Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Errorsafe does it again via the Messenger Plus! sponsor program

June 30th 2006 in Uncategorized

Messenger Plus! users are still being exposed to malware/infector advertisers via Patchou’s Sponsor Program.


The adultfriendfinder.com and passion.com ads are there, and seem to be getting more risque as the days go by.


My primary concern tonight, though, is the re-emergence of Errorsafe.


Note the completely blank window… there is no addressbar (which in IE7 is unusual – that shouldn’t be happening with my settings) nor is there any text in the title bar…


 


Important note: Do NOT click on OK or Cancel.. click on the red x to close the window and prompts.


What do we see if we close the window/prompt?  Errorsafe are as persistent as ever…



And if you click on the red x again? This is what you will see.  The determination to get ErrorSafe on to the victims’ computers is very obvious  Note: there is no Cancel button.  Click on the red x, do not click on ok.



Then there is the Web page that appears, which again tries to install Errorsafe… systems with older versions of IE, or system with reduced security settings, are at risk of being infected with no user interaction.


 


Note there is no addressbar in the window, and that the Window cannot be resized… that makes it kind of hard to report them…but do not fear, we have ways and means….


A close check of my system reveals just one unexplained connection… to 28.101.232.72.reverse. layeredtech.com


http://www.dnsstuff.com/tools/whois.ch?ip=28.101.232.72



Once again, I can only hope Patchou takes a serious look at the dangers his users are being exposed to if they install the sponsor program.  It seems this stuff is going to keep on getting into the advertising system supplied by the Sponsor, and his users are going to continue being placed at risk.  I’ve told Patchou that I will be blogging to warn of the dangers, and will send him a link to this blog as soon as it goes live, but it shouldn’t be up to my associates and I to monitor this stuff and pass on what we see to Patchou and by extension his Sponsors.  *They* should be doing it.  If I, with a small 5 PC network and half a dozen pairs of eyes, can monitor what is happening and report it, then so can the Sponsors.


2 comments to...
“Errorsafe does it again via the Messenger Plus! sponsor program”

Dave

I just wish these “businessmen” (or businesswomen!) would get into some sort of legitimate business rather than these scams. In the early to mid 1900’s in the U.S., these kinds of scammers would have been run out of town on a rail.



haha

stalker

Edit Sandi: :)  This is exactly the type of attitude that keeps my attention on MP! and the sponsor program.  While MP! supporters continue to have such attitudes we know that there is no way we can depend on them to look out for the online safety of others. 


PLEASE GO TO THIS LINK FOR THE LATEST INFORMATION ON HOW TO UNINSTALL IE7:http://www.ie-vista.com/kbase2.html
The following information is out of date.
The way that we remove IE7 changes depending on what version we are running.
For IE7 Beta 3 and 2, we can remove IE via add/remove programs without turning on “view updates”.  The IE7 public preview and earlier builds, on [...]

Previous Entry

My desk, taken a few minutes ago:
 
Malware infested PC on left (owner has spent $650 with somebody else in a vain attempt to get it cleaned up), monitor for infected PC on rear left, server and server monitor on right and my laptop.
I don’t know *what* the previous guy was thinking – he’s put AVG [...]

Next Entry