SPYWARE ALERT: MyFreeCursors.com - KeenValue

Discussion in 'other security issues & news' started by javacool, May 4, 2003.

Thread Status:
Not open for further replies.
  1. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,099
    SPYWARE ALERT: MyFreeCursors.com - KeenValue

    Last Updated: May 4, 2003

    Background: MyFreeCursors.com offers an “easy cursor change service”. By clicking on a cursor that a user wants, the site will attempt to download and run an installer using ActiveX. This installer not only installs the cursor, but may install the following three applications:
    n-CASE
    iGetNet
    KeenValue

    The focus of this advisory is the KeenValue program.

    Details: The hard-to-find privacy policy, located (among many places) at myfreecursors.com/privacy/ , details some alarming characteristics of the KeenValue program. Supposedly, KeenValue "provides you with the ability to obtain advertiser-supported versions of software applications (valued at up to $30) free-of-charge or at a reduced cost"… but take a look at the following sections of the "privacy policy" / terms of use:

    So it displays ads. What else is new?

    Well according to the "privacy disclosure statement" portion of the document, KeenValue collects the following information:

    •   Web sites/pages viewed
    •   The amount of time spent at some Web sites
    •   Response to the Advertisements displayed
    •   Standard web log information including IP address and system settings
    •   What software is on your personal computer
    •   Your first and last name, country, and five digit ZIP code
    •   Your usage characteristics and preferences

    Not only that, but the privacy policy actually states KeenValue may READ THE CONTENTS OF THIRD-PARTY COOKIES STORED ON YOUR MACHINE, and may also INSTALL "certain rich media player applications, browser plug-ins, virtual machines, and runtime environments" without your knowledge.

    Known Distribution Sites: KeenValue may be installed through downloads from any of the following sites:
    myfreecursors.com
    thunderdownloads.com
    crazymates.com

    There may also be many other methods of distribution that are not yet known. It is highly recommended that users stay away from the above sites.

    Protection: A database update was released today (5/04/2003) for SpywareBlaster that covers 16 variants of KeenValue. Adding the sites listed above to the restricted zone in Internet Explorer should also help prevent the installation of KeenValue (blocking them using the hosts file is another recommended method).

    Responsible Parties: It seems as though eUniverse, Inc. (euniverse.com) is responsible for KeenValue, as well as the ThunderDownloads site, and possibly the MyFreeCursors site (all of the downloads there are digitally signed by eUniverse).

    Best regards,

    -Javacool
     
  2. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,099
    The latest information on this particular program can always be found at:

    http://www.wilderssecurity.net/specialinfo/keenvalue.html

    Best regards,

    -Javacool
     
  3. jeannie

    jeannie Guest

    I downloaded MyFreeCursors.com and did not know that other programs would be added such as Keenvalue, and I think it was a popup program. My question is how can I keep my cursors with out the other programs as they are very interfering and I do not want them can you help me through what ever process it may take to accomplish this. The only thing I can think is to remove all programs.......thank you in advance o_O :(
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi jeannie,

    Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log as a .txt file, and copy and paste its contents into your next post.

    Most of what it lists will be harmless, so do not fix anything yet.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.