We have currently uncoverd two different spyware/adware applications
that have the ablility to "steal" affliate earnings
from unsuspecting web sites. These two programs can clearly
be classified as the worst kind of theftware applications because
they are stealing money direclty from unsuspecting web site owners.
As many of you might already know when a web site joins an
affliate program to sell products or services on behalf
of another they are assigned a specially formed link that allows
the seller to know who referred the sale to them, allowing that
web site to make a commission on the sale. However we have uncovered
two spyware/adware applications that have the ablility to rewrite
these affliate links for their own benefit.
The first is a spyware application called SaveNow, also known
as WhenU, the name of the company supplying the software.
It is commonly bundeled with file sharing applications such as
Bearshare and is also included with RadLight video player. For
additional information see our sections on the following: Problems with KaZaa Media Desktop,
Concerns about Gnutella
File Sharing Programs and Facts
about downloadable Shareware & Freeware (Please note:
RadLight is a media player that also has the ability to delete
Ad-Aware by LavaSoft, a speical program designed to protect consumers
computers from adware & spyware programs)
When installed on a client computer WhenU has the ability to
redirect the affilate "string" to credit the spyware/adware
program instead of the true web site owner via the client side
browser which houses the application.
Another spyware application that can intercept
affiliate earnings is a program called WurldMedia.
WurldMedia is an Internet Explorer browser helper object that
detects visits to known sites and redirects them through a third-party
server in order to take the affiliate fees. WurldMedia even steals
the fees from other webmasters when you use their own links. There
are currently several variants of this program floating around.
WurldMedia is also known as Morpheus Shopping Club, WURLD Shopping
Community, BuyersPort. Like SaveNow, it is distributed with many
file-sharing programs, and is known to be included in Morpheus.
Also like SaveNow it to has the ablility to commondeer the affilate
"string" to credit the themselves instead of the true
web site owner via the end users browser. Wurld has has the ablility
to overwrite affiliate links strings, replacing them with its
own link to steal the commission from the web site that actually
made the sale.
Based on download figures of the two primary file sharing programs
that distribute these two theifware programs it is esitmated that
possilbly over 280 million computers might be infected with one
or both of these programs, That is a very large number of infected
computers which can severly impact on the earnings of a legitamate
web sites. Currently we do not know of any way to prevent this
type of theft from occuring.
Don't forget to read our information on Who's
Stealing Your Web Traffic! and How
Spyware Can Hurt Your Business & Earnings
We have found a number of programs that state that they have
the ability to protect affiliate strings from being altered or
tampered with. Many of these programs charge a varity of fees,
however we have also found at least one simple and easy to use
program that can also perfom the same function for free. The way
these link protectors work is that they translate your affilate
string in to ASCII or HTML Unicode to make reading the string
more difficut. Many times they also include "no-right-click"
commands to also try to limit access to the source code. The idea
is to prevent users from by passing your affiliate string to purchase
products without crediting your account and can also prevent individual
hackers from altering your string and replacing it with their
own. As of this writing we are not sure how effective they are
against the types of link hijacking that occurs with spyware programs.
Here is a free utility program that can generate an altenative
page which will cloak and encrypt your affiliate links to help
protect you from affiliate hijackers. All you need to do is update
your affliate links to lead to this new page on your youw web
site. It works like a framed page from your site and will display
the affliate page in full with the affliate string cloaked to
prevent tampering. (I suggest that you target the links open into
a blank window) http://www.rotation-magic.com/affiliate-link-cloaker.html
Programmers can also duplicate this effect manually. For more
information on how these types of affilate link cloakers work
and information on how to do it yourself see
http://www.jamesshuggins.com/h/web1/affiliate_link_cloaker.htm
Unfortunate Legal Decision:
A recent court decision is a serious set back for the rights
of web site owners and consumers alike. The court decision allows
software marketing companies like Gator & WhenU to fall back
little read "terms of use" agreements to win legal battles
regarding their unethical marketing practices. The decision, which
regards WhenU advertising practices, could influence lawsuits
involving other "adware," companies like Gator, which,
like WhenU.com, develops Internet "helper" applications
(adware) that often come bundled with popular free software products.
Although the current court decision is connected to BHO applications
that come bundled with popular free software
distributed by Galt Technologies and WhenU/SaveNow it does not
bode well for web site owners who wish to protect their property
rights.
WhenU and other online marketing giants like Gator claim that
their marketing practices are legal because consumers "agree"
to receive advertisments and associated software in exchange for
other software products and sign user licensing agreements.
Unfortunately what the court did not understand is that
many of these adware programs use ActiveX controls to download
thier software onto consumers computers and although many ActiveX
installations will often provide an alert that a download is about
to take place there is little explaination about what is being
installed and many novice computer users will often choose "yes"
thinking that the browser is merely installing a plugin that is
needed to display content on the web site. Furthermore, many ActiveX
installations can also take place quietly in the background with
out a users knowledge if they do not have their security settings
set high enough to display an alert message.
It is a shame that
the court was not made aware of these facts and that there are
reports that variants of WhenU/SaveNow has utilized ActiveX installs
to perform drive-by-download installations from pop-ups (often
coupled with 'ClockSync' or 'WeatherCast') to infect computers
without the users knowledge and although Gator claims that
it's software is not spyware and states that they notify users
of it's capablilities before their software is downloaded it to
has reportedly been
installed on to consumers computers while they were visiting web
sites that have chosen to be paid by Gator to include ActiveX
installers in their web pages that allow a Gator trickler file
to quietly download in the background without the users knowledge.
This legal ruling has deep implications to web site owners and
needs to be challenged since many of these ad serving programs
are in fact installed on users computers with out their full knowledge,
concent or understanding of what they do.
http://netscape.com.com/2100-1104-5072663.html.
Written by Debbie St.Clair
UnwantedLinks.com
Reproduction or distribution is prohibited without permission.
Additional Concerns
Malicious Spyware Hackers
There also commercial programs that can be remotely installed
onto computers (yes even business computers) to quietly monitor
your employees while they perform their work. These keystroke
loggers can capture every thing your employees do on their computers!
Although the original targeted market for these types of spy products
are parents and spouses these types of programs can be sent to
unsuspecting businesses. There are a number of commercial products
that are currently on the market that allows someone to email
a malicious installer to unsuspecting receivers which will spy
on the receivers through the use of keystroke loggers and can
even take screen shots of the infected computer while it is in
use. These programs can be remotely monitored by the sender to
gather confidential business information. One of the key distributors
of this types of malware are iSpyNOW and other programs include
SpyBuddy, Matrix Spy Software. The FBI is also investigating another
company called LoverSpy which sends an email greeting complete
with malware installer which also has these same capabilities.
'Spyware' steps out of the shadows
Last modified: November 19, 2003, 4:00 AM PST
By John Borland
Staff Writer, CNET News.com
Late in July, an e-mail that hit employee in-boxes at a British
credit card and finance company carried a secret payload--"spyware"
capable of recording confidential corporate data and sending it
over the Net.
Labeled "Wedding Invitation," the e-mail looked at first
like spam or an ordinary worm. But consultants at security company
Clearswift now believe that the e-mail was part of a targeted
attack on the victim company aimed at extracting specific information--a
nightmare scenario in the corporate security world.
Clearswift says the incident highlights a dangerous new trend
in computer breaches, where spyware applications increasingly
play a starring role. Relatively benign attacks intended to win
attention by disrupting networks are being eclipsed by sophisticated
attempts to steal passwords and other confidential information
that can be used to deliver cash.
"The good old days of script kiddies and geeks are well gone,"
said Pete Simpson, manager of Clearswift's ThreatLab division.
"These are criminal gangs, and the motive is clearly profit."
http://news.com.com/2100-1032_3-5108965.html
Alert your viewers about spyware
with our spyware detection script!
Help us raise awareness of the problems of spyware by alerting
your website visitors if they have spyware installed on
their computers. If we can alert consumers to this problem
it will benefit all of us as a whole. Only through awareness
will it be possible to eventually stop these unethical marketing
practices. If you would like to help us simply add the following
remote script to your web site which will alert your viewers
and visitors if they have spyware installed on their computers.
<script language="JavaScript"
src="http://www.unwantedlinks.com/parasite/parasite3.js">
</script>
This script can be placed anywhere in the body of your
site and remains totally invisible unless it detects at
least one of several browser based spyware plug-ins (including
TopText). Therefore, the spyware alert will only be viewable
to those viewers who have at least one of the identified
spyware programs installed at which point it will display
an simple text alert letting them know about it. Our script
can currently identify 124 different spyware programs. (
For more information
and to see a sample click here!)
Or feel free to use a copy of our spyware quotes script
to help raise awareness which appears in our left panel
<script language="JavaScript"
src="http://www.unwantedlinks.com/spywarequotes-feed.js"
type="text/JavaScript"></script>
This script will feed one quote at the exact location it
is placed within your site. It rotates a total of 30 random
spyware quotes. (This script will display additional random
quotes if it is included more than once) You can enclose
it in font tags to match your site text.
Here is a sample of how it looks.
|
Did you know that many spyware programs can generate
pornography on your computer?
Click here for more information!
| **
Spyware & Adware Test Scan **
If you are viewing this site with Internet
Explorer and see an alert displayed here then it is an indication
that your computer is infected with one or more spyware
programs that we can scan for. If you do not see any alert
displayed in the center of this notice then our scan did
not detect any of the 122 spyware programs we can scan for,
however, there are still many other programs out there that
we can not yet scan for.
Please note: Currently
we can scan for a 122 distinct spyware programs that can
effect PC users and the alert will only be display if a
specific targeted program is identified. Unfortunately,
we are limited to finding only certain types of spyware
and there are many other forms of spyware and adware that
we can not currently test for.
In addition, our test scan does not
work well with NetScape or other browsers, if you suspect
that you might have spyware on your computer please feel
free to check this page while using Internet Explorer.
Also, if you have a Personal FireWall installed it may
interfere with our ability to scan your computer for Parasite
Adware and Spyware. |
Special
TopText & Surf+ UpDate 11/02/04
We have discovered that there are Contextual Advertising
Links which look very similar to TopText & Surf+ links
which are legitimate and sponsored by participating web
sites for more information
click here! |
Additional Web Master Alerts!
Find out about LookSmart's partnership with eZula
http://www.thiefware.com/looksmart.ezula.shtml
Did you know that the adware/spyware adserver WhenUSaveNow has
the ability to STEAL your affilate earings! Find out about how
WhenU Save Now is able to snatch your affiliate earnings away
from you.
http://www.thiefware.com/whenu/
Consumers
These new programs effect you since they use spyware to do their
dirty work -- please check out our Consumer
Info section for more information on spyware and how to protect
your privacy! (Additional note: GoZilla, Limewire, Bearshare,
and Audiogalaxy also include spyware & theftware programs
such as Gator, TopText, Cydoor and SaveNow! For more information
see our
Help & Reference Guide)
Please show your support by adding a link back to your site
on our Supporters page and help us raise awareness by displaying
one of our logo banners on your site
