Who Profits from Security
Holes? - show me the money Benjamin Edelman at Harvard University
recently posted this article and accompanying video. They show how easily
an unprotected PC can be overcome with spyware. He also details how the
spyware can be tracked to it's sources. Just follow the money. What can we
do with that information? Currently, very little. One of these days our
laws may include protection from this type of software. Hopefully this
will happen sooner and not too much later.
Eric says that the
latest version of Internet Explorer, as patched by Windows XP Service Pack
2, is not vulnerable to the unwelcome installations shown. So, you know
what you need to do ...
Quote from the website - How bad is this problem? How much junk
can get installed on a user's PC by merely visiting a single site? I set
out to see for myself -- by visiting a single web page taking advantage of
a security hole (in an ordinary fresh copy of Windows XP), and by
recording what programs that site caused to be installed on my PC. In the
course of my testing, my test PC was brought to a virtual stand-still --
with at least 16 distinct programs installed. I was not shown licenses or
other installation prompts for any of these programs, and I certainly
didn't consent to their installation on my PC.
In my testing, at least the following programs were installed through the security hole exploit: 180solutions, BlazeFind, BookedSpace, CashBack by BargainBuddy, ClickSpring, CoolWebSearch, DyFuca, Hoost, IBIS Toolbar, ISTbar, Power Scan, SideFind, TIB Browser, WebRebates (a TopMoxie distributor), WinAD, and WindUpdates. (All programs are as detected by Ad-Aware.) I have reason to believe that numerous additional programs were also installed but were not detected by Ad-Aware.