Adware, malware, spyware, hijacker discussion and information

[Gain Knowledge]  [Install Prevention]  [Maintain Security]  [Spyware Removal Help]


It is currently Sat Apr 19, 2014 8:10 pm

All times are UTC - 7 hours




Post new topic Reply to topic  [ 20 posts ] 
Author Message
 Post subject: Silencing the Critics: ISearch/IDownload
PostPosted: Tue Feb 22, 2005 11:16 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
From Eric L. Howes:

Quote:
Hi All:

As we've seen in the past few months, companies whose software is frequently labeled "adware" or "spyware" are scrambling for cover. Some have tried to partner with anti-spyware firms. Others have tried to join industry consortiums in order to give themselves the air of legitimacy. Still others, though, have been quietly threatening anti-spyware vendors, web sites, and even individuals to get themselves removed from detections databases and to silence their critics on the internet.

We now have yet another unfortunate example of this: CastleCops has just reported that it received a "cease & desist" letter from ISearch.com/IDownload.com. You can find Paul & Robin's report as well as the text of the letter here:

>> http://castlecops.com/article-5762-nested-0-0.html

ISearch and IDownload make a number of browser add-ons for Internet Explorer and Mozilla Firefox. You can read about two ISearch/IDownload variants at Andrew Clover's well-known and thoroughly researched doxdesk.com:

ILookup (aka HotSearchBar)
http://www.doxdesk.com/parasite/ILookup.html

Pugi (aka ISearch Toolbar)
http://www.doxdesk.com/parasite/Pugi.html

Some of you might remember IDownload.com from the Windows Media adware fiasco back in January. As reported in this DSLR/BBR thread:

WMP Adware: A Case Study in Deception

...IDownload's HotSearchbar was caught using an incredibly deceptive ActiveX Security Warning box, claiming to be a "Required Media Player Version 9 Browser Update" (see 1st screenshot) in order to exploit user confusion over the Windows Media license acquisition process, which very well might prompt bewildered users to consent to a legitimate Windows Media Player update from Microsoft itself.

Complaints about ISearch/IDownload are rife on the Net, and a simple search of any of the major "anti-spyware" forums will turn up endless user complaints. One of the better and more revealing write-ups comes from Michael Malone, who published a long-ish article on his experiences with ISearch/IDownload's software back in May 2004:

ABC News - The Search Tool That Ate My Computer
http://abcnews.go.com/Technology/Silico ... 522&page=1

The license agreement used with some ISearch/IDownload software is also of interest ( http://toolbar.isearch.com/terms.html):


said by ISearch EULA:
--------------------------------------------------------------------------------
2. Functionality - Software delivers advertising and various information and promotional messages to your computer screen while you view Internet web pages. iSearch is able to provide you with Software free of charge as a result of your agreement to download and use Software, and accept the advertising and promotional messages it delivers.

By installing the Software, you understand and agree that the Software may, without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to iSearch and/or it's partners, in the form of pop-up ads, pop-under ads, interstitials ads and various other ad formats, display links to and advertisements of related websites based on the information you view and the websites you visit; store non-personally identifiable statistics of the websites you have visited; redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search clients and toolbars, conveniently without your input or interaction; install desktop icons and installation files; install software from iSearch affiliates; and install Third Party Software.

In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer.

3. Privacy Policy - iSearch, during the delivery and your use of the Software, does not collect any personally identifiable information about you, such as your surname, address, telephone number or e-mail address, nor does iSearch require such information from you before downloading or installing the Software. However, to enable iSearch and/or it's partners to provide and operate its Software, iSearch and/or it's partners may collect certain types of non-personally identifiable information about individuals who install the Software. This information may include your Internet protocol (IP) address, your domain, your operating system, your browser version, type and language and your Internet Service Provider.

Advertisements may be displayed of advertisers who pay a fee to iSearch and/or it's partners and you may be provided with and/or redirected to content of other parties and/or links to third party websites or content or offered the opportunity to download software from third party software vendors. iSearch and it's partners are not responsible for the privacy practices of such advertisers, content providers, third party software vendors or websites. iSearch encourages you to read the privacy policies of such advertisers, content providers, third party software vendors and websites.

iSearch and/or it's partners may use invisible tracking or counting devices known as "web bugs" to register that a particular web page has been viewed and/or "cookies" or alphanumeric identifiers that iSearch and/or it's partners transfer to your computer's hard drive through your web browser to enable iSearch and/or it's partners systems to recognize your web browser.

iSearch and/or it's partners may also collect and may use certain other types of non-personally identifiable information, including: certain of the web pages that you view, the amount of time that you spend on certain websites, your responses to ads served by iSearch and/or it's partners, certain software installed to your computer and software characteristics and preferences, non-personally identifiable information on web pages and forms, software usage characteristics and preferences, and your ZIP code. iSearch and/or it's partners may associate this information with a randomly-generated anonymous identifier for your computer and may use this information to enable the functionality of the Software, to periodically update the Software, to deliver and display ads served by iSearch and/or it's partners of advertisers who pay a fee to iSearch and/or it's partners, provide you with or redirect you to content or websites of such advertisers or other parties and offer you the opportunity to download software from third party vendors.

iSearch and/or it's partners may share non-personally identifiable aggregate information about you with third parties, including advertisers.
--------------------------------------------------------------------------------

But, of course, IDownload is happy to certify their own software as "spyware free" (see second screenshot) when you download programs that bundle their software.

What ISearch/IDownload won't let you do apparently, is come to your own opinion and judgment and share them with others. If you dare to do so, you could find a "cease & desist" letter from their attorneys swiftly winging itself your way.

Why should a company bother changing its business practices when it can simply silence critics of those practices with legal threats?


Eric L. Howes

Full Read @DSLR

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Tue Feb 22, 2005 9:24 pm 
Offline
Countermeasures Agent
Countermeasures Agent
User avatar

Joined: Mon Jan 31, 2005 12:48 am
Posts: 53
Location: San Francisco
Looks like Suzi got a letter from iSearch/iDownload too :evil:

These companies know their programs are repugnant crap, and they can't possibly convince the public to approve of them. Instead they are seeking to circumvent public sentiment through their legal bullying.



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Tue Feb 22, 2005 9:37 pm 
Offline
Countermeasures Agent
Countermeasures Agent
User avatar

Joined: Thu Feb 17, 2005 11:14 pm
Posts: 74
Suzi got one too??

OMG These people really have nerve!

And scrambling is just what it is.

_________________
CARMA



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Tue Feb 22, 2005 9:58 pm 
Offline
Countermeasures Agent
Countermeasures Agent
User avatar

Joined: Mon Jan 31, 2005 12:48 am
Posts: 53
Location: San Francisco
her latest blog:

http://netrn.net/spywareblog/archives/2 ... t-malware/

I would "like" to take a break and not have to keep constant tabs on the computer security front, but clearly the trend is aiming towards getting worse rather than better.

I am soooooooo honored to be a member of Suzi's site. She is the definition of compassion and integrity, something iSearch would never understand nor achieve. I would like to know if there is a single person out their who truly enjoys the products of this sleazy company.



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Tue Feb 22, 2005 10:33 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
From Suzi's Spyware Warrior Blog:

Today I received a letter forwarded by Domains by Proxy, my domain registrar’s private registration partner – a letter from the law firm Savrick Schumann Johnson McGarr Kaminski & Shirley attorneys and counselors at law, Mark D. Hopkins, Partner – Austin Office representing iDownload.com. The letter, dated February 10, 2005, is quoted in full here:

Quote:
Re: Incorrect Classification of iDownload’s Product as Malware & Related disparagement of iDownload
Dear Sir or Madam:

This firm represents iDownload.com with respect to your inaccurate classification of iDownload’s software product, iSearch toolbar, as Malware on the following four websites:

(1) domain blacked out
(2) domain blacked out
(3) http://www.netrn.net
(4) domain blacked out

Specifically, a recent review of materials disseminated by your company, via the Internet, revealed that your company is falsely disparaging iDowload’s product, iSearch, in that Domains by Proxy, Inc. classifies the product as Malware and articulates that,


iSearch “Desktop Search” hijacker….

iSearch is unidentified malware….


Domains by Proxy, Inc.’s characterization of iSearch as Malware is damaging to the iDownload brand. As we all know, Malware is a phrase within the public conscience that has a specific meaning. A classification of Malware is usually reserved for those programs designed specifically to damage or disrupt a system, such as a virus or a Trojan horse, iSearch does not fit this profile.

iSearch does not qualify as Malware. iSearch is a toolbar that in no way attempts to remain hidden or evade detection, Continuing, unlike Malware, iSearch does not gather any personally identifiable information about end users, does not collect data about the user’s web usage, does not collect any information entered into web forms, does not share information with third parties, does not send or cause to be sent unsolicited e-mail, and does not install items such as dialers on the end user’s computer.

We would request that you correct your disseminated materials immediately to remove any reference to iSearch as Malware or Spyware. To the extent you fail to remedy your improper disparagement of the iDownload brand on or before February 15, 2005, we will take all necessary action against your company to protect iDownload from your continuing tortuous conduct. Should you have any questions regarding the foregoing, please feel free to contact me. Regards
Mark D. Hopkins


As owner of this domain, netrn.net, the home of this blog, I am currently obtaining legal counsel and evaluating my options. I will post additional details as they develop.

Interestingly enough, I’m not the only site in the anti-spyware community to receive such a letter from Mr. Hopkins. CastleCops.com published an article yesterday revealing they received a nearly identical letter.

(see first post for link)

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Wed Feb 23, 2005 8:10 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
Paul @Castle Cops wrote:
On the 16th of February, 2005, we received Certified Mail from the office of Savrick Schumann Johnson McGarr Kaminski & Shirley, attorneys and counselors at law, Mark D. Hopkins, Partner - Austin Office representing iDownload.com. The letter, dated February 10, 2005 begins:
"Re: Incorrect Classification of iDownload's Product as Spyware & Related disparagement of iDownload"

Rest of the letter in full quotation:


Quote:
Dear Sir or Madam:

This firm represents iDownload.com with respect to your inaccurate classification of
iDownload's software product, iSearch toolbar, by referring to it as Spyware in its description.
Specifically, a recent review of materials disseminated by your company, via the Internet,
revealed that your company is falsely disparaging iDownload's product, iSearch, in that Castle
Cops f/k/a Computer Cops, L.L.C. classifies the product as Spyware and articulates that,

iSearch is certified spyware/foistware, or other malware.

Castle Cops f/k/a Computer Cops, L.L.C.'s characterization of iSearch as Spyware is
damaging to the iDownload brand. As we all know, Spyware is a phrase within the public
conscience that has a specific meaning. A classification of Spyware is usually reserved for those
programs that not only have the ability to scan an end- user's computer, but also seek to remain
unnoticed or hidden, and also seek to gather personal information such as passwords, account
numbers, etc. of the end-user. iSearch does not fit this profile.

iSearch does not qualify as Spyware. iSearch is a toolbar that in no way attempts to
remain hidden or evade detection. Continuing, unlike Spyware, iSearch does not gather any
personally identifiable information about end users, does not collect data about the user's web
usage, does not collect any information entered into web forms, does not share information with
third parties, does not send or cause to be sent unsolicted e-mail, and does not install items such
as dialers on the end user's computer.

We would request that you correct your disseminated materials immediately to remove
any reference to iSearch as Spyware, Foistware, or Malware. To the extent you fail to remedy
your improper disparagement of the iDownload brand on or before February 15, 2005, we will
take all necessary action against your company to protect iDownload from your continuing
tortuous conduct. Should you have any questions regarding the foregoing, please feel free to
contact me.

Best Regards,

Mark D. Hopkins


Paul @ Castle Cops wrote:
We (CastleCops) have retained counsel and are currently evaluating our options. Please stay tuned for details as they develop. This article will also be updated at those times.

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject: Castle Cops Respond!!
PostPosted: Wed Feb 23, 2005 8:25 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
Paul @ CastleCops wrote:
Recently we received a letter from a law firm titled "Incorrect Classification of iDownload's Product as Spyware & Related disparagement of iDownload". We retained counsel to evaluate our options and last night sent our reply which will be quoted in full below.

There has been a public outcry over such a "cease and desist" letter as it has come to be known in the online communities. However, it appears that CastleCops is not the only recipient of such a letter.

Suzi at SpywareWarrior Blog also received one.

DSLR links removed due to [color=blue]censorship by DSLR of my posts, I'll not have any referrers back to them[/color] A news article was published there yesterday as well, Marketers Try to Silence Spyware Critic.

Wayne Porter of ReveNews wrote about
Deceptive Is as Deceptive Does, where he posted no less than 18 links to articles describing what he calls “savage behavior”.

Wilders Security Forum has a thread going as well, and one user (Key-U) posts the details of his installation of iSearch.com’s toolbar.

And now onto the full text of our response...


Quote:
Re: Settlement- Not Admissible for Any Purpose Pursuant to CA Evidence Code § 1152
Our File No. CY757-515

Dear Mr. Hopkins:

I write you on behalf of my client ComputerCops, LLC regarding the letter you sent on
February 10, 2005 in which you alleged that the castlecops.com website has disseminated
information improperly disparaging the iDownload/iSearch brand. I have spoken with officers of the
company about the allegations made in your letter and they have stated clearly that they have not
made or published any statement which can be said to disparage the iDownload/iSearch brand. My
client has asked me to contact you in the hope that this matter can be resolved outside the courtroom
through a dialogue between ComputerCops and iDownload/iSearch.

Contrary to the assertion made in your February 10 letter that, “spyware has a well known
meaning within the public conscience that has a specific meaning,” spyware is actually capable of
many definitions. In fact, there is no universal definition of spyware, nor is there a well known
meaning within the public conscience. Nevertheless, it appears that software disseminated by
iDownload/iSearch would likely be regulated as illegal in California under California Business And
Professions Code Sections 22947-22947.6 otherwise known as the Consumer Protection Against
Computer Spyware Act.

A cursory search of the Internet reveals that the iDownload/iSearch brand has quite a
controversial image to be sure:

http://abcnews.go.com/Technology/Silico ... 522&page=1

In addition, Symantec, Lavasoft, Computer Associates, Spyware Warrior, Spyware Blaster,
and Doxdesk, to name a few, report that the iSearch toolbar, published by iDownload is spyware
(see links below). This information is publicly available and was obtained in a manner of minutes
using the iDownload “brand” as a search term.

It is clear that the issue of whether or not iDownload distributes spyware is a controversial
one which is a matter of public interest and any discussion or publication of web page links referring
to this controversy cannot be damaging to the iDownload brand.

In short, ComputerCops categorically disagrees with your letter, but remains willing to listen to
iDownload’s side of the story and offers further to allow iDownload a public forum on the
castlecops.com web site in which to respond to the questions raised in many circles about iDownload
distributing spyware.

This is ComputerCops final good faith attempt to resolve an uncomfortable matter in an
amicable manner. Should iDownload fail to respond to this letter before March 15, 2005,
ComputerCops, LLC will take any and all legal measures necessary to protect its rights.

Very truly yours
BENJAMIN Z. RICE


Internet Resources on ISearch

http://securityresponse.symantec.com/av ... earch.html
Type: Spyware
Behavior: Spyware.ISearch is an Internet Explorer Browser Helper Object and functions as a
toolbar. It is a search hijacker and also tracks user activity on a remote server at isearch.com.

Symptoms
One or more files are detected as Spyware.Isearch.

Transmission
The ISearch toolbar can be manually installed through ActiveX installers, or it comes bundled
with other software.

http://www.edbott.com/weblog/archives/000340.html

http://www.tenebril.com/src/info.php?id=431726676


http://www.spywareguide.com/product_show.php?id=732
# Adds other software
# Shows ads
# Changes browser
Danger Level: 6"

http://netrn.net/spywareblog/archives/2 ... er-update/

http://www.doxdesk.com/parasite/Pugi.html
http://doxdesk.com/parasite/ILookup.html
http://www.doxdesk.com/parasite/rogues.html

http://windowsxp.mvps.org/ie/lockedbars.htm

Isearch is listed as "Rogue/Suspect Anti-Spyware Products" at Eric Howes list:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
"SpywareAvenger spywareavenger.com
idownload.com no trial version locatable; company is known adware
distributor (1); "strict no-refund policy"; advertises through adware (1);
"negative option" coupled w/ outrageous pricing [A: 9-22-04 / U:
12-28-04]"
http://www.kephyr.com/spywarescanner/li ... ndex.phtml
http://www.sysinfo.org/startuplist.php?filter=isearch

http://www.infopackets.com/gazette/20040420.htm
Title: Remove / Uninstall iSearch toolbar?
Excerpt:

"Although many would disagree, the iSearch web site claims that their
toolbar is not Spyware because it "in no way tracks you or the web sites
that you visit." (Source: iSearch.com FAQ). Instead, iSearch intrudes on
your browsing sessions by invoking ad-related activity and reportedly
blocks access to certain web sites.”

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Wed Feb 23, 2005 6:12 pm 
Offline
User avatar

Joined: Wed Feb 02, 2005 9:47 am
Posts: 2570
Location: South Central Montana USA
I thought I had hit your site with this Tom. :oops:
Response to iSearch/iDownload Cease & Desist Threats
Quote:
To: Whomever it May Concern
This Petition is in relation to the recent outburst from iSearch/iDownload, specifically threatening legal action against reputable and respectable Internet Security Forums that help the innocent victims of malware remove such malicious entities from their computer systems.

iSearch/iDownload are known to persue agendas in infecting peoples' computers by means of aggressively installing malicious software, without prior knowledge nor consent of the authoritive owner of the system/network.

In response to their threats of "Cease & Desist", this Petition has been set up for the purpose of showing them just how many people they are up against. They may have the money, but they do not have the people.

Hopefully, this could also be used in a Court of Law in the event of such legal action being initiated, as evidence in Defence of the Anti-Malware Community and Against the iSearch/iDownload company.
http://www.petitiononline.com/mm23Feb4/petition.html

Please sign this petition none of us can afford to lose this battle. If terrorist tactics like this are tolerated it will happen more and more. Soon software companies that make the programs we need to get rid of this crap will be forced out of business and all the help sites shut down.

_________________
Image Image



IP:
top
Top
 Profile Send private message  
 
 Post subject: Suzi Responds To ISearch\IDownload
PostPosted: Fri Feb 25, 2005 12:05 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
Suzi wrote:
In response to the Cease & Desist letter I received from iDownload/iSearch, I sent the following response.


Re: Incorrect Classification of iDownload’s Product as Malware & Related disparagement of iDownload

Dear Mr. Hopkins:

This letter is in response to your letter to Domains by Proxy dated February 10, 2005 wherein you named several domains, including http://www.netrn.net, and requested that any reference to iSearch as malware or spyware be removed.

I have done a thorough search of my site and found only the following references to iSearch:

1.
This link contains a list of updated definitions as published by Lavasoft, the makers of Ad-Aware. The original list is posted here:
http://www.lavasoftsupport.com/index.ph ... ntry238929

2.
Again, this link contains a list of updated definitions as published by Lavasoft on their forum here:

http://www.lavasoftsupport.com/index.ph ... ntry231561

3. http://netrn.net/spywareblog/archives/2 ... e-updates/
Again, this link contains a list of updated definitions as published by Lavasoft on their forum here:

http://www.lavasoftsupport.com/index.ph ... opic=24278

4. http://netrn.net/spywareblog/archives/2 ... er-update/
This page contains a listing of newly added definitions to SpywareBlaster, which can be found here:

http://www.javacoolsoftware.com/spywareblaster.html

You will note that I made no personal comments about iSearch or any of the other items in the lists. I merely copied information that was posted elsewhere If you have a complaint with your product being listed and targeted by Lavasoft and Javacool Software, you should contact them directly.

You also stated:
“Specifically, a recent review of materials disseminated by your company, via the Internet, revealed that your company is falsely disparaging iDowload’s product, iSearch, in that Domains by Proxy, Inc. classifies the product as Malware and articulates that,

“iSearch “Desktop Search” hijacker….”
“iSearch is unidentified malware….”

That is simply untrue; I made no such statements anywhere on the netrn.net domain. Moreover, even the program update notices described above that were reproduced on my web site include no such statements—they merely list the name of your company’s programs. If you will insist that such statements are included on my web site, please supply URLs for the pages you believe include those statements.

Should you decide to pursue a complaint against my site, perhaps you should be aware of the California anti-SLAPP legislation:

http://caselaw.lp.findlaw.com/cacodes/c ... 25.16.html
http://www.thefirstamendment.org/antisl ... enter.html

The Cease & Desist letter you sent to me as well as any further complaints to me will be submitted to ChillingEffects.org for review and publication:

http://www.chillingeffects.org/

In summary, after reviewing my site, I have concluded that your allegations and requests are based on inaccurate, false information and are thus completely unwarranted and utterly without merit.

Yours truly,

Suzi

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Fri Feb 25, 2005 9:09 am 
Offline
User avatar

Joined: Wed Feb 02, 2005 9:47 am
Posts: 2570
Location: South Central Montana USA
Go girl!!!!!!!!!!!

_________________
Image Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Fri Feb 25, 2005 6:49 pm 
Offline
Countermeasures Agent
Countermeasures Agent
User avatar

Joined: Thu Feb 17, 2005 11:14 pm
Posts: 74
Give it to 'em suzi!

_________________
CARMA



IP:
top
Top
 Profile Send private message  
 
 Post subject: UPDATE
PostPosted: Tue Mar 01, 2005 12:11 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
From Suzi at Spyware Warrior Blog:

Quote:
This story continues to spread on the web. I’ve been meaning to update the links here, but life got in the way. Thanks to eveyone for the support, comments and trackbacks to the blog.

Here’s some additional links:

http://www.techweb.com/wire/security/60403277
Spyware Warrior and Castle Cops are mentioned in the lower portion of the article.

http://www.dslreports.com/shownews/60722

The Inquirer carried the story: http://www.theinquirer.net/?article=21415

P2pnet.net has some good comments. http://p2pnet.net/story/4001

Here’s a great write-up by Wayne Cunningham of Download.com.
IDownload hires a lawyer


While adware makers such as WhenU and 180Search try to play nice and reenter decent society, spyware vendor IDownload.com, which also operates under the name ISearch.com, tried to silence its critics. The company hired an, in my opinion, unscrupulous lawyer to send out cease and desist letters to Web sites such as Castle Cops and Spyware Warrior, telling them not to call the ISearch toolbar spyware. This lawyer, Mark D. Hopkins, doesn’t appear very competent, as Spyware Warrior points out that she did not actually refer to ISearch as spyware on her site. This attempt to silence critics of spyware is so ill-founded as to be laughable. It’s pretty easy to send out a cease and desist letter; all you have to do is type. Actually learning something about the law is a lot harder.

iDownload’s itinerary by Zhen-Xjell.


The Internet has been buzzing with the keywords iDownload and iSearch the past week. There exists a great deal of talk all over the web, and it is mind boggling trying to read it all. I’ll try to put everything into this article, sort of a encyclopedia of all the comments, or an itinerary of iDownload. The public has provided a lot of information and much of the links supplied were returned by querying search engines for ‘idownload’ or ‘isearch’. Lets begin.

BlogCritics weighs in. Spyware: First, infect all the lawyers….

Tales Of Horror: The iSearch Toolbar from The Abusive Hosts Block List.

Kye-U started a website to track the tale of iDownload and iSearch, including an illustrated example and analysis of iSearch’s download and installation.

JD asks Are you keeping up with the iDownload/iSearch spyware controversy? He also created a poll at VirusIntel.com; see the left side column.

From Donna’s Security Flash: re: CastleCops.com and Spyware Warrior was asked to correct the what?

Alex Eckelberry, president of Sunbelt Software, makers of CounterSpy, posts about receiving a Cease & Desist letter from iDownload as well, and says they responded with a 16 page letter detailing iDownload’s practices. The letter is not posted at this time, but Alex says it might be in the future.

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Wed Mar 02, 2005 12:34 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
I found this link on one of the bloggers sites at the DSLR links removed due to censorship by DSLR, I'll not have any referrers back to them His name is Kyeu

Quote:
Tales Of Horror: The iSearch Toolbar

With iDownload threatening various anti-spyware authors and security sites, we at the AHBL are in the mood to talk about our experiences with the iSearch toolbar and what it did to a machine owned by one of our users.

Before we begin, let us point you to some great articles on just how malicious the iSearch toolbar is, from other people's experience (Links: ABCNews, Spyware Guide, DSLReports, Benjamin Edelman, Wilders Security Forums, ReveNews). These sites give a great reading on the toolbar and what other people have gone through just to make this bastard of a program go away.

Now, we fully expect iDownload to threaten us and send us a C&D for posting this article. The AHBL takes abuse on the Internet very seriously, and will not let companies bully us into taking down the truth. If iDownload wishes to dispute the fact that their product is spyware, they are welcome to dispute any of our findings here with solid evidence and not just threats of lawsuits.

We are not afraid, nor do we run and hide in the face of a challenge.

It all started about a week ago with a call from one of our users, who was reporting that she was seeing an unusual toolbar on her screen. Every attempt to remove it had failed, and none of her anti-spyware programs were functioning (except for Microsoft Antispyware) anymore. Every time she attempted removal, the program would forcefully reinstall itself on reboot.

Using our remote control toolkit (consisting of either VNC or TB2k from Netopia), we started doing remote cleaning (easier said then done). Scans with Ad-Aware showed no spyware installed, while Spybot S&D would crash one of the critical system processes and force a shutdown. Microsoft Antispyware would attempt to remove iSearch, only to have it wedge itself in on reboot, undoing everything done previously.

Using HijackThis, we managed to get a good idea of the way iSearch was doing its dirty deeds. With help from this site, we tracked down the toolbar dll files and the misc droppings it leaves behind on the system. We then used CWShredder, an excellent program that can wrestle allot of the most notorious toolbars out of the system. All was looking good until reboot, and once again the toolbar was back, but this time, Microsoft Antispyware was able to block it from putting the toolbar back in.

Step one complete! But, now we had another problem - how to fully remove it from the system so that it would quit trying to run itself on startup. Checking the installed ActiveX controls showed nothing, as did checking the Startup registry keys (both user and system).

On a whim, we tried the iSearch Toolbar's uninstaller (we refuse to put the link to it here, for which you'll understand in a moment). Perhaps the worst mistake we made - the uninstaller seemed to 'remove' it, but instead, it tried to force the toolbar on the system yet again (Thankfully, Microsoft Antispyware stopped it). Poof went the system, and it forcefully rebooted itself while we were busy documenting what had happened so far. On reboot, the toolbar was back.

Frustrated, we decided to reinstall all of our antispyware programs. Once we had Ad-Aware installed, we discovered that doing a smart scan was pointless - it wasn't removing the startup program that was reinstalling the toolbar. After the 45 minute full scan of the machine, Ad-Aware had located a group of files installed in various locations, including temp directories. Once Ad-Aware had safely removed iSearch, we rebooted.

For the first time that day, the machine started without the iSearch toolbar trying to install. Success! A full scan in all of our other free antispyware tools we had on hand showed no traces remaining.

Unfortunately, the damage that was done to the machine because of the iSearch toolbar was severe - Norton Antivirus refused to work anymore, and we were having problems with various programs that relied on digital signatures to verify their program binaries. This was mostly due to damage to the Windows certificate store (the machine is unable to verify legit signatures anymore, and occasionally has problems visiting SSL enabled websites).

A review of the day produced the following overview:

Time spent on cleaning the machine: 6 - 7 hours.

Results of using the uninstaller: Nil - program forcefully reinstalled itself AFTER running the uninstaller

Programs needed to extract the toolbar: Ad-Aware, Microsoft Antispyware, HijackThis, CWShredder

How this toolbar got installed: Unknown, though most likely cause is either using a driveby-download ActiveX control/exploit, or using the newly discovered Windows Media Player DRM exploit.

Total damage done to machine: Severe, even after fully removed, certain parts of the system refuse to function correctly:

1. Norton Antivirus refuses to function anymore due to inability to verify digital signatures on the main Norton Antivirus exe files. Reinstall does _not_ help, as the problem appears to be with the Windows certificate store.

2. Ad-Aware was crippled completely, changed to hide the results of the scans to prevent proper removal. Reinstall fixes this.

3. Spybot S&D was crippled completely, and would cause critical system processes to crash, forcing the machine to reboot. Reinstall fixes this.

4. Machine performance was severely degraded, Internet Explorer randomly crashing. Problem went away once iSearch Toolbar was removed.

5. Windows certificate store damaged, system is no longer capable of verifying digital certificates on binaries. This directly affects Norton Antivirus. Reinstall of Windows XP SP2 did not help, and system now has problems viewing some SSL sites.


So yes, iSearch toolbar is one of the worst pieces of malware/spyware/adware we have ever seen. After reviewing the iSearch toolbar agreement, we see these lovely lines which explain why all of our removal tools were crippled:

2. Functionality - Software delivers advertising and various information and promotional messages to your computer screen while you view Internet web pages. iSearch is able to provide you with Software free of charge as a result of your agreement to download and use Software, and accept the advertising and promotional messages it delivers.

By installing the Software, you understand and agree that the Software may, without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to iSearch and/or it's partners, in the form of pop-up ads, pop-under ads, interstitials ads and various other ad formats, display links to and advertisements of related websites based on the information you view and the websites you visit; store non-personally identifiable statistics of the websites you have visited; redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search clients and toolbars, conveniently without your input or interaction; install desktop icons and installation files; install software from iSearch affiliates; and install Third Party Software.

In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer.


Apparently, iDownload likes to give itself the right to make whatever changes it wants to your system to ensure that its program isn't disabled/removed.

We at the AHBL have therefore, with the above information, make the following opinions about iSearch Toolbar:

iSearch Toolbar is Spyware
iSearch Toolbar is Adware
iSearch Toolbar is Malware

iSearch Toolbar does everything in its power to prevent removal, including crippling and damaging the system and other programs to accomplish this goal.


Like we've said in the article previously, if iDownload wishes to dispute our findings, they are welcome to, and we actually would like them to clarify and point out to us exactly why we got the results we did while trying to remove the iSearch toolbar, that was installed without the knowledge of the person who owns the computer in question.

The AHBL prides itself on being accurate, and will make any necessary corrections to this article to ensure that.


AHBL

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Wed Mar 02, 2005 10:24 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
Picked up this from Suzi, about Castle Cops in regards to the wonderful people at ISearch\IDownload:

Paul @ Castle Cops wrote:
CastleCops recently received a letter from iDownload claiming that we incorrectly classified ISearch\IDownload as Spyware and demanding that we remove them. Interestingly enough we were given a 5 day window to comply with their demand, but we didn't actually receive it until the 6th day. Brian Livingston's published an article regarding the cease and desist letters being sent out by iDownload, indicating not only did CastleCops, Spywarewarrior, Spyware Guide and SunBelt Software all receive similar letters, but the CEO of iDownload is calling the campaign a "success"?


When iDownload's CEO, Arlo Gilbert, called me, I asked which companies had received a cease-and-desist letter from iDownload's attorney. "It would not be in our best interest to share that list," Gilbert said.

He did assert that the letter was having the desired effect. "The majority of sites we've contacted have taken down or properly classified iSearch," Gilbert stated.

When asked to name some of the sites that had complied, Gilbert answered, "I'm not going to share that information. It would be shooting a gift horse in the mouth."

Gilbert added, "The people who are profiting off this information and have not reclassified the information will be sued." When asked for the names of some companies that iDownload has filed suits against, Gilbert said, "We're not going to reveal it," but added that the suits were a matter of public record that could be looked up.


Paul @ Castle Cops wrote:
CastleCops subsequently responded to iDownload but we were not the only ones. Suzi from Spywarewarrior also posted her reply publically in her blog and now Alex Eckelberry President of Sunbelt Software has also made their reply publicly available.

I find myself asking the question what exactly does Mr. Gilbert consider success? Does it fall into a similar category of "acceptable loss" or "collateral damage"?

Since the threat tactics of iDownload were made public, their practice and products and choice of attorney have been under scrutiny, by the security community and public at large. There have been a number of questionable things uncovered by individual sources, like the unauthorised use of ICSA Certification published at Edbott.com


The company claims the product is certified by ICSA Labs. This is a prestigious honor and not lightly awarded. ICSA Labs is a division of CyberTrust, which was formed recently by a merger of TruSecure Corporation and BeTrusted. Its staff and management number some of the world’s foremost authorities on computer security and information technology. To earn ICSA Labs certification, a product must pass a series of stringent tests, and it can be removed if it fails the testing at any time.

When I reviewed the list of certified products at ICSA Labs’ Web site, I did not see any mention of Virus Hunter. So I fired off an e-mail to Larry Bridwell, Content Security Programs Manager for ICSA Labs. I received the following response within three minutes:

VirusHunter is NOT certified by ICSA Labs nor has it ever been submitted for testing.

We have sent a letter by post requesting that the certification claim be removed.


Paul @ Castle Cops wrote:
I don't understand how what they are doing or have been doing can be called a success. Perhaps that is because we at CastleCops measure our success in relation to Our Vision. Maybe it is because we value above all things integrity, or because we believe in doing the things we do and helping the people we do because it is the right thing to do. Our success and that of the Anti-Spyware/Security community is measured in the number of people who are freed from the applications they don't wish to be on their systems. It is measured by the people we help to educate on how to protect themselves, their systems and their families.


Castle Cops

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Thu Mar 03, 2005 6:41 pm 
Offline
User avatar

Joined: Wed Feb 02, 2005 9:47 am
Posts: 2570
Location: South Central Montana USA
They are just beyond scum! I can't even use the only language I can think of to discribe them. :evil:

_________________
Image Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Tue Mar 08, 2005 6:39 pm 
Offline
Countermeasures Agent
Countermeasures Agent
User avatar

Joined: Mon Jan 31, 2005 12:48 am
Posts: 53
Location: San Francisco
http://computercops.biz/article-5793--0-0.html

CastleCops gets their reply!

I find it funny that iDownload is insisting that a whole slew of security companies and private websites all simultaneously made a mistake in misclassifying their shoddy product :roll:

edit: and Sunbelt receives the same letter:

http://sunbeltblog.blogspot.com/2005/03 ... nbelt.html



IP:
top
Top
 Profile Send private message  
 
 Post subject: ISearch\IDowload Respond to Castle Cops
PostPosted: Wed Mar 09, 2005 1:16 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
Paul@Castle Cops wrote:
Since CastleCops publically shared with the community that we received a letter from iDownload demanding we reclassify their software, several other sites have also stepped forward indicating that they have been sent the same kind of letter including: Spywarewarrior, Spyware Guide, and Sunbelt Software. We believe in information sharing and ensuring the community is aware of the latest trends and threats in the world of Security/Anti-Spyware, which is why we decided to publish not only the iDownload letter to us, but our response to iDownload because we feel it is necessary to educate the public on the kind of tactics and pressures being used against the Anti-Spyware community.

Yesterday we received a response via Fax from iDownload's attorney Mark D Hopkins, of Savrick Schumann Johnson McGarr Kaminski & Shirley.


Quote:
March 7, 2005

Benjamin Z. Rice Via CMRRR
Law Offices of Benjamin Z. Rice
P.O. Box 1206
Pleasanton, CA 94566

Re: ComputerCops, L.L.C's Improper Classification of iSearch Product
File Number: CY757-515

Dear Mr. Rice:

Thank you for your recent correspondence regarding iDownload and its software product,
iSearch. As we are both aware, a lively internet debate currently exists over the functionality of
the iSearch program, as well as the questionable classification of iSearch as malware, spyware,
etc., by various security companies. As counsel for iDownload, our goal is singular in purpose,
that being to assist iDownload in correcting the current dissemination of incorrect information
surrounding iSearch.

We recognize that much scrutiny exists with respect to our actions, and that we may be
perceived by some in the internet community as being on the wrong side of the ongoing fight
against "internet malfeasance." This perception is contrary to reality. We are currently engaged
in an open dialogue with several large security firms, with the end goal being to reach a
consensus as to the proper characterization of iSearch. We trust that you will conform your
published materials, as we previously requested, once some of the industry leaders analyze
iSearch more thoroughly and release their classification of iSearch.

Please do not hesitate to contact me if you have any questions about the foregoing.

Best Regards,
Mark K.Hopkins


Paul@CastleCops wrote:
Intially we offered iDownload the opportunity to come into our forum and answer some questions from the public about their product iSearch, in order to be fair and eliminate any possible confusion about what the product does or does not do. To date they have not taken us up on that offer. Our position remains the same now as it always was concerning iSearch.

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject: From Sunbelt Blog
PostPosted: Tue Mar 15, 2005 12:56 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
Quote:
This was posted by Eric Howes tonite:
Sunbelt wrote:
180 Solutions has been trying to become legitimate (see, for example, Wayne Cunningham's post on his blog). Their joining COAST (the antispyware consortium) was the ptimary reason COAST fell apart.

As a result of 180 Solutions contacting us, we followed up with our usual extensive analysis of their practices. You can see our analysis here.(pdf)


I should explain that that one PDF file actually contains two different documents:

1) a white paper titled "Alleged Improvements to 180solutions' Software" (pp. 1-28 ) -- this document includes screenshots and is based on the second document in the PDF;

2) a write-up on 180solutions (pp. 29-55) -- though it comes second in the PDF, this was actually written first; it is a bit more thorough than the white paper.

Given that the first document is based on the second, you'll find quite a bit of overlap. You'll also find that the second document contains quotes from 180 itself that aren't included in the first.

For those who are interested in jumping to the juicy bits, see these pages from the white paper:

pp. 9-10, 18-26

For the same material in the write-up (2nd document):

pp. 35-36, 45-50

And to see how 180 gets assessed under Sunbelt's listing criteria, see:

pp. 50-53

Note, pagination refers to the internal pagination of the document, not the pagination assigned by Adobe Acrobat Reader.


Best,

Eric L. Howes

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Wed Mar 16, 2005 10:49 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
Sunbelt Blog wrote:
There’s a lot in this writeup, but as Suzi of Spyware Warrior Blog pointed out, the areas that are probably most interesting to people are on pages 9-10 and and 18-26.

Here’s the quick and dirty:

As part of 180’s COAST certification, 180 agreed to a “CBC Force Prompt”. This feature is designed to alert users to the installation of 180’s software.

This prompt is shown when a certain registry key is set to “0”. If it’s set to “1”, there is no prompt.

This is a serious weakness in the 180 installer. It is trivially easy for a rogue affiliate to simply set the value to 1, and the 180 install sails through, with the end-user none the wiser.

However, it appears that 180solutions is itself electing to bypass the "CBC Force prompt" in order to avoid alerting users to the installation of 180's software, and the implications of this are serious.

Sunbelt observed several installations of older versions of the 180search Assistant in which that software was updated to the latest version. After older versions of the 180search Assistant were "stealth-installed" via a Windows Media Player file and via a Java applet at lyricsdomain.com, that software called out to 180's servers, and downloaded and installed the latest, COAST-certified version of the 180search Assistant.

This behavior is especially disturbing because many of the installations that 180solutions is silently updating through this method are the possible products of "force-installs" of 180's software of users' PCs, where those users received no notice or warning whatsoever of the 180search Assistant.

Instead of alerting users to the presence of 180's software on their systems, 180 is updating those older software installations and versions to the latest 180search Assistant, allowing 180 to continue deriving economic benefit from those installations, entirely contrary to its publicly stated intention to clean up its distribution channels.

Alex Eckelberry


Sunbeltblog

_________________
Image



IP:
top
Top
 Profile Send private message  
 
 Post subject:
PostPosted: Wed Mar 16, 2005 5:38 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Fri Jan 28, 2005 5:16 pm
Posts: 15998
Location: PHX, AZ
From SpywareInfo Newsletter:3/13/2005 wrote:

iDownload, the company responsible for a toolbar known as iSearch, has resorted to threatening to file lawsuits against several web sites that categorize the software as spyware or malware. Claiming that their brand has been disparaged falsely, iDownload is demanding that these web sites remove any material which labels iSearch as malware, foistware or spyware.

Is iSearch malware? Yes, it is. And I can prove it.

Quote:
You may remember that a few months ago, trojans began circulating file sharing networks disguised as protected media files.
Windows Media Player (WiMP) has DRM features that allow music and video files to be restricted. The restriction may be that you can only listen to the file a certain number of times or for a certain period of time. To determine this, when the file is loaded into WiMP, it will contact an internet server to retrieve information about the license and any restrictions. If a license is not found, WiMP will load a license window using the Internet Explorer browser engine.

An antipiracy company named Overpeer has been exploiting this behavior to infect unsuspecting computer users with spyware and adware. They have been flooding file sharing networks with fake music files with embedded DRM instructions. When played in WiMP, these files cause WiMP to open a license acquisition window in Internet Explorer. When that happens, the page loaded within the license window tries to install spyware using various security flaws.


Among the dozens of programs that could be installed by way of these trojans is the iSearch toolbar. If you run one of these trojans, it will pop up a license window which loads a page prepared by iDownload. That will load an ActiveX applet which attempts to install iSearch. If your security settings are configured properly, you will see a security warning asking your permission to install software. This security dialog claims to be a required update to "Media Player 9". In fact, it has nothing to do with Media Player but is really iSearch software from iDownload. You can see an example of this security warning pop-up at DSLReports.

The security pop-up is intentionally misleading. It is designed to trick the user into thinking they are installing some sort of update for Windows Media Player. Since the process that leads up to this security warning is the playing of a file in Windows Media Player, no doubt many people would be fooled into installing it. This behavior, on its own, is malicious.

If you are unfortunate enough to be fooled into installing iSearch, your computer undergoes one of the most serious hijacks I have ever witnessed. There are three different pieces of software from iDownload with which you may end up. A single piece of iDownload software might not exhibit all of the behaviors listed below, but between the three, these are the behaviors you may encounter.

1.) Your Internet Explorer home page is changed to isearch.com. You cannot change the home page to point it to any other web site while the software is installed.

2.) If you mistype the name of a web page and the web site's server returns an error, instead of seeing the error message, you are redirected to isearch.com. You cannot change this behavior while the software is installed.

3.) The software will begin launching a barrage of pop-up and pop-under ads.

4.) The software will store logs of your web surfing habits.

5.) The software will connect to iDownload servers to download and install updates to itself. It also may install completely unrelated software from other adware and/or spyware companies. Further, it may also scatter icons all over your desktop.

6.) The software may disable competing adware software. While that in itself is not such a bad thing, disabling some of those adware programs may render inoperable the programs they are "sponsoring". For instance, if Cydoor adware is disabled, KaZaa stops working.

7.) There have been numerous reports of antivirus and antispyware software being disabled by iSearch. I haven't seen this for myself but there are numerous reports of it.

8.) If you try to delete the files involved with iSearch, the software will reinstall itself. If you run the company's uninstaller, rather than uninstalling the software, it simply reinstalls anything you might have removed yourself (Sources [1][2]). This behavior is soon to be outlawed if the US House of Representatives passes the SPY ACT. So not only is it malicious, it also soon will be illegal.

iDownload knows that if they actually were to take an antispyware web site owner to court, they would lose the trial. It would be a simple matter to demonstrate the behavior of this software. I have no doubt that any judge and/or jury would agree that the software is malicious and deserves the label of "malware". This explains why all of the sites that have received these threats are independent sites run mainly by volunteers. Even when you are right, it still costs anywhere from $10,000 to $12,000 to prove it in court.

There is a difference between SpywareInfo and most other antispyware sites. The difference is that SpywareInfo makes money. Between the loyal readers of this newsletter who buy the products promoted here and the grateful former spyware victims who send donations through Paypal or by mailing checks, SpywareInfo has the resources to face any threat to its existence.

You may remember last year that a powerful denial of service attack was launched against SpywareInfo. For a brief period, the site was gone. Then, three weeks later, SpywareInfo came back to the web and it has stayed ever since. This was accomplished through the purchase or rental of nearly a dozen redundant web servers. The attackers tried for months to knock down the site. When they realized that I had more resources to fight them than they had to fight me, they finally gave up. There hasn't been a serious attack on the site for several months.

iSearch is malware. This is easily demonstrated. Any sane jury would agree once they see the demonstration. Simply put, I have more than enough resources to fight a frivolous lawsuit. I have more than enough evidence to win a lawsuit. If iDownload wants to challenge my statements in court, the mailing address is PO Box 2378, Reidsville, GA USA 30453.


Full Read @Spyware Info Newletter

_________________
Image



IP:
top
Top
 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 20 posts ] 

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  

Who is online

Who is online In total there are 0 users online :: 0 registered, 0 hidden and 0 guests (based on users active over the past 5 minutes)
Most users ever online was 282 on Tue Sep 25, 2012 11:30 am

Users browsing this forum: No registered users and 0 guests

New posts    No new posts    Forum locked
cron
Powered by phpBB