StopBadware Saves Christmas

Posted on December 21, 2006 - 10:50 by jcallina

"Then one foggy Christmas Eve, Santa came to say, ‘StopBadware, with all your might, help me find the badware on my site.’"

This week we received one of our more interesting calls for help. A website owner, who is legally named Santa Claus, came to us wondering why in the world his site had been submitted to us for review and was being filtered by Google. He had consulted local experts, which we can only assume were elves, but they were unable to identify anything wrong with his site. Away to our research tools we flew like a flash, and with some quick analysis we knew there was much to dread. (I know I should have tried harder to rhyme in this paragraph, but I think you get the point). We noticed right away that nestled all snug in the bottom of his homepage was a nice little bit of code containing a badware link -- specifically, an iframe that would attempt to install badware onto visitors’ computers via a javascript exploit.

Santa was disconcerted, but glad that he wasn't incorrectly flagged. He and his crackerjack team of pointy-eared friends have since removed the offending link from his site and the workshop is once again a safe place to be. The moral of the story is that the Grinches who are looking to spread their unsafe software are willing to hack even Santa’s website, and if you are going to surf the internet make sure you have your anti-virus and anti-badware software up-to-date because it can get pretty stormy out there.

Filing our First Complaint with the FTC

Posted on December 7, 2006 - 10:23 by colson

Today, and the Center for Democracy and Technology (CDT) teamed up to file a
formal complaint
with the Federal Trade Commission (FTC) against for distributing badware
to unsupecting Internet users. is a site that offers MP3s for download --
however, it requires users to download a plugin in order to download these songs.

This FastMP3Search Plugin (reviewed by StopBadware here)
is one of the worst applications that StopBadware has ever seen. Not only does it secretly install
additional software, but the software it installs includes adware, Trojan horses, and a browser
hijacker -- and these applications download even more applications in turn. What's more, FastMP3Search
disables Windows Firewall without the user's permission, thereby allowing it to download all these
malicious applications without Windows alerting the user to their badness. These applications then
change the user's homepage, pop-up numerous advertisements (mostly for rogue anti-spyware
applications), and hog system resources, which caused our test computer to slow down and randomly

At this point, the user probably realizes that they've downloaded a bad application, and they just
want to get rid of it. Unfortunately, FastMP3Search makes this virtually impossible. Not only is the
main application itself almost impossible to uninstall, so is the badware that is bundled with it. If
the user then tries to seek outside help from anti-spyware experts on the internet, FastMP3Search again
stands in their way. By adding entries to the user's host file, FastMP3Search prevents the user from
accessing the websites of legitimate anti-spyware companies such as Symantec and McCafee. Now
desperate for a solution, the user may be tempted to download one of the rogue anti-spyware
applications being advertised in the pop-ups that are bombarding their system -- of course, should
they do so, their problems will only be exacerbated.

In sum, this application is one of the worst we've seen -- and we've seen a lot.

After realizing the badness of this app, we decided to join forces with CDT to file StopBadware's first
formal complaint
with the FTC. The FTC has previously shut down badware sites such as Team Taylor Made,
which StopBadware reviewed
back in May. We hope they continue to take steps to protect Internet users
from these sorts of harmful and deceptive sites and applications.

Related links:

StopBadware and CDT's FTC complaint

StopBadware's report on the FastMP3Search Plugin

Our press release

Professor John Palfrey's blog post on the subject

P2P Badware

Posted on November 29, 2006 - 17:55 by jcallina

Recently, was mentioned on the News blog in a post about Walt Rines and his company Odysseus Marketing.

The FTC has just filed a complaint against Walt Rines and Odysseus Marketing for “secretly installing spyware," and sharing them via practices that "are unfair and deceptive and violate the FTC Act."

Just google "Walt Rines" and you'll find plenty of unhappy folks writing about his work. His fake p2p program, Kazanon sounds a lot like the FreeWire
program from Wingsix that we reviewed yesterday.

FreeWire, like Kazanon, has some pretty nasty stuff -- installing additional software without disclosure, secretly installing Trojan horses and adware, displaying pop-up ads, etc., etc. And to top it all off, it's difficult or impossible to uninstall!

Watch out Wingsix! You may see the same fate as Walt Rines and Odysseus Marketing.