Ana Viseu on Sat, 1 Feb 2003 15:05:26 +0100 (CET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> 'autonomous' colonizer program


[an interesting story about a new 'autonomous' program, a browser toolbar
add-on to Explorer, that is downloaded without user input and then
self-installs itself on the hard drive. It then changes the homepage,
prevents users from restoring the old browser settings and seems to cause
computer crashes. Best. Ana]


Sneaky Toolbar Hijacks Browsers

It's the most evil thing on the Internet, according to some of its victims. 
But it's not a virus, a scam or a raunchy porn site.

It's a browser toolbar that some swear is doing "drive-by downloads" -- 
installing itself without users' permission -- then taking over their 
systems and making it impossible to uninstall.

"When I find the bastards who programmed this thing I'd be happy to 
castrate them with a pair of dull pinking shears," fumed one of Xupiter's 
many unhappy victims in a newsgroup posting.

Xupiter is an Internet Explorer toolbar program. Once active in a system, 
it periodically changes users' designated homepages to xupiter.com, 
redirects all searches to Xupiter's site, and blocks any attempts to 
restore the original browser settings.

The program attempts to download updates each time an affected computer 
boots up, and has been blamed for causing system crashes. Several versions 
of Xupiter also appear to download other programs, such as gambling games, 
which later appear in pop-up windows.

Some said that Xupiter has taken over their browsers.

"Random words and characters now appear when I attempt to enter info on 
search sites or other forms. It's as if there's a ghost in my machine," New 
York resident Beth Vanesky said.

Xupiter.com is registered to a company called Tempo Internet, in Gyongyos, 
Hungary. Calls and e-mails to Tempo were not returned.

Xupiter offers an uninstall utility, but many said that it didn't work, and 
in some cases made things worse.

"I ran the Xupiter Uninstall, and now every time I try to launch Explorer I 
get error messages saying 'Xupiter is not installed properly, please 
reinstall,'" said Manny Abrams of Chicago.

Xupiter has spawned long message threads on some tech support sites, as 
users wrestle to reclaim their machines from the terrible toolbar.

"When Xupiter first appeared, we spent a week trying to figure it out," 
said Mike Healan, of SpywareInfo. "There's a monstrous thread with over 
26,000 page views where a couple dozen of us tested it until we figured 
what it did and how to deal with it."

But Healan said that every time people sort out what Xupiter is doing, 
Xupiter's programmers tweak its code. It also appears that Xupiter may be 
selling its "service" to other websites.

"About once every month or two this software starts hijacking people to a 
new site," Healan said. "And every time a new version comes out, it adds a 
different startup entry, uses a different method to change the search 
function and is basically a bigger pain to remove."

Xupiter's site claims the toolbar isn't installed without express 
permission, but many insisted that they had not agreed to install the program.

"Xupiter is the worst thing I've ever personally encountered on the 
Internet," said Ed Olexa. "You only realize that it has been installed when 
you start your browser and see that Xupiter's search page is now your 
homepage."

Olexa had to manually edit his system registry to remove Xupiter.

"Xupiter seems to have the ability to reinstall itself if each and every 
component is not removed," Olexa said. "Computer novices might never really 
get rid of it."

Healan recommended Spybot Search & Destroy to eradicate the program.

Healan said some installations probably occurred when people clicked "OK" 
in a pop-up box without really knowing what they had agreed to, or when 
they meant to close the pop-up window.

Xupiter is also being bundled along with at least one peer-to-peer 
file-sharing program. And the toolbar will install itself automatically 
when Internet Explorer's security settings aren't set to the highest level.

http://www.wired.com/news/infostructure/0,1377,57467,00.html?tw=wn_ascii
By Michelle Delio
Jan. 30, 2003






[ - - - - - - - - - - - - - - - - - ]
Tudo vale a pena se a alma n�o � pequena.
http://fcis.oise.utoronto.ca/~aviseu/index.html

http://privacy.openflows.org/index.html
[ - - - - - - - - - - - - - - - - - ]


#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: [email protected] and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: [email protected]