A Revolution is the Solution
Nice job again, PG. 
I'll alert my friends.
Were there any EULA's that warned about the Nail install? redxii1234 said that getting infected requires "laborious clicking of 'run'", but I don't know if that implied an EULA. Plus, all he ever got from the site was poker3.exe, no Nail.
on the install I got, its hard to say. the testbox is a midrange effort and pretty much died a "virtual" death as the install began to take place. all i know for sure is, a bunch of different popup boxes opened up (which i assume would be the various files called from other locations) then i cycled thorugh a bunch of error screens. when i managed to get it back, everything was loaded onto it and running already. I'm not sure if me frantically whacking away at the keyboard whilst looking at the error screens would somehow "accept" any EULAS displayed under the errors, though i doubt it. plus i only managed to get this to work a grand total of one times - then the nice people behind the site pulled it so i can't try it again. until some other site starts using the same method..
though thinking about it, i think this kind of install goes beyond EULAs. theres no way on earth direct revenue and all the others could *possibly* say that someone using some kind of crazy MSN virus/trojan/malicious link to get the adware onto the system could be a good thing.
even if someone DID want any of the installed programs on their system, and DID say "yes" to the install - its just out and out wrong!
people will argue endlessly over what resembles informed disclosure with regards webpage installs, but to me this is as bad and as clear cut as someone whacking a system through IRC. The intent behind it is nothing but malicious.
its obvious that no Means yes to these people ,
No i don't want your Rubbish Adware means oh yes please Download all sorts of Annoying Crap to my system,
Will it ever stop i wonder :-(
I've said it before and I'll say it again. EULA's are not the issue. Screw the disclosure and privacy policy, the affiliates, the C&D's and all that crap. This stuff is pure refuse and has no right to exist. All the other stuff is just like that effort to "define" spyware. It's more opportunities for loopholes. We don't need more rules. We need morals and principles.
So yeah in conclusion, let's tell those naughty people off
[Edit by Admin Bot] - This site does not condone violence!
Admin Bot, Vitalsecurity.org Forum Admin
No we need guns lots and lots of Guns
I got a water blaster pistol thingie, will that help?
and oooooo errrrrrrrr paper in his undies, the mind boggles 
Hehe, sorry Admin Bot, I should've known better
lol i wouldn't worry about it 3D, Admin Bot is pretty trigger happy (read: paranoid). one mans violence is another mans wedgie.
hmm...i hope he doesn't come after me next! :P
Just make sure u r fully clothed if he does and there are no lamp posts around
when do we start to hit them fisically?
When can we break their legs?
When can we take revenge?
Do you still think the law will help us? Keep dreaming. I want names and pictures of the people involved. Anyone in EU?
So far this morning I've spent two hours trying to eradicate "ABetterInternet" from my work machine. I am not happy.
I'm filing a complaint against Direct Revenue with the Attorney General in New York:
http://www.oag.state.ny.us/
onlin...laint_alert.jsp
I'm also taking a look at Direct Revenue's staff listing to see if I can track down any email addresses:
http://www.direct-revenue.com/dr...com/
dr_team.php
http://www.direct-revenue.com/sd...com/
sd_team.php
Hmmm... one of them went to my alma mater. Might the Alumni Office be able to provide a home address, email, or phone? Prepare for the 4am one-ring, asshole.
Direct Revenue LLC
107 Grand Street
3rd Floor
New York, NY 10013
V: 646.613.0376
F: 646.613.0386
Oooh! A fax machine! 3000 photocopies of my ass are going over now!
I hate this shit. I didn't install anything, I didn't click 'OK.' I returned from my vacation to find Aurora pop-ups appearing every five minutes. What a bunch of turds.
Edited by Admin Bot: I can see you're angry, but getting the site owner sued won't help anyone
-----------
Direct Revenue Launches Aurora
New Ad Client Affords Greater Brand Visibility, More Efficient Distribution
New York, New York - April 26, 2005 - Direct Revenue today announced the launch of its newest ad client, Aurora�.
The Aurora ad client is designed to improve product visibility and consumer services. The roll out of the upgrade to the DR behavioral network began on April 5th by replacing outdated ad clients in an effort to improve consumer awareness. Like other DR ad client brands such as "SolidPeer", released in September '04 and "Ceres" released in November '05, the Aurora Ad Client is compliant with the branding and removal standards of all major proposed Federal legislation relating to online contextual ads such as HR 2929.
Direct Revenue CTO Dan Doman said, "From a technology standpoint, Aurora represents a leap forward in connecting consumers to advertisers."
The Aurora launch follows the January debut of Direct Revenue's MyPCTuneUp�, a technical support feature that helps Direct Revenue customers with technical issues including removing software from their PC.
Direct Revenue CEO Joshua Abram said, "Aurora and MyPCTuneUp demonstrate our commitment to providing advertising partners, clients and consumers the best possible experience in behavioral marketing and search."
About Direct Revenue
A leader in online media, top brands rely on Direct Revenue's products, services and partner network to deliver highly targeted marketing messages to over 15 million Internet users worldwide. Founded in 2002, Direct Revenue acquired SohoDigital in 2004 and launched BehavioralMarketplace, the premier targeted in-page advertising network, in 2005. Direct Revenue supports best practices throughout the online media value chain, inlcuding the Spy Act.
Contact Information
Jonathan Cohen
(646) 442-6366
jcohen@direct-revenue.com
© Copyright 2005 Direct Revenue, LLC. All rights reserved.
thanks a ton for the infos. I will work on this. More numbers are always useful.
With regards to the blog I've been seeing friend's with random pop-up emaill links on their MSN for quite some time... Ie. Six months. It's always been for "harmless" shit such as buddy icons and smiley's but's been the same technique. I'm not surprised that this has happened. It was on;ly a matter of time.
And thanks for the links. You've just planned my weekend for me. (Time to write some flames and make some public pay phone calls)
yep, there was the ITunes one a while back and that Osama one too. Nothing on a scale like this before, though. This would be a heavy hit even if it were launching from a webpage.
I currently work in IT and i'm trying to get into researching spyware. My users seem to have no problem finding this garbage (over 1 million files cleaned since last year via lavasoft adaware) but i can't find it to save my life. I've tried hitting the shady websites (ie tnlottery.org) with not luck. Can you point me in the right direction?
I don't know of any install site URLs, but I'm willing to bet there are still torrents around that install these things. Unfortunately you may have to prepare for long downloads. This article was about Nail.exe's spread through instant messenging, so unless you're using IM AND have a contact who's infected, your best bet right now is probably bittorrent.
Anyone try the uninstaller? Does it leave residue? Their site mentions a 'marker' left behind to keep the product from ever reinstalling itself. I'm guessing a cookie is what they consider a marker, but could be a registry entry.
Copied directly from this this thread: http://www.aluriasoftware.com/fo.../
thread812.html :
"If your pop-up windows have "Aurora" in the title bar, you might have a tough time removing this tenacious spyware.
Before fixing the problem, be sure to call the creators at:
Direct Revenue, LLC in New York. Their phone number is 646-613-0376, and they are located at 107 Grand Street, 3rd Floor in Manhattan.
Now for the fix...go to http://www.mypctuneup.com/ and use this uninstaller.
Hopefully the anti-adware legislation going through Congress will help put these scum out of
business."
Hope this helps-
-Chrispy
Commenting by HaloScan
