The answer to this question is YES! -- There are a number of
spyware and adware programs that can get installed on a users
computer which can either hijack a users homepage,
generate pornographic ads and spam, lead to pornographic web sites
and even "jack-up-phone-bills" by dialing porn sites!
If you are harassed by unwanted porn or if porn
has hijacked your home page, and altered your favorites you might
be infected with a new form of spyware called pornware.
If you are viewing this web site with Internet Explorer our
parasite scan at the end of this page will be able let you know
if you have any of these annoying parasites installed on your
computer. If you have been hit by one of these nasty programs
double check your phone bills.
These types of programs are the worst and sickest type
of malware and must be stopped!
Many of these programs include Porn Dialers
which are a special type of software used by pornographic vendors.
Porn Dialers are applications which give the user's computer access
to a list of long-distance phone numbers for use with a pornographic
"service". These applications may show a window upon
being run initially which will prompt the user whether or not
to continue and install or use the modem to dial the long-distance
phone numbers. If this window does not appear initially, it will
generally appear after a system is restarted, if the porn dialer
copies itself to a startup location. These windows generally feature
pictures of scantily clad women and sometimes children which may
appear unexpectedly once a system is restarted.
Once dialer software is downloaded and installed on a users computer
the user computer may disconnected from their modem's usual Internet
service provider and dial up another phone number and the user
is billed. While dialers generally do not spy on users they are
malevolent in nature and can rack up expensive and unwanted bills.
This type of malicious software spreads like many other adware
and spyware programs by exploiting java and ActiveX vulnerabilities
and often can trick people into installing it. These pornware
programs can also be spread through spam and many of these porn
distributors will buy up expired domain names of older sites that
still might be getting traffic and transform them from what was
once a family friendly or useful site into a pornography gateway
often times complete with ActiveX installers to commandeer your
computer and turn it into a pop up porn gallery. These programs
can be very aggressive and many have the capability to allow other
web sites to access and install even more parasites on to your
computer. There are also many virus trojans that also have the
capablility of displaying pornogahpy.
Despite the fact that several these browser
hijackers are targeted as trojans and viruses, according
to many current laws, they have done nothing illegal. The people
that distribute browser hijackers and spyware hide behind the
ActiveX security prompt. However, there are ways that you can
remove these offending programs and protect your computer from
future infestations.
Congresswoman Mary Bono of California and Congressman Edolphus
Towns of New York, are supporting a bill to regulate spyware in
the US, however it says nothing about dialers or browser hijackers.
This is a serious omission, and it must be addressed. Write to
them, call them, fax them, email them, walk into their office
and talk to them. Do whatever it takes to get their attention.
I've sent my letters to both of them. Have you? For more information
see our legal section.
Following this upcoming section regarding pending legislation's
we have an extensive list of a number of different adware/spyware/pornware
programs that are currently making the rounds across the internet
which might be generatating pornography on consumers and business
computers and following this list we also have a free scan to
let you know if your computer is infected.
Pending New Legislations
Spyware Targeted at Congressional Hearing
By John P. Mello Jr.
TechNewsWorld
November 20, 2003
A bill to take the "spy" out of spyware got a public
hearing before a Congressional subcommittee Wednesday.
"You're starting to see some very sophisticated capabilities
built into these things," Ken Sokol, senior product manager
at Clearswift, told TechNewsWorld. "Some spyware will sit
there and monitor what you're doing at your computer or steal
sensitive information about you or your customers." Until
now, spyware has been seen as primarily a consumer problem, but
Clearswift issued a white paper on the eve of the Congressional
hearing suggesting the malware will create serious trouble for
businesses, too. "[Programs that] have been marketed and
sold as corporate security devices and parental control software
for kids are finding their way into the hands of hackers and criminals
[who aim to] remotely [take] control of a victim's PC to facilitate
industrial espionage," Clearswift Threatlab manager Pete
Simpson said in a statement.
http://www.technewsworld.com/perl/story/32206.html
Please contact your representative
to support this new legislation
Bono Introduces Spyware Legislation
July 30, 2003
By Roy Mark
U.S. Rep. Mary Bono (R.-Calif.) has introduced legislation requiring
companies using "spyware" to inform computer users of
their intent to install the invasive software and to obtain permission
before loading it onto a computer. Spyware allows companies and
individuals to monitor Internet activities and sometimes makes
it possible to gather personally identifiable information. Bono
said H.R. 2929, the Safeguard Against Privacy Invasions Act (SPI),
makes users aware of the technology before they install it on
their computers. "The SPI Act helps consumers make more informed
decisions about the types of tracking devices they are loading
onto their PCs," Bono said. The bill is co-sponsored by Representative
Edolphus Towns (D-10-NY), who said this legislation has important
implications for the privacy of Internet users.
http://dc.internet.com/news/article.php/2242311
Please contact your representative
to support this new legislation
http://www.marybono.com/Feedback/Feedback.cfm :: Mary Bono
http://www.cnn.com/ALLPOLITICS/CA/bios/H/413.html
:: Edolphus Towns
P2P companies may face new scrutiny
Last modified: July 25, 2003, 3:44 PM PDT
By Lisa M. Bowman
Staff Writer, CNET News.com
A bill introduced Thursday in Congress would require file-swapping
companies to get parental permission before allowing minors to
use their services. The bill, called the Protecting Children from
Peer-to-Peer Pornography (P4) Act and sponsored by Reps. Joe Pitts,
R-Pa., and Chris John, D-La., would require the Federal Trade
Commission to regulate peer-to-peer networks and take steps to
ensure that children aren't accidentally coming across porn. The
bill's sponsors said as many as 40 percent of all files traded
on the networks are porn. "Our legislation gives parents
the tools they need to protect their children from pornography
and threats to privacy posed by peer-to-peer file-trading networks,"
Pitts said in a statement. "By working together to protect
children, we are building a broad and bipartisan coalition."
http://news.com.com/2100-1025-5055426.html?tag=nl
Please contact your representative
to support this new legislation
Congress cracks down on P2P porn
Last modified: March 12, 2003, 5:30 PM PST
By Declan McCullagh
Staff Writer, CNET News.com
The U.S. Congress is targeting peer-to-peer networks again--and
this time politicians aren't fretting over music and software
piracy. Searching for words such as "preteen," "underage"
and "incest" on the Kazaa network resulted in a slew
of images that qualify as child pornography, the General Accounting
Office said in a 37-page report, one of two obtained by CNET News.com.
The second report, prepared by staff from the House Government
Reform Committee, concluded that current blocking technology has
"no, or limited, ability to block access to pornography via
file-sharing programs."
http://news.com.com/2100-1028_3-992371.html?tag=st_rn
Here are two important news stories that viewers should
read followed by a list of assorted spyware that can generate
pornography on your computer...
Court to Hear Case on Web Porn
By Charles Lane
Source: Washington Post
Date: October 15, 2003
Law to Protect Children Is Stalled by First Amendment Issues
The Supreme Court announced yesterday that it will decide whether
a 1998 law designed to shield children from Internet pornography
violates the First Amendment, propelling a six-year-old legal
battle over free speech in cyberspace into what might be a conclusive
phase. The Child Online Protection Act (COPA), passed by Congress
and signed by President Bill Clinton, makes it a crime for a commercial
Web site to put material that is "harmful to minors"
where children younger than 17 can gain access to it, unless the
site has made a good faith effort to screen out all but adult
users.
COPA has never taken effect, however, because
opponents led by the American Civil Liberties Union (ACLU) challenged
it in court, winning judicial orders that blocked its enforcement
on the ground that it would force Web publishers to give up some
of their constitutional rights to communicate adult material to
adults.
http://www.crime-research.org/eng/news/2003/10/Mess1501.html
If your computer has been infected with one of these types of
programs and you have minor children please take the time to file
a complaint with FTC as well
as your U.S. representatives.
Below is a true story of a man who's computer was hijacked in
this fashion and he was arrested for having pornography on his
computer and lost custody of his daughter. -- Could this happen
to you, it possibly could if you get infected with any of the
programs listed below.
Acquitted Man Says Virus Put Pornography on Computer
By JOHN SCHWARTZ, New York Times
August 11, 2003
One evening late in 2001, Julian Green's 7-year-old daughter came
upstairs from the computer room of their home in the resort town
of Torquay, in western England, and said, "The home page
has changed, and it's something not very nice." When Mr.
Green checked the machine, he found that the family PC seemed
almost possessed. The Internet home page had somehow been switched
so that the computer displayed a child pornography site when the
browser software started up. Even if he turned the machine off,
it would turn itself back on and dial the Internet on its own.
But Mr. Green's problems were only beginning. Last October, local
police knocked on his door, searched his home and seized his computer.
They found no sign of pornography in his home but discovered 172
images of child pornography on the computer's hard drive. They
arrested Mr. Green.
http://www.tuscaloosanews.com/apps/pbcs.dll/article?
Please Contact your Congressmen and Senators about protecting
your privacy and passing stronger anti- pornography laws regulations
and enforcing COPA regulations to stop these types of unwanted
pornographic spyware & hijacking proograms!
Where to report Child Pornography
http://www.usdoj.gov/criminal/ceos/report.htm
Related Information About Porn Sites
Many viewers might have already come across this problem, they
click on a link found on a reputable web site or visit a site
that they have viewed in the past only to discover to their horror
that the site is now pornographic. Many porn companies are now
purchasing large numbers of expired domain names of older reputable
web sites. These porn companies lay in wait for expiring domain
names and than quickly redirect them to their severs. These expired
domain names can include sites that were originally geared toward
children with child safe content.
http://cyber.law.harvard.edu/people/edelman/renewals/
Active Adware/Spyware & Pornware
programs
Here are some of the many programs that can cause this
type of problem, unfortunately, there are still other programs
that are a threat and we will be updating this list with more
information soon.
For additional information on these programs please see
our help menu Please
remember to read our information on removing spyware which includes
information on how to protect your computer. We also advise parents
to read our information about Peer
to Peer file sharing programs since many of these programs
can generate porn as well as install a number of viruses and spyware/adware
programs.
Access Plugin
Installed by ActiveX drive-by-download from pop-up porn adverts;
a particularly aggressive script is often used to repeatedly generate
errors until the user agrees to allow it to install. Any web site
can direct the control to install a dialler.
ACX install
Used by ispdialer.com (now nocreditcard.net) to install premium-rate
diallers, generally for porn sites. Seems to be capable of automatically
installing code from any web site.
AdultLinks
A program that adds links to porn and other sites to the Internet
Explorer Favorites menu. Whilst it is installed, it can add more
links when directed to do so by a web page. Installed by ActiveX
drive-by-download from its controlling servers, mainentrypoint.com.
This may be triggered by some pop-up ads.
Comload
Comload is an ActiveX control placed on web sites to load and
run executable files, notably premium-rate diallers. After the
control is installed, any web page has the ability to
run any executable file on the local machine.
CoolWebSearch
CoolWebSearch is a name given to a wide range of different browser
hijackers. Though the code is very different between variants,
they are all used to redirect users to coolwebsearch.com and other
sites affiliated with its operators.
The script at this site can only detect one of the variants listed
here, namely CoolWebSearch/DNSRelay. There are a number or variants
of this little bug. DataNotary and BootConf variants, the script
embedded in this style sheet may open mostly porn pop-ups if it
thinks the page being viewed is porn-related. The MSSPI variant
will pop up ad links in a window after every few pages viewed
on a targeted search engine.
Cracked Earth
CrackedEarth is a homepage- and search-hijacker implemented as
an Internet Explorer search hook class and a process run at startup.
Installed through ActiveX drive-by-download on pop-under adverts,
misleadingly described, for example as an MP3 downloader, 'Porno
viewer' or 'Internet enhancer'. The homepage-hijacker adds a crackedearth.com
search bar added to the bottom of your normal start page, and
sends address bar searches to genieknows.com via a crackedearth.com
frameset. May also add crackedearth.com bookmarks to your Favorites
list.
DialerActiveX
DialerActiveX is an ActiveX control placed on web sites to run
premium-rate diallers. It is distributed by Drive-by downloads
on web pages, sometimes advertised by junk e-mail or pop-ups.
Dialer Offline
A premium-rate phone dialler providing access to porn sites.
Known to be installed by the RapidBlaster
parasite, possibly also ActiveX drive-by installation. Electronic
Group are known to distribute at least two other diallers, StripPlayer and IEAccess.
DialXS
DialXS is an ActiveX installer control for premium-rate diallers,
originating in Holland. Installed through ActiveX drive-by download
on porn sites. DialXS can silently download and execute arbitrary
unsigned code from its server, x0.nl, when directed to do so by
any web page.
DownloadPlus
DownloadPlus is a process run at Windows startup which opens
pop-up adverts (many of them porn-related) and, for some reason,
weather reports. DownloadPlus/MCInst is an ActiveX installer control
for the main DownloadPlus program. The code for the MCInst variant
is derived from the Xupiter/Sqwire parasite; it is suspected
the same people may be behind DownloadPlus as Xupiter. Installed
by ActiveX drive-by download in pop-up ads (via DownloadPlus/MCInst).
Also loaded by the ISTbar/AUpdate parasite. In this case
there is no ActiveX installer control, and the script at this
site will be unable to detect DownloadPlus. Yes. Downloads an
untargeted list of adverts to show from its controlling server
tnc4u.com, and opens them periodically as pop-unders. Can silently
download and execute arbitrary unsigned code from its controlling
server, as a self-updating feature.
DownloadWare
DownloadWare is a process that runs continually when installed.
If a network connection is available it will connect to its servers,
which can direct it to download and install software from advertisers.
It may be installed through an ActiveX control called ActiveInstall,
which decodes and runs a built-in executable and then (tries to)
remove itself. This executable can include Downloadware and any
other service bundled with it, for example premium-rate diallers
from Movie Networks, Popcorn.net, MVPNetworks or Real-Tens [sic].
IE Access
IEAccess is an ActiveX control used to download and install premium-rate
diallers, primarily for porn sites. Installed by ActiveX drive-by-download
by porn-related pages from nocreditcard.net and sex-explorer.com,
which may be opened or redirected to by pop-up advertising. The
IEDial variant is known to be installed automatically, without
prompting, on Internet Explorer versions earlier than IE6 Service
Pack 1, thanks to a security hole. The installer pages exploit
this to run an EXE which adds 'Electronic Group' to the list of
trusted publishers whose software IE will install automatically
without asking. Electronic Group are also known to distribute
at least two other diallers, StripPlayer and DialerOffline. It is suspected
that it may be possible to use an IEAccess ActiveX control on
any web page to cause arbitrary unsigned code to be executed.
InetSpeak
InetSpeak is a Browser Helper Object that adds a bar full of
advertising below the standard IE toolbars. (This bar may not
appear on a newly-opened browser app, but new windows opened from
inside IE will bear the advertising.) Advertising is fetched from
the controlling servers (currently musicmagnet.com) when a new
page is loaded, and displayed on newly-opened IE windows. Ad images
are generally served through qksrv.net at the moment. The musicmagnet.com
servers currently do not attempt to track users (through cookies
etc.), and the only targeting the adware has been observed to
do is fetching a different ad page when it thinks porn sites are
being browsed or searched for.
IST Bar
ISTbar/AUpdate installs a TinyBar variant to implement its toolbar,
and will be detected by the script at this site as TinyBar/B.
The hijacker is aimed at my-internet.info and blazefind.com; distribution
is managed by searchbarcash.com, its controlling server. ISTbar/XXXToolbar
is an update based around porn. It uses its own toolbar code.
The hijacker is aimed at its controlling server xxxtoolbar.com,
and slotch.com; distribution is controlled by toolbarcash.com.
ISTbar alse installs other parasites: both variants install porn
pop-up producer RapidBlaster/lp;
the AUpdate variant is also known to install DownloadPlus. Installed by ActiveX
drive-by download on affiliate sites, typically porn adverts,
from April 2003. In the XXXToolbar variant, yes: opens pop-ups
as directed by its controlling server. In AUpdate, no, though
the TinyBar component could be used to open pop-ups in the future.
Both variants install other third-party software which includes
advertising.
Lop
Installed as a drive-by-download from pop-up ads, particularly
ones offering free porn or MP3s.Many people have complained that
lop managed to install itself without the usual ActiveX install
prompt. It is possible that some affiliates have been exploiting
one of the IE security holes to bypass the warning. The only variant
that can be detected by the script at this site is lop/Toolbar,
which includes the startup task and an IE toolbar with more lop
links. There are at least two other drive-by-downloads based around
similar code. lop/Trinity only adds the shortcuts and
does the homepage/search hijacking. lop/Dialer is a plain
porn dialler; lop/Dialer2 is a porn dialer which also
includes the startup task but not the links or the toolbar. Some
shortcut icons are added to the desktop. Many more are added to
the Favorites menu. More are on a toolbar, which can be shown/hidden
from View -> Toolbars -> Accessories. (On IE5.0 this may
be listed as a second "Radio" toolbar due to an IE bug.)
This toolbar may or may not be shown by default on web and filer
windows, depending on how your computer was set up.The process
run on startup also occasionally pops up adverts. It also attempts
to set the desktop background to a Flash page, which may do more,
though this didn't work for me.
Master Dialer
An ActiveX installer control for premium-rate phone diallers.
Installed by ActiveX drive-by-download on a pop-up window that
imitates a Windows software installation dialogue, from web pages
operated by Firstway Medien GmbH and COMFIX newMedia. The software
may claim to be a webcam viewer, chat program or eDonkey, depending
on the site. Any web page can direct it to install any executable
code. To work, the control needs a 'key' parameter, which theoretically
only its owners can generate, to authorise the installation of
code from a particular URL. However this key looks weak (it seems
to be an ad hoc checksum rather than a proper cryptographic signature),
so it's probably possible for any web page at all to install whatever
code it likes.
Media Update
MediaUpdate is an IE Browser Helper Object that monitors pages
you view and opens or redirects to advertising. It connects to
its controlling server at media-update.com to download a list
of site URLs and keywords to target. If you visit a targeted site,
or view a page with a keyword in its title, MediaUpdate may redirect
you to one of their affiliate pages, or open one in a new browser
window. Probably spawned by porn pop-ups.
Meridian
Meridian is an IE Browser Helper Object that opens pop-up advertising.
This software has not been fully tested, because its controlling
servers are, at the time of writing, not responding. Suspected
distribution by ActiveX drive-by-download on pop-up porn ads sourced
through TBI Corporation. Can download and execute arbitrary unsigned
code pointed to by its controlling server, thumbsnatcher.com.
Money Tree
MoneyTree is an ActiveX control used to download premium-rate
diallers, generally for porn sites. Loaded by ActiveX drive-by-download
in pages operated by mtree (domains such as mtreexxx.nl), which
are often redirected to by pop-up adverts, 404 pages at porn hosts
and misspelled domains. mtree also often use direct EXE file downloads
to distribute the same diallers; this does not leave an ActiveX
control loaded as is not detected by the script at this site.
With the control installed, any web page may download and execute
arbitrary unsigned code from one of mtree's servers.
OnLine Dialer
Installed by ActiveX drive-by-download on many sites, pop-up
ads and junk e-mail (spam), typically porn-related Some particularly
aggressive installer pages open a JavaScript error and try again
if you click 'No' to the install box, to try to force you to install
the software. In this case all you can do is go to the Task Manager
(Ctrl-Alt-Delete) and kill Internet Explorer. Any web page can
direct it to install arbitrary executable code downloaded from
its home server.
Rapid Blaster
Installed by ActiveX drive-by download on affiliate pages, including
misleading download links (eg. 'megamovieblaster') and pop-ups.
Typically pop-ups for porn sites. Suspected: the privacy policy
at the RapidBlaster site states cookies are used to profile the
user's interests. I have observed no such behaviour from the software
at the time of writing. Can download and execute arbitrary unsigned
code pointed to by its controlling servers. Is known to install
diallers such as DialerOffline.
SmartBrowser
SmartBrowser is a browser hijacker controlled by smart-browser.com.
It opens pop-up porn advertising from extremelybabes.com and extremelyamateurs.com,
and redirects attempted use of other porn sites to these sites
instead. (Caution: these sites may attempt to load premium-rate
diallers.) It also sends spam messages from your computer to Yahoo!
Chat using automatically generated account names. Currently these
messages are promoting the same two porn sites. SmartBrowser cannot
currently be detected by the script at this site, because attempting
to do so may crash Internet Explorer.
Strip Player
A downloader for a premium-rate phone dialler providing access
to the porn site strip-player.com. Installed by ActiveX drive-by-download
on porn-related pages from strip-player.com (which might be opened
by pop-up advertising). Installation can happen totally automatically
on versions of Internet Explorer older than IE6 Service Pack 1,
as a security hole is exploited to add the manufacturers, 'Electronic
Group', to the list of publishers you trust, allowing them to
install any software they like. Electronic Group are known to
install at least two other types of dialler software this way,
IEAccess and DialerOffline. The dialler itself
may also be installed by a simpler EXE file for non-IE browsers,
but this is not detected by the script at this site and does not
present the same risk. The 'StripSetup' ActiveX control can be
used on any web page, by any author, to download and run any executable
file. There are no security checks whatsoever.
Transponder
Transponder is an IE Browser Helper Object. It monitors web pages
requested and data entered into forms, sends this information
to its home server, and opens pop-up advertisement windows. It
also has the capability to update itself and install other software.
TPS108 was aimed at porn sites. Transponder reports back to its
servers with URLs you have visited, things you have entered into
web forms (even 'secure' ones), your computer configuration and
software you have installed. If your e-mail address is set up
in Outlook Express it will be sent to Mindset Interactive to be
sold to spammers. The software monitors the click stream activity
of the consumer and communicates with servers. The software monitors
some activity of the PC and communicates with servers.While the
user is browsing the Web, it will pop up advertisements based
on what page is being visited or what is being searched for.
VLoading
Known to be used by web pages to install porn diallers. After
the control is installed, any web page has the ability
to run any executable file on the local machine.
XDialer
Installed by ActiveX drive-by-download on porn site pop-up ads
from pctlca.com.
Xupiter
Xupiter consists of an Internet Explorer toolbar containing link
buttons to the search engine at xupiter.com and a task run at
Windows startup which downloads updates to the software and may
launch pop-ups. It also contains functionality to periodically
hijack your home page and search settings to point to xupiter.com,
and add links pointing to xupiter.com to your bookmarks. (Also
assocated with porn pop-ups) Apart from the hijacking and added
links, the software will show pop-under advertisements when its
controlling servers direct it to. At the time of writing, this
feature does not seem to be in use. The software contacts its
servers to ask for update code, which is executed without checks.
It also downloads third-party software (eg. a casino loader).
Zyncos
Zyncos is a porn-related redirecter consists of an Internet
Explorer Browser Helper Object and an executable file run at Windows
startup. Monitors web pages for predetermined (mostly porn-related)
trigger words, and opens paid search results as from 66.28.33.20
(redirecting to pornfoto.com). May silently download and execute
arbitrary code from its controlling server cnctag.com, as an updating
feature.
| **
Spyware & Adware Test Scan **
If you are viewing this site with Internet
Explorer and see an alert displayed here then it is an indication
that your computer is infected with one or more spyware
programs that we can scan for. If you do not see any alert
displayed in the center of this notice then our scan did
not detect any of the 122 spyware programs we can scan for,
however, there are still many other programs out there that
we can not yet scan for.
Please note: Currently
we can scan for a 122 distinct spyware programs that can
effect PC users and the alert will only be display if a
specific targeted program is identified. Unfortunately,
we are limited to finding only certain types of spyware
and there are many other forms of spyware and adware that
we can not currently test for.
In addition, our test scan does not
work well with NetScape or other browsers, if you suspect
that you might have spyware on your computer please feel
free to check this page while using Internet Explorer. Also,
if you have a Personal FireWall installed it may interfere
with our ability to scan your computer for Parasite Adware
and Spyware. |
or McAfee Personal Firewall
These programs will alert you to any attempts to access your computer while you are surfing on line as well let you know if any program on your computer that might be attempting to send data out from your computer without your knowledge. These are the most highly recommended firewall programs around. It is also advised that you use a good Anti-Virus program and keep it updated regularly.