Paperghost: Malware Writers Beware, I'm Gunning For You

Discussion in 'other security issues & news' started by TeMerc, Jun 3, 2005.

Thread Status:
Not open for further replies.
  1. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Paperghost, noted MS MVP has an excellent blog and has recently decided to take on the thugs at Direct Revenue. Much in the same way Webhelper has chronicled the Transponder Gang, Paperghost will also expose these scumbags for what they really are, greedy, lowlifes using the uneducated Internet user as their way to riches. He has given me permission to reprint his writeups as they proceed. Exposure is our best weapon against them. I'll keep this thread updated as he posts more info.


    Originally Posted May 31
    A Revolution is the Solution...

    Full Read @ VitalSecurity.org

    ===============================================

    Friday, June 03, 2005

    Direct Revenue: BUSTED!

    Full Read @ VitalSecurity.org
     
  2. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Full Read, w\screenshots @ VitalSecurity.org

    Reprinted with permission by Peperghost
     
  3. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Aurora install links wanted!
    Reprinted with permission by Paperghost
     
  4. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Direct-Revenue: VitalSecurity Info 'Misleading'
    Spyware Floods In Through BitTorrent
    By Ryan Naraine
    June 15, 2005

    BitTorrent, the beloved file-sharing client and protocol that provides a way around bandwidth bottlenecks, has become the newest distribution vehicle for adware/spyware bundles.

    Public peer-to-peer networks have always been associated with adware program distributions, but BitTorrent, the program created by Bram Cohen to offer a new approach to sharing digital files, has managed to avoid the stigma.

    Not any more, anti-spyware advocates warn.

    According to Chris Boyd, a renowned security researcher who runs the VitalSecurity.org nonprofit resource center, the warm and fuzzy world of BitTorrent has been invaded by a massive software distribution campaign linked to New York-based adware purveyor Direct Revenue LLC.

    "This is the marketing campaign to end all marketing campaigns," said Boyd, the Microsoft Security MVP (most valuable professional) known throughout the security industry by the "Paperghost" moniker.

    In an e-mail interview with Ziff Davis Internet News, Boyd said rogue files have popped up occasionally in BitTorrent land but those were usually just random executables. "This is the first time I've seen a definite money-making campaign with affiliates, distributors and some pretty heavy-duty adware names," he added.

    Boyd, widely known for chronicling spyware, hacking and malware exploits, has published details of the BitTorrent distributions and identified Direct Revenue and Marketing Metrix Group as the companies responsible for the rigged files.

    More.......

    Page 2

    Direct Revenue admitted to using MMG to push Aurora distributions via BitTorrent, but insisted that the actual adware installation was done with adequate and up-front disclosure.

    In an interview, Direct Revenue chief technology officer Daniel Doman said MMG is "one of many affiliates" used to distribute Aurora. "They [MMG] specialize in doing content distribution on peer-to-peer channels, and we think they provide an easy mechanism for people like us who want to monetize software or content."

    Doman, a former director of engineering at DoubleClick Inc., said the increased visibility of Aurora and the "nail.exe" component was not the result of new installations, pointing out that Direct Revenue is auto-updating its file-naming convention to address criticisms that the adware program was hidden on purpose.

    Doman described Boyd's posts on VitalSecurity.org as "misleading" and pointed out that the screenshots provided by the researcher "clearly show full disclosure" before the Aurora program is installed.

    Full Read @ eWeek
     
  5. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Paperghost: My Response
    ...ahahahaha! Someone sounds rattled!

    Where?

    Here

    In an interview just given with Eweek.com, a tale of two cities is presented - one where thousands of people have ended up with Aurora on their systems and wished they could get a can of industrial strength bug-spray to clean the damn thing out.

    The other is a place where Aurora is a "valuable marketing proposition" and everybody can't wait to have anything up to five advertising windows popped open at the same time.

    In other words, Daniel Doman (chief technology officer for Direct Revenue) sounds a touch rattled by the increased attention paid to their "toy" - it's a long time since I saw someone come across as that defensive in an interview. Even better, he appeared to miss the point of this article completely. So in the spirit of fair play (and because I love stuff like this), what follows is a breakdown of the above article with my responses to this guy's vaguely panicked sounding "accusations". Don't worry, I'll be fine. I've seen Eric Howes do this hundreds of times...

    Full Read, w\screenshots and detailed analysis @ VitalSecurity
     
  6. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Full Read @ VitalSecurity.org

    Reprinted with permission by Paperghost
     
  7. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    PCMag:paperghost Scheming Against Bittorent

    By John C. Dvorak

    Full Read @ PCMagazine

    Read my reply over at the PCMag forums here
     
    Last edited: Jun 22, 2005
  8. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Paperghost Replies to John Dvorak:

    Full Read @ VitalSecurity.org
     
  9. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    asasasa
     
  10. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Wayne Porter writes his opinions on John Dvorak's(PCMag, above post) artcile slamming Paperghost\Chris Boyd.

    Full Read @ ReveNews

    I stronlgy urge all to read the entire thread, its well worth it.
     
  11. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Now eWeek Jumps On Dvorak

    By Steven J. Vaughan-Nichols
    June 23, 2005

    Opinion: But there is way too much crazy talk going on about Avalanche, BitTorrent and adware.

    John, John, John. John Dvorak, what were you thinking?

    In his recent column, The Scheme to Discredit BitTorrent, Dvorak gets so much wrong about BitTorrent, its security problems, Microsoft and Avalanche that's it hard to know where to begin.

    So, let's just walk down Mr. Dvorak's column, shall we?

    First, is Microsoft really taking aim at BitTorrent, the justifiably popular peer to peer protocol? Yes, I know that Bram Cohen, BitTorrent's inventor, thinks so, but is it really?

    Both Cohen and Dvorak describe Microsoft's Avalanche project as vaporware.

    Ah, actually, it's not even that. It never was.

    I don't need to explain this, though. I'll let Kevin Schofield, Microsoft Research's general manager for strategy and communications.

    Full Read @ eWeek
     
  12. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Full Read @ VitalSecurity.org
     
  13. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Vital Security.org
     
  14. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Aurora Adware bundle hits Instant Messaging

    Full Read w\screenshots @ VitalSecurity.org
     
  15. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    From SpywareGuide.com:

    Full Read @ SpywareGuide.com

    ======================================================================
    From Paperghost:

    Watch flash movie
     
  16. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Instant Messaging Adware: First rogue affiliate dragged into the light?

    Full Read @ VitalSecurity.org
     
  17. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Full Read @ VitalSecurity.org
     
  18. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    August 7, 2005

    Amazon In the Logs of the Latest IM Spyware Scandal

    Full Read @ ReveNews
    =================================================

    August 8 2005

    More on IM adware infiltration from Paperghost:

    How deep does the IM rabbit hole go?

    Ful Read @ Vital Security.org
     
  19. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    August 12, 2005

    The creators of the IM bundles discovered...

    Full Read @ VitalSecurity.org
     
  20. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    VitalSecurity.org

    ================================================

    A microscopic cog, in a catastrophic plan...

    Full Read @ VitalSecurity.org
     
  21. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Major BitTorrent Adware distribution underway?

    Full Read @ VitalSecurity.org
     
  22. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    Full Read @ VitalSecurity.org
     
  23. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    The Song Remains The Same:

    Referenced here


    Fast Forward, Oct 11, From Paperghost:

    Full Read @ VitalSecurity.org
     
Loading...
Thread Status:
Not open for further replies.