Ana Viseu on Sat, 1 Feb 2003 15:05:26 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> 'autonomous' colonizer program |
[an interesting story about a new 'autonomous' program, a browser toolbar add-on to Explorer, that is downloaded without user input and then self-installs itself on the hard drive. It then changes the homepage, prevents users from restoring the old browser settings and seems to cause computer crashes. Best. Ana] Sneaky Toolbar Hijacks Browsers It's the most evil thing on the Internet, according to some of its victims. But it's not a virus, a scam or a raunchy porn site. It's a browser toolbar that some swear is doing "drive-by downloads" -- installing itself without users' permission -- then taking over their systems and making it impossible to uninstall. "When I find the bastards who programmed this thing I'd be happy to castrate them with a pair of dull pinking shears," fumed one of Xupiter's many unhappy victims in a newsgroup posting. Xupiter is an Internet Explorer toolbar program. Once active in a system, it periodically changes users' designated homepages to xupiter.com, redirects all searches to Xupiter's site, and blocks any attempts to restore the original browser settings. The program attempts to download updates each time an affected computer boots up, and has been blamed for causing system crashes. Several versions of Xupiter also appear to download other programs, such as gambling games, which later appear in pop-up windows. Some said that Xupiter has taken over their browsers. "Random words and characters now appear when I attempt to enter info on search sites or other forms. It's as if there's a ghost in my machine," New York resident Beth Vanesky said. Xupiter.com is registered to a company called Tempo Internet, in Gyongyos, Hungary. Calls and e-mails to Tempo were not returned. Xupiter offers an uninstall utility, but many said that it didn't work, and in some cases made things worse. "I ran the Xupiter Uninstall, and now every time I try to launch Explorer I get error messages saying 'Xupiter is not installed properly, please reinstall,'" said Manny Abrams of Chicago. Xupiter has spawned long message threads on some tech support sites, as users wrestle to reclaim their machines from the terrible toolbar. "When Xupiter first appeared, we spent a week trying to figure it out," said Mike Healan, of SpywareInfo. "There's a monstrous thread with over 26,000 page views where a couple dozen of us tested it until we figured what it did and how to deal with it." But Healan said that every time people sort out what Xupiter is doing, Xupiter's programmers tweak its code. It also appears that Xupiter may be selling its "service" to other websites. "About once every month or two this software starts hijacking people to a new site," Healan said. "And every time a new version comes out, it adds a different startup entry, uses a different method to change the search function and is basically a bigger pain to remove." Xupiter's site claims the toolbar isn't installed without express permission, but many insisted that they had not agreed to install the program. "Xupiter is the worst thing I've ever personally encountered on the Internet," said Ed Olexa. "You only realize that it has been installed when you start your browser and see that Xupiter's search page is now your homepage." Olexa had to manually edit his system registry to remove Xupiter. "Xupiter seems to have the ability to reinstall itself if each and every component is not removed," Olexa said. "Computer novices might never really get rid of it." Healan recommended Spybot Search & Destroy to eradicate the program. Healan said some installations probably occurred when people clicked "OK" in a pop-up box without really knowing what they had agreed to, or when they meant to close the pop-up window. Xupiter is also being bundled along with at least one peer-to-peer file-sharing program. And the toolbar will install itself automatically when Internet Explorer's security settings aren't set to the highest level. http://www.wired.com/news/infostructure/0,1377,57467,00.html?tw=wn_ascii By Michelle Delio Jan. 30, 2003 [ - - - - - - - - - - - - - - - - - ] Tudo vale a pena se a alma n�o � pequena. http://fcis.oise.utoronto.ca/~aviseu/index.html http://privacy.openflows.org/index.html [ - - - - - - - - - - - - - - - - - ] # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [email protected] and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: [email protected]