameservers. The filters cause BIND (running on the same machine) to fail when it tries to lookup any name in the domain. Consequently, it's pretty tough for any program which wants to talk to doubleclick (such as a browser) to do so, unless the IP is hardwired. If I was Really Keen, I could do an SOA lookup periodically and monitor their IP addresses for change. Maybe next week.

There are problems with this approach. You have to figure out the IP addresses you want to block. The Ideal Method from a security standpoint is to block everything and add ipfw rules to allow certain traffic. However, this is impractical for most users.

Another technique is to install a proxy-based firewall. Most spyware isn't bright enough to figure out a way through the proxy. Some is though, and to cope with that, you want proxy authentication: where the proxy needs a password or somesuch that the user has to type. Unfortunately, with spyware such as this, it looks like is piggy-backing onto IE. That is, it's basically a virus. Virii get around everything by masquerading as legitimate programs, and we're back at Step One: block the IP.

Did people from the future send George Carlin back in time to save rusty and K5? - leviramsey
[ Parent ]

Information access laws (4.00 / 3) (#27)
by CrazySteve on Thu Jan 24, 2002 at 10:06:01 AM EST

Are there any laws in the USA that allow you to go to a company and request a copy of all information that they have stored about you? Such laws exist in New Zealand and, I now believe, Australia.


Australia (none / 0) (#41)
by Robert S Gormley on Thu Jan 24, 2002 at 07:13:46 PM EST

recently introduced privacy laws that state that any company that gains/gathers information about you, must inform you ahead of time for what purpose they have gathered, and how and where they intend to use it...

[ Parent ]
NZ (none / 0) (#46)
by CrazySteve on Fri Jan 25, 2002 at 02:47:13 AM EST

I was a bit tired last night and wasn't feeling very coherent. :)

NZ has had this same law as Australia since about 1993, with the additional rule that if a company has information stored about you, you are allowed to request to see all that information, as well as being able to make any corrections necessary.

I don't know how it would apply in a situation such as spyware that gathers information about you and your behaviour behind you back (especially credit card numbers, even if by "accident"!). Even if it was covered under a law like this, perhaps if the information was gathered anonymously and wasn't tied to you as an actual person, they might be able to get out of it.

While I'm not bothered by the idea of a program tracking your use of that program, and openly telling you when and what its reporting back to base (e.g. Eudora, or Netscape/Mozilla/IE crash reports), something that tracks behaviour in other applications (what you click on, and what you look at in Internet Explorer) and gathers information you have entered in forms - usually which is personal information like names, ages, addresses, credit card and bank account numbers, I find very disturbing.

I'm glad that there are programs like AdAware that will remove things like this from your system (as I did on mine last night.)

My next task will be to find out what IP addresses companies like this use, and block them at my firewall so if any such program gets on my system it won't be able to phone home.

[ Parent ]

wired has a piece on this (4.00 / 4) (#29)
by dope priest on Thu Jan 24, 2002 at 10:29:37 AM EST

there's a piece on Wired about this.

These guys are sleazy at best (5.00 / 9) (#30)
by ocelotbob on Thu Jan 24, 2002 at 10:34:05 AM EST

I did a bit of analysis of this company when this story showed up on another weblog, and I was not able to find much. About all I was able to find out was that whoever they are, they don't want to be found. Here's all the info I was able to find, in case some intrepid reporter reading this log would like to track down some leads, most of which seem to be intentional misdirection.

First off, the PO Box given in their whois record is that of a company which handles low-cost incorporations in Nevada. Okay, you say, so they decided to branch out into making spyware. Well, on top of that, the phone number given is that of a New York dot.bomb. Not good. Finally, the email address given is a hotmail account. It doesn't instill too much confidence in me. And that was just the sleaziness from analyzing the whois record.

Digging deeper, I decided to do a traceroute on the various servers the company runs. From the responses I got, they seem to be based in the midwest. If anyone's interested, here are the relevant bits of the traceroutes which deal with the last few hops:

For their webserver:

9 80 ms 90 ms 80 ms pos2-0-2488m.cr2.CHI1.gblx.net [208.49.59.254]
10 80 ms 90 ms 80 ms so1-0-0-622M.ar3.CHI1.gblx.net [208.49.59.218]
11 90 ms 90 ms 101 ms 64.211.207.174
12 101 ms 100 ms 100 ms 216.36.254.149

From this, we see that they're getting their webhosting from Global Crossing, and from the looks of the last couple server names, probably in the Chicago, IL area. This is consistent with my later findings.

The second traceroute I did was on their main spyware server, sputnik.vx2.cc. This one seems to be going through a different hosting company, one based primarily in the Kentucky area, but there is still a good chance for overlap. The results:

11 91 ms 80 ms 100 ms sl-gw34-chi-9-0.sprintlink.net [144.232.26.38]
12 120 ms 161 ms 120 ms sl-openworld-2-0-0.sprintlink.net [144.232.223.1 94]
13 100 ms 110 ms 90 ms gw8.stdio.net [199.89.192.8]
14 120 ms 120 ms 120 ms 207.246.97.190
15 80 ms 80 ms 80 ms sputnik.vx2.cc [207.246.124.132]

The bandwidth for the company's are also run by stdio.net, so I won't reprint the results here; they aren't too relevant to the issue at hand.

Finally, I ran a whois on blackstonedata.net, their old hostname, as they still have a couple servers running through there. From that info, I was able to learn that their nameservers are run by siteprotect.com, which is fully owned by hostway.com. A quick check determined that hostway is based in Chicago as well, adding to my suspicions that this corp is based in or around Chicago, IL.

Unfortunately, it doesn't give too much information as far as who these people are. However, it does lead one to see who they aren't - all too reputable. Perhaps someone from one of these companies providing bandwidth could "accidentaly" leak some information as to who these people are, maybe a street address or a phone number.

Can I be your pet? I promise not to bite (much).

Getting contact information is easy (4.00 / 1) (#36)
by panum on Thu Jan 24, 2002 at 01:14:45 PM EST

Well, they might actually monitor the Hotmail account in case someone is interested in their company.

If someone sends them some mail proposing to do business - like asking how to get some profiling done - they are likely to contact the potential customer. Nuff said?

-P

-- I hate people who quote .sigs
[ Parent ]
Flawed Geographical Data? (none / 0) (#71)
by RadiantMatrix on Fri Feb 01, 2002 at 06:25:05 PM EST

Hm, just because a company uses Chicago-based firms for hosting has nothing to do with where they really are. I have yet to purchase hosting for any company I've worked for that isn't several states away.

In fact, the company I work for currently is based in Wisconsin, and the website is hosted overseas!

--
No amount of genius can overcome a preoccupation with detail.

[ Parent ]

### THE TRUTH ### (3.00 / 3) (#32)
by fuzzcat on Thu Jan 24, 2002 at 11:49:18 AM EST

The company is VX2, the product is Sputnik...

Nancy Luft has been trying to tell those of us who read alt.conspiracy and a number of other newsgroups the truth about the Sputniks for quite some time now.

Some of my favorite Nancy Luft quotes?

"Your Sputnik Forces are the ultimate criminally insane monsters of this planet of all time, no joke!"

"Short of killing myself, I think the only way to stop the Sputnik Pigs is for me to move to some place like a remote part of southern Mexico or even further south."

"The Sputnik Pigs are anti democracy and they will freeze Siberia with abnormally cold weather and do any and everything they can to get rid of democracy."

Nancy has a fun habit of emailing a whole slew of DC politicians as well as President Putin on a regular basis about these Sputniks and other perceived evils.

So anyway, I'm sure that Nancy isn't surprised. ;)

I'm so sick of this stuff (3.00 / 1) (#45)
by 0xA on Thu Jan 24, 2002 at 11:40:26 PM EST

It is getting pretty clear to me that avoiding this stuff is almost impossible.

I really try to avoid installng much software on my machine, just the things I need, I find it mroe stable that way. The addition of these spyware programs has been noted many times as the source of crashes and all sorts of problems. Aside from all the issues around privacy and the general sucm factor associated with this (which are huge), I just don't want to deal with the potential problems.

So I develop this paranoid obession with avoiding software I don't absolutely need. I'm nearly as careful with my desktop system as my servers at work. But aparently I'm not careful enough.

I saw this story, read it and decided to update Ad Aware's reference file and do a scan. I realized I hadn't run it in a while figured better safe than sorry. Sure enough, it found a browser plugin called Alexis. I can't figure out where this fucking thing came from! I tried re-installing some of the stuff that came with my new video card, no luck. Re-installed some other stuff, still no luck. I just have no idea.

This is so frustrating, this crap is everywhere. At one point Creative even had something bundled with their drivers. I am just stunned that these companies think they can get away with this and saddend by the realization that they are.

Link for Ad Aware (none / 0) (#47)
by erlando on Fri Jan 25, 2002 at 04:58:23 AM EST

I saw this story, read it and decided to update Ad Aware's reference file and do a scan. I realized I hadn't run it in a while figured better safe than sorry.
And for those of us who on reading this article hadn't installed Ad Aware here is a link to Lavasoft who makes Ad Aware. :o)

A scan of my system found two (inactive) spyware-systems. Die scum..! :o)

[ Parent ]

Alexa (none / 0) (#51)
by catseye on Fri Jan 25, 2002 at 09:17:20 AM EST

I found it in mine too, and I did some digging and realized where it came from...

Web accessories for IE, downloaded off Microsoft's product update site.

----------
How can we fight Islamic Fundamentalism abroad if we do not fight Christian Fundamentalism at home?
[ Parent ]
OMFG! (none / 0) (#61)
by 0xA on Fri Jan 25, 2002 at 06:51:17 PM EST

I found it in mine too, and I did some digging and realized where it came from...

Web accessories for IE, downloaded off Microsoft's product update site.

Holy shit! You're right, I installed XP this afternoon (kinda cool btw) and have not installed anything but Office and the updates from windowsupdate.microsoft.com yet. Sure enough here it is.

I con't belive this.

[ Parent ]

My God!! (4.00 / 2) (#54)
by Elendale on Fri Jan 25, 2002 at 10:54:46 AM EST

This is like cracking someone's computer and swiping stuff and then having a "privacy policy" that says (in effect) "We're only trying to help you. Trust us. Ignore the sneakily-installed software, we aren't criminals. We just want to make your life easy. Relax, don't worry. You can count on us. We won't use any of the information we copied for bad, evil things. Really." sitting on your web page.
Freaky.

-Elendale
---

When free speech is outlawed, only criminals will complain.


Something should be done... (3.00 / 1) (#57)
by sucoyant on Fri Jan 25, 2002 at 01:12:30 PM EST

I'm against black hats, and hacking just to destory or do damage, but in this case, i think it would be fun to "0wN tH0z3 f00'z!". What they are doing is just plain wrong. Anyone up for a MASS DoS, or maybe even a r00ting?! Muhaha... spyware needs to die, and it should start with this company!
-------------------------------------- "Can you download the infared?" -SCOTD
A quote from someone at AudioGalaxy (4.00 / 2) (#58)
by CodeWright on Fri Jan 25, 2002 at 03:12:06 PM EST

Found this interesting message at [infoanarchy.org]:
Yes, Audiogalaxy bundles all manner of evil crap with the win32 client. The site has lots of pop-under ads, too. This is old news. It's obnoxious, but it pays the bills.

If you don't want the bundled fuckware, all you have to do is uncheck the checkbox in the installer; it will respect your wishes. (Also, you'll probably want to delete the BonziBuddy link it puts on your desktop.)

Alternately, you could just use the Linux client, which doesn't come with fuckware.

-- Steven Hazel
work: sah@audiogalaxy.com
other: sah@thalassocracy.org


[406@k5] NON ILLIGITIMI CARBORUNDUM EST
Heel your dog. (4.00 / 1) (#60)
by jet_silver on Fri Jan 25, 2002 at 06:46:48 PM EST

Folks, it's time to stop complaining about the tricks people are playing on you to gather information.

Your computer is -out of control- if you don't know what it is doing, or if it is doing something you don't want it to. I don't care if it is working within the design intent of whomever writes software, if you don't SEIZE that sucker and MAKE IT DO WHAT YOU WANT, it's a virtual spittoon, and you can't tell who-all's spitting in it.

There are a few hints ravelled up in what I say. First: there are consequences of using software (OSs, applications, downloads) that is not designed for the user. These consequences are generally bad. Second, there is money to be made in designing software for someone else, and getting it onto your computer. Third, security is not an abstruse game, it is a serious pursuit and the results of security breaches are broadly predictable. Warnings against, for example, using Microsoft ActiveX scripts have been loudly and frequently declared, and users ignore them. Check -your- settings before you scoff. Finally, YOU are (or at least should be) responsible for what your computer does, including what it does to screw you over, or who else it annoys because you are not exercising control over it.

Read the bulletins. Apply patches. Understand what processes your computer is running. Control your computer's effluvia. If you can't do this, deal with the fact that people smarter or more determined than you are going to fuck you over with your computer, and they're going to do it for their own gain. Sure, it sucks ethically. But you can stop it, if you decide it matters to you. You do not have to be a coder to do it, all you have to do is read and understand.

It's just like training a dog, y'all. It takes effort. If you don't train your dog, your living room will be the dog's bathroom and periodically someone will be bitten and hurt. If you -do- train your dog, you have a friend who you don't resent, because the rules are known.
"What they really fear is machine-gunning politicians becoming a popular sport, like skate-boarding." -Nicolas Freeling
The Evil Reporter (none / 0) (#63)
by nodes on Sat Jan 26, 2002 at 09:10:33 PM EST

It's time to launch an internet email service called "The Evil Reporter" to report on those who choose to do these evil deeds. We may even want a "Special Prosecutor" to go after them in the courts .... government courts and the court of public opinion.

Where was it in the AG terms? (5.00 / 1) (#65)
by jesterzog on Sun Jan 27, 2002 at 04:46:32 AM EST

Here are the culprits, VX2, and here is their privacy policy. Three paragraphs are particularly interesting: [snip] So, you've agreed to let them potentially harvest all information you ever type into an online form.

Is anyone able to show me the part of the AudioGalaxy terms that said I would also need to agree to this agreement? They might well have existed at the time, but I haven't been able to find them. I'm quite interested because I was hit with VX2, which I'm presently assuming was from AG Satellite, and I'm normally very careful to read through the privacy agreements. I must have missed this one.

This is all I can find in the AG Satellite 6.08 setup that I downloaded on 29-Oct-01. There doesn't seem to be much about privacy at all, apart from this insert from Onflow:

Onflow/VX2 privacy Policy & Terms of Use

Onflow along with VX2 has created this statement in order to demonstrate our firm commitment to internet privacy. The following outlines our information gathering and dissemination practice: Our Authoring System requires authors and publishers to register on our web site. Our registration form requests that authors and publishers give us contact information (such as name and email address). We use this data to send you emails containing updates to our Authoring System and/or the availability of additional services. You may opt-out of being contacted by us; see "Choice/opt-out" below. We may publish online surveys from time to time. Data collected is used to optimize our service and to provide customer support.

Player Privacy

The following information is specific to the Onflow Player, which allows users to enjoy rich multimedia displays through your browser.

Data transmitted

Each time the Onflow Player displays images, it transmits data to our server such as the serial number of the Player, the image displayed, the web page in which it was shown and whether you moved your mouse over the image or clicked on it. This data does not identify you.

Other Disclosure

It is possible, though unlikely; that a subpoena, court order or similar cause could require us to disclose information we have concerning a particular Onflow Player or a particular registered user. Should that occur, we would have to comply with legal requirements.

Policy changes

We may change or supplement our policies as needed. We do not use personally identifiable information for any other reason that account maintenance and to notify you of special offers. If this policy changes, you will be notified via email. Our current policy can be found at our web site; please visit us at http://www.onflow.com to review our most current policy.

Security

This site has security measures in place to protect the loss, misuse and alteration of the information under our control. Onflow maintains strict internal practices that help protect the security and confidentiality of this information by limiting employee access.

Choice/Opt-Out

Our site provides users the opportunity to opt-out of receiving communications from us at the point where we request information about the visitor. For more information about opting out, click here http://www.onflow.com/about/unsubscribe-newsletter.php

Contacting the Website

If you have any questions about this privacy statement, the practices of this site, or your dealings with this web site, you can contact us at info@onflow.com The VX2 privacy Policy and terms of use is also available by clicking on http://www.vx2.cc/privacy.html

Terms and Conditions

Please read the following carefully before proceeding. This is your license to use Onflow Software and Services. The license contains warranty and liability disclaimers. By continuing with the Player installation, you are accepting the agreement and become bound by its terms. ONFLOW CORPORATION IS WILLING TO LICENSE THE SERIALIZED PLAYER SOFTWARE ("PLAYER") ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS AGREEMENT. PLEASE READ THESE TERMS CAREFULLY. CONTINUING WITH PLAYER INSTALLATION MEANS YOU ARE ACCEPTING THE TERMS OF THIS AGREEMENT.

[...]

PLAYER SOFTWARE MODIFICATIONS

From time to time Onflow Corporation will modify the Player software. In such case Onflow will not notify you of modifications.


jesterzog Fight the light


Is VX2 Company President a Fraudster? (4.40 / 5) (#68)
by greenrd on Sun Jan 27, 2002 at 12:30:33 PM EST

According to a Slashdot post, based on state corporation records, the VX2 company president either is - or shares the same name with - someone who was involved in a $37m credit card fraud case: one Maurice O'Bannon.

However, the FTC press releases about the case (summarised and linked here) show that O'Bannon was the only defendant who was not found guilty of credit card fraud.

I dug a little deeper: I quote from one of the court orders, written by the judge (page 62):

O'Bannon argues that there is an absence of evidence to support the FTC's case. O'Bannon contends that the FTC's evidence shows he only temporarily acted as an officer for MJD, Discreet Bill and TAL, he had no actual authority over these companies, he resigned shortly after each corporation was formed, he did not know the other defendants and did not receive any compensation from the companies. O'Bannon motion at 2. Notably, O'Bannon does not mention the Charter Pacific merchant account agreement that indicates O'Bannon signed a legal contract on behalf of TAL in or about December 1998.

First, contrary to O'Bannon's assertion, the evidence shows that he was not always a "temporary" officer for the companies. In fact, the corporate documents indicate that he was an officer and director of Discreet Bill, at least on paper, for 13 months. [emphasis is in the original court order] [...] During the interim, O'Bannon, on behalf of Discreet Bill, signed the four fictitious business certificates. Second, it appears that O'Bannon signed the Charter Pacific merchant account agreement on behalf of TAL and he may have done so in or about Dec 1998, after he puportedly resigned from the company. The merchant account agreement enabled TAL to continue the fraudulent scheme, albeit only for about a month before the Receiver took over the company.

Nevertheless, the Court finds that O'Bannon is entitled is entitled to judgement in his favour. The FTC's case against O'Bannon is based solely on O'Bannon's role as an officer of the defendant companies. Therefore, to hold O'Bannon liable for injunctive relief, the FTC must establish that O'Bannon either participated directly in the wrongful practices at issue or had the authority to control the corporation.

In other words, there was not quite enough evidence to find O'Bannon liable, but he was clearly involved in the fraud - and he misrepresented the extent of his involvement to the court.

Again, this all assumes we are talking about the same O'Bannon here.

But who knows? Maybe VX2 is already planning to commit a crime with the information they have surreptiously gathered (that's supposing their information gathering methods aren't already criminal). There may be an opportunity here to haul them (further) into the limelight before they do some serious damage.


"Capitalism is the absurd belief that the worst of men, for the worst of reasons, will somehow work for the benefit of us all." -- John Maynard Keynes

A Shady Ring Of Companies (none / 0) (#69)
by greenrd on Sun Jan 27, 2002 at 12:37:03 PM EST

Much more information, including detailed removal instructions for VX2, at CEXX.

Many of the companies involved are linked either by being spun off by the same shady venture capital company or by actually sharing the same offices.


"Capitalism is the absurd belief that the worst of men, for the worst of reasons, will somehow work for the benefit of us all." -- John Maynard Keynes

OMG, idiots beware... (none / 0) (#72)
by BadlandZ on Sat Feb 23, 2002 at 10:25:50 PM EST

Directly from their site:

<PRE> If VX2 RespondMiter is not present: 1. Close all internet explorer browsers. 2. Search your "C" drive for xv2.dll. 3. Delete vx2.dll. </PRE> Good luck finding vx2.dll when you search for xv2!!!

Advertising Spyware can now read your mail | 72 comments (72 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!