« Sanford Wallace Relapses | Main | Point-and-click Phishing »
October 8, 2004
More on Wallace's spyware business
OK, I think I understand now why Wallace is being sued.
If you visit this page (be careful!) at one of Wallace's sites, it will try to launch a pop-up that runs a script (don't click that link with IE!) at his freevegasclubs.com site. (According to Norton AntiVirus, the page also attempts to exploit a vulnerability in Microsoft's Internet Explorer browser.)
The script at freevegasclubs.com attempts silently to log the victim into an ftp server (located at 207.58.159.14) that downloads and runs nine executable files. Some are identified by anti-virus software as "adware" or downloader programs. (E.g. istinstall_154074.exe, which Symantec calls Download.Adware.)
All of this technical sleight of hand is designed to happen automatically without any user intervention ... or permission.
Posted by brian at October 8, 2004 11:32 AM