A Revolution is the Solution

Gravatar "Quick, but important sidenote: Value doesn’t matter if the installation is done in a fraudulent or deceptive way. There are four important principles that must be followed before we can even have the value conversation. First, the initial prompt (the one that asked 'Joe' to install a desktop advertising program) must clearly explain what the program does and why it’s necessary. Second, the software can only be installed after Joe gives his consent. Third,the software must do only what it says it will do. Fourth, it MUST be easy to uninstall, and uninstall instructions must be easy to locate. To be clear, a good installation is NOT part of the value proposition. It is a prerequisite to it."

That is actually from the 180solutions blog.

HELLO! are you listening to anyone here? perhaps even your own bloggers?
KiD | Homepage | 10.31.05 - 11:34 am | #

Gravatar It just gets better and better. Their own blog. What next?

I dread to think.
AndyAtHull | Homepage | 10.31.05 - 11:49 am | #

Gravatar Hi PG

I think you may have misconstrued the purpose of the rootkit as far as the malware vendors are concerned. The rootkit gives the scummers what they really want, that is persistance for their install bundle. The rootkit stealths the installer, so when you clean all the crap off a system, bang it reappears - just what they want. I dont dispute for one second the fact that the rootkit stealthed installer can also load backdoors too, but that is not, I believe, what 180's etc main purpose is. They make money from their crap installs, and the longer their stuff stays on a system, the more money they make. RK technology gives them just that, as far as they are concerned, its a marriage made in heaven.
The same code can be used to protect and reinstall backdoors for those who farm DDOS resources too, but im not sure that they and 180 Solutions are the one and the same .

UKBiker
UKBiker | 10.31.05 - 1:43 pm | #

Gravatar no, im not saying 180 solutions are responsible for te rootkit. im saying that the creators of the rootkit are using the advertising software bundle as a decoy - a red herring, if you like. everyone thinks its just another "adware bundle" while in reality all eyes are off the rootkit put there by the rogue affiliates.
Paperghost | 10.31.05 - 1:51 pm | #

Gravatar Welcome to blogs of note fame!
click here to see the worlds m | Homepage | 10.31.05 - 3:06 pm | #

Gravatar HA!! They have a blog, how funny is that?? I already posted to it. These guys just don't get it. How can they compare what they do, to something like the Super Bowl?

With one, you get a game, sprinkled with, in this particular case, some of the funnest commercials of the year. And with 180Solutions bundle crap you get........? Popoups, performance lag, unauthorized changes to your system, oh, yeah, AND a rootkit(tho, perhaps, not their doing, depending on how you view their 'affiliate' program).

These guys have got to be idiots, plain and simple.
TeMerc | Homepage | 10.31.05 - 4:54 pm | #

Gravatar BTW, PG, this has gotten all ove the place, since youWayneSpywareGuide posted it:
http://www.securitypipeline.com/ ...BECKH0CJUMEKJVN

http://www.whitedust.net/speaks/1532/

http://www.neowin.net/comments.p...7& category=main

Thats just a few I saw, I'm sure theres more.
TeMerc | Homepage | 10.31.05 - 5:35 pm | #

Gravatar rootkits like any software are open to abuse and if something is open to abuse someone is going to do it ..
malware vendors
milligansghost | 10.31.05 - 5:36 pm | #

Gravatar heres another one

http://www.techworld.com/securit...sID=4691& inkc=0

more to come, too
Paperghost | 10.31.05 - 7:09 pm | #

Gravatar I don't see any comments or trackbacks on the 180 blog yet. It's probably heavily moderated.
suzi | Homepage | 10.31.05 - 7:14 pm | #

Gravatar Paperghost,

I really respect you and your site. I've learned alot by your posts and hard work.

I came across this site the other day while at the SunbeltSoftware blog and it looked interesting.

DFK Threat Simulator.
http://www.morgud.com/interests/...t- simulator.asp

Are you (or your faithful) aware of this thing and if so, any comments on it?

Thanks for any insights...
Claus
Claus | Homepage | 10.31.05 - 10:06 pm | #

Gravatar What does it mean if I dont understand what this blog is about?



Edited By Siteowner
Alex Dorph | 10.31.05 - 10:21 pm | #

Gravatar Is that the same thing as the other million variations containing lockx.exe?

Is this one exploit based or does Joe Sixpack have to download the file himself? If the latter then it appears companies like 180 will continue to exist as long as there are click happy users.
redxii | 10.31.05 - 10:27 pm | #

Gravatar Well, it would seem the blog is either heavily moderated to the point of not posting negative comments, or, they are just as slow to post any comments as they are to root out rogue affiliates.
My comment has not been posted yet. I was not prompted to register or sign in or anything like that.

Why am I not surprised?
TeMerc | Homepage | 11.01.05 - 12:00 am | #

Gravatar " What does it mean if I dont understand what this blog is about? "

Apparently it means, you only posted to have your links here for exposure.
Deb | 11.01.05 - 1:32 am | #

Gravatar Jeez... AOL has gotten away with it for years, what did you expect?
bws1 | 11.01.05 - 3:05 am | #

Gravatar redxii - similar one i think, though it looks like there are some variants already floating about the place so i'd need to check. this thing has moved at warp speed.

Claus - thanks I think its a useful app that can really teach you a lot about what can go wrong in an attempted removal scenario. just make sure you run that thing on a test box!
Paperghost | 11.01.05 - 8:13 am | #

Name:

Email:

URL:

Comment:  ? 

 

Commenting by HaloScan