A Revolution is the Solution
You must see a lot of pr0n in your industry. And of course you always have an excuse...
ummm... since when do popups equate to spam? adware sure, but spam?
also, does it also work against quicktime alternative? i dumped quicktime proper a long time ago if it works on quicktime alternative too then i guess i'd still be vulnerable to this...
Not sure about Quicktime alternative, but as far as "spam" goes, I'm using the term loosely under the following definition:
"To indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages, especially commercial advertising in mass quantities."
I'd say that's exactly what they're doing, though admittedly in a rather strange fashion.
web pages are messages?
i can see how they might fit the definition but it seems like a leap few people are willing to make...
Like I said, I'm using the term loosely. But however you approach it, they're using this function of Quicktime to effectively spam signup pages to people with a pretend Monica Bellucci clip that isn't actually Monica Bellucci (more's the pity!)
To me its not such a leap - after all, the term "spam" is used to describe many different things nowadays besides emails. you have messaging spam, streetspam, spamdexing and many more besides. if the "definitive" definition of spam is unsolicited emails containing advertisements, I can't see that this is any different given that its an unsolicited advertisement (minus email) and slotted into the last place you'd ever expect to see it (a stupid quasi-pr0n clip on a P2P network). Given that it appears in such an out of context place (ie not a bog-standard webpage ad or something similar) I feel it warrants the label.
but then all pages served by adware becomes spam... does spam even have any meaning at that point or is it the new umbrella term for everything we don't like?
spam is generally used to denote a kind of repetitive network abuse... to that end, the downloaded files themselves could, i suppose, be considered p2p spam (they're an abuse of the p2p network for the purpose of spreading adware), but the web pages that popup are an adware payload...
it's like if you got regular porno email spam that had javascript to launch webpages in new browser windows - are the pages the spam or is it the email they came from? the movies don't spam(malize) you, the movies ARE spam...
The webpages opened by the movie file aren't opened up by adware - they're opened up by the Quicktime feature. Nothing is installed on the machine.
If they're uploading these movie files wholesale onto P2P networks with the *express* intention of using deceit (which they are) to attack end users with an advert asking for money, to me that's no different from an email about viagra that I didn't ask for. The videoclip itself doesn't even have any worth, as its not even what's advertised....just some stupid girl who needs to put her clothes back on and stop dancing to Xtina.
Whether you define the movie itself as spam or not doesn't really matter, because it *is* "spammalising" you via the popup it launches. If I download Monica Bellucci, then I expect to see Monica Bellucci - not a) some crummy girl who is clearly not Monica Bellucci and then b) a webpage popping up out of nowhere with the specific intention of selling me something. Even worse, when that sales pitch is launched by horrible droopy boobs attached to some woman with a face like a bag of spanners asking me to sign up to their awful website to make some loser money.
To me, that's no better (or different) than regular Email spam selling me crap, or fly posters selling me crap, or garbage pushed through my letterbox selling me crap. Ultimately, its all spam, and its all crap, crap, crap and if I *could* shovel it all under one huge banner, it would be the word "crap" flashing in gigantic neon bulbs from the top of the highest mountain.
Though like I said, I'm not really too bothered either way about the definition of some random word in the title - I'm much more interested by what the bad guys could potentially do with a gimmick like this.
I personally dont see the big deal in calling it spam - Kurt, youre way too hung up over definitions here.
you yourself state "spam is generally used to denote a kind of repetitive network abuse" - the key word is "generally".
I wouldn't ever describe spam like that, Id simply describe it as something i dont want, nor did i ask for.
different definition to yours yes, but still valid.
social networking spam for example is classed as "targetting a certain demographic and send them notes from an account disguised as real people. These notes typically are embedded with links to pornographic or other product sites designed to sell you something."
substitute "notes" for "movie embedded with url that pops open halfway through" and i dont really see the difference.
why CANT we have movie spam? after all, thats what its doing. someones using a built in feature of quicktime to....spam something.
"web pages are messages?"
Do the webpages CONTAIN "unsolicited, unwanted, irrelevant, or inappropriate messages, especially commercial advertising"?
yep.
@paperghost
"The webpages opened by the movie file aren't opened up by adware - they're opened up by the Quicktime feature. Nothing is installed on the machine."
nothing says adware requires installation... clearly the quicktime player interprets instructions stored in the movie files, ergo the movie files contain software and that software displays ads - adware...
"If they're uploading these movie files wholesale onto P2P networks with the *express* intention of using deceit (which they are) to attack end users with an advert asking for money, to me that's no different from an email about viagra that I didn't ask for."
i agree, but it's the movie files themselves that are the spam, they are the instance of the network abuse...
"Though like I said, I'm not really too bothered either way about the definition of some random word in the title - I'm much more interested by what the bad guys could potentially do with a gimmick like this."
i'm interested in both... one advances the state of knowledge, the other the state of security...
@stephen
"I personally dont see the big deal in calling it spam - Kurt, youre way too hung up over definitions here."
words have meaning, if you use the wrong ones you convey the wrong meaning... the careful application of a classification system is the foundation of the development of mental models in any domain of knowledge... deviation and fuzzy thinking lead to more deviation and even fuzzier thinking which in turn lead to things like a symantec support analyst and blogger saying there are no mac viruses in one breath and then linking to a write-up for one in the next because he doesn't understand the definitions the virus analysts are using (just as an example)...
we don't all necessarily have to use the same definitions, mind you, so long as each of us understands the definitions the other is using... the more one deviates from the norm the more one has to explain, and if (not saying this is the case here) the deviations are born of sloppiness then such explanation will be hard to come by...
i understand what chris is saying - i don't agree with his classification, but i understand it... and i think i've said my peace on it - now i'm really only interested in the scope of this security issue...
Commenting by HaloScan
