4 edits
4 recommendations |
MyNetInfector
Screenshot 1 | 
Screenshot 2 | 
Screenshot 3 | 
Screenshot 4 |
Hi All: We've seen some rather incredible things on the anti-spyware front in the past few weeks: from RoboCyberBabe scaring the dickens out of users ( » Pushing Anti-Spyware: A New Low... ), to a rogue application using a definitions database stolen from Spybot S&D ( » forums.net-integration.n ··· ic=21166 ), to useless programs that kick out hundreds of false positives and then demand payment to clean that non-existent spyware ( » www.spywarewarrior.com/f ··· es.htm#3 ). Suzi at Spyware Warrior stumbled across an anti-spyware application that takes the cake, however, for sheer brazenness. It all starts with a visit to the home page for MyNetProtector, an alleged anti-spyware application: » www.mynetprotector.com/l ··· hp?hop=0Visitors are greeted with a deceptive popup claiming that spyware has been detected on their systems (see screenshot # 1). The web page itself talks up the dangers of both spyware and adware, and urges visitors to download the free scan application (MNPASSetup_cb02.exe, 1058 kb). Things get rather interesting once you start to install MyNetProtector, though. The license contains more than a few eyebrow-raisers: said by MyNetProtector EULA:
1. LICENSE
The "MyNetProtector"software and/or programs (the "'"MyNetProtector"' Program[s]" or "program[s]"), documentation and any fonts accompanying this License whether on disk, in read only memory, on any other media or in any other form are licensed to you by ""MyNetProtector"." The program(s) may include added software and technology which allows "MyNetProtector"to provide advertising content or so-called "value-added" applications which compliment or enhance the "MyNetProtector"application(s). You own the media on which the program(s) is recorded but "MyNetProtector"retains title to the "MyNetProtector"Program(s). The "MyNetProtector"Program(s) and any copies that this License authorizes you to make are subject to this License.
(...)
4. ACKNOWLEDGEMENT OF ADVERTISING CONTENT AND VALUE-ADDED APPLICATIONS
You acknowledge that the "MyNetProtector"Program(s) include added software and technology which allows "MyNetProtector"to provide advertising content directly to your computer. Additionally, you acknowledge that you wish to receive software and technology as updates at the discretion of "MyNetProtector"for the purposes of complimenting or enhancing the "MyNetProtector"Program(s). By installing, downloading, copying, updating or otherwise using the "MyNetProtector"Program(s), you specifically agree to include the noted software and technology through which ""MyNetProtector"", its subsidiaries, affiliates, partners, divisions, and clients provide advertising content and/or value-added applications to your computer. You acknowledge that you desire to receive advertising content and value added applications, if any, from ""MyNetProtector"", its subsidiaries, affiliates, partners, divisions, and clients. You acknowledge that you desire to receive advertising content and value-added content as a condition to using the "MyNetProtector"Program(s).
Still later in the EULA one encounters licenses and privacy policies for: eZula TopText iLookup BargainBuddy WebHancer StatBlaster PurityScan At-Games.com Consumer Software Labs (TurboDownload) Users who don't bother to read the EULA will never notice anything is amiss, however, until it's much too late. Somewhat hilariously, MyNetProtector greets you with a welcome screen in preparation for your first free anti-spyware scan. Unannounced, however, is the fact that in the background a whole raft of spyware and adware is being downloaded and installed on your system even as you prepare to hit the "Scan Now" button (see screenshot # 2). The scan itself is quick enough -- no surprise because MyNetProtector reports scanning only three files (see screenshot # 3). A more useless anti-spyware application could scarcely be imagined. And you would be a fool if you actually believed the report of no "infected files" found. In fact, by this point in time your system is absolutely infested with spyware and adware, including: eZula TopText iLookup BargainBuddy WebHancer StatBlaster/MediaUpdateStats PurityScan Consumer Software Labs (TurboDownload) DelfinProject/PromulGate VX2/At-Games.com/NetPal URLBlaze/IEDriver That's quite a load, and it includes at least one Winsock LSP hijacker -- meaning that your network connection is definitely at risk. Still more hilariously, when you attempt to close MyNetProtector, it protests, asking you "Are you sure you want to stop protecting your system?" (see screenshot # 4) One hardly knows whether to laugh or weep at that kind of brazen nonsense. Not surprisingly, it is a major chore to clean this mess off your system, and no single anti-spyware program will do the job completely. Folks, this is as bad as it gets: a company that uses deceptive, scare-mongering advertising to push a broken anti-spyware application that installs a raft of spyware and adware itself. Needless to say, MyNetProtector has easily earned itself a spot on the Rogue/Suspect Anti-Spyware page: » www.spywarewarrior.com/r ··· ware.htmBest, Eric L. Howes |
|
 John2gQui Tacet Consentit
Premium Member
join:2001-08-10
England
1 recommendation |
John2g
Premium Member
2004-Aug-18 6:36 am
Hey Eric, They forgot to add CoolWebSearch in the EULA  |
|
 dp
MVM
join:2000-12-08
Greensburg, PA |
to eburger68
Just when you think you've seen it all, the bottom of the barrel sinks deeper  |
|
| |
to eburger68
And the inquisitive looking guy with the beard has been probably napped from Google's images cache. |
|
2 recommendations |
to eburger68
OK so this company sets an all time low for dirt bags and scum, but what to do about it. The companies site is located in the US (hosted by American Information Network which is a questionable bunch to begin with), and I would suspect the company/person is located in the US as well. So are there not some laws in the US about false advertising, fraud, misrepresentation of services or such that could be used to take these guys down legally or do we need to do it the old fashion way? Time for governments to get up to speed on these guys and start chucking some chlorine into the gene pool.
Blake |
|
1 recommendation |
Link Logger: There are such laws in the U.S., however, there would be several problems in using them against this company. First, the biggest complication would be the EULA (End User License Agreement). The company would likely argue that they had provided clear notice to users of the bundled software, making this a bit different from the SpyWiper/SpyDeleter case, where users' home pages were hijacked and software installed on their computers without adequate provision of notice and choice. Second, in the "business friendly" regulatory environment in which we are now, the "powers that be" are reluctant to impose the "heavy hand" of government regulation on market forces, esp. in cases that are muddied by such things as the EULA mentioned above. So, the best we can likely do right now is to shine a bright light on their practices, such as is being done with another company, the one behind Ad-Eliminator -- see: » www.netrn.net/archives2/ ··· 625.html» spywarewarrior.com/viewt ··· p?t=4907Best, Eric L. Howes |
|
 Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI
1 recommendation |
to eburger68
NOTE: The pop-up stopper product called MyNetProtector is not related to our company. Go to their website at www.mynetprotector.com. » www.modemlock.com/contactus.htmNetProtector® is protected by U.S. Patents. NetProtector® is a registered trademark. Conditions of Use and Privacy Notice » www.modemlock.com/index.htm |
|
 EGeezer
Premium Member
join:2002-08-04
Midwest |
to eburger68
The best hope we have is that some congressman's system gets corrupted with this and causes consternation. It seems that unless they are affected they will continue to sit with their collective thumbs in their butts.
I will share the product and EULA information with my friends and highlight the relevant areas for their review.
roaches tend to scurry from the lights |
|
suzi5
Premium Member
join:2004-05-01
1 edit |
to eburger68
I downloaded this piece of crapware tonight too for fun and games and had a slightly different experience with it than Eric did. The license agreement portion was blanked out. I scanned using the "high security" option, (what a joke) and it flagged 662 files out of 662 scanned. All were cookies. It did not flag any of the spyware/adware it downloaded into my system. In addition to the junk Eric listed, I was blessed with Roings Search Enhancement according to Ad-aware SE. I'm on the 4th scan with removal tools and I'm still getting a warning from my AV.  Blog post with screenshots here: » www.netrn.net/archives2/ ··· 642.html |
|
 SparrowCrystal Sky
Premium Member
join:2002-12-03
Sachakhand
1 recommendation |
to eburger68
I can't add anything to this thread - what can I say? It makes me sick? Just giving it a bump for others to see. Thanks again Eric and Daphne. |
|
 elias
Premium Member
join:2000-07-24
Miami, FL
1 recommendation |
to eburger68
What are the Domain Names and/or IP Addresses to this crap?
I'd like to add it to the hosts file; hopefully SpyBot's Immunization feature will be updated to block this garbage.
-- Elias |
|
Stumbles
join:2002-12-17
Port Saint Lucie, FL |
to eburger68
Does anyone know of a site that keeps a running list of sites as shown in this thread that are IMO hostile? |
|
SparrowCrystal Sky
Premium Member
join:2002-12-03
Sachakhand
1 edit |
Sparrow
Premium Member
2004-Aug-20 11:52 am
said by Stumbles:
Does anyone know of a site that keeps a running list of sites as shown in this thread that are IMO hostile?
» Security » How can I tell if an anti-spyware program is legitimate?Also a front page BBR article here » Spyware Scare Mongering. |
|
| |
to elias
Elias: MyNetProtector can be found at this domain: mynetprotector.com SpywareBlaster will be unable to block the download of MyNetProtector because it's not distributed as an ActiveX control. Stumbles: As for a list, see the Rogue/Suspect Anti-Spyware list here: » www.spywarewarrior.com/r ··· ware.htmEric L. Howes |
|
Stumbles
join:2002-12-17
Port Saint Lucie, FL |
Ahhh thanks, that's what I was looking for but didn't know what to google on. |
|
 Rifleman
Premium Member
join:2004-02-09
p1a |
to eburger68
I was bored today so downloaded this rotten piece of crap. My antivirus went nuts and so did spysweeper. I finally thought to disconnect from the net to keep more stuff from pumping onto my machine. The mods should put this in the news section to warn as many as they can. Anyways--I'll post the logs from Adaware,Spysweeper and hijack this. AVG found 3 trojans---EZ.Stub, Turown.F, Dropper Small.5.J. Here's the logs: |
|
| |
to Name Game
said by Name Game:
NOTE: The pop-up stopper product called MyNetProtector is not related to our company. Go to their website at www.mynetprotector.com.
»www.modemlock.com/contactus.htm
NetProtector® is protected by U.S. Patents.
NetProtector® is a registered trademark.
Conditions of Use and Privacy Notice
»www.modemlock.com/index.htm
Thanx Name Game. In addition to being of interest for the Malware related issue of the thread, the IT group where I work had a security dicussion yesterday regarding outside vendors' laptops. The NetProtector (modemlock) product is of immediate interest!  |
|
2 edits |
to Rifleman
A WHOIS reveals that they use a "proxy" registrant for their domain name. Contact info for the registrant is on this page: » domainsbyproxy.com/Legal ··· prog_id=Prohibitions: Domains By Proxy will not do business with you, nor protect your identity, if you: • Transmit spam, viruses or harmful computer programs; • Violate the law or infringe a third party’s trademark or copyright; • Engage in morally objectionable activities, including but not limited to those which are child pornographic, defamatory, abusive, harassing, obscene, racist, or otherwise objectionable Anyone want to try contacting these guys and filing a complaint? I've done this in past cases, but I'm too busy to get very involved with this right now. Here is the godaddy.com abuse contact as well. Web: » www.godaddy.com/gdshop/s ··· port.aspEmail: abuse@godaddy.com UPDATE: FOUND THE ACTUAL HOST USING VISUALROUTE AND ANOTHER WHOIS: 205.134.161.89 ---------------------------------------------------------------------------------- ---------- ---------------------------------------------------------------------------------- --- | Hop | %Loss | IP Address | Node Name | Location | Tzone | ms | Graph | Network | ---------------------------------------------------------------------------------- ---------- ---------------------------------------------------------------------------------- --- | 0 | | 161.58.180.113 | WIN10115.visualware.com | Dulles, VA, USA | -05:00 | | | Verio, Inc. VRIO-161-058 | | 1 | | 161.58.176.129 | - | ?Englewood, CO | | 0 | | Verio, Inc. VRIO-161-058 | | 2 | | 161.58.156.140 | - | ?Englewood, CO | | 0 | | Verio, Inc. VRIO-161-058 | | 3 | | 129.250.28.206 | xe-1-2-0-3.r20.asbnva01.us.bb.verio.net | Ashburn, VA, USA | -05:00 | 0 | | Verio, Inc. VRIO-129-250 | | 4 | | 129.250.2.61 | p16-5-0-0.r01.asbnva01.us.bb.verio.net | Ashburn, VA, USA | -05:00 | 0 | | Verio, Inc. VRIO-129-250 | | 5 | | 206.223.115.83 | WASHDC5LCE1.3.0.wcg.net | Washington, DC, USA | -05:00 | 0 | | Equinix, Inc. EQUINIX-IX-ASH | | 6 | | 64.200.95.117 | hrndva1wcx3-pos15-0-oc48.wcg.net | - | | 0 | | Williams Communication IP Services WLCO-HRNDVA1INTERN-30 | | 7 | | 64.200.95.94 | washdc7lce1-pos4-0-oc48.wcg.net | Washington, DC, USA | -05:00 | 0 | | Williams Communication IP Services WLCO-HRNDVA1INTERN-30 | | 8 | | 64.200.94.230 | washdc7lce1-yipes-gige.wcg.net | Washington, DC, USA | -05:00 | 0 | | Williams Communication IP Services WLCO-HRNDVA1INTERN-30 | | 9 | | 209.120.218.2 | - | ?San Francisco, CA | | 0 | | Yipes Communications, Inc. YIPES-BLK4 | | 10 | | 205.134.161.89 | hodur.ai.net | Columbia, MD, USA | -05:00 | 0 | | AiNET Hosting Operations AINETWEB-BLK177 | ---------------------------------------------------------------------------------- ---------- ---------------------------------------------------------------------------------- --- CustName: AiNET Hosting Operations Address: 6470 Freetown Road Address: Suite 200-39 City: Columbia StateProv: MD PostalCode: 21044 Country: US RegDate: 2002-12-03 Updated: 2002-12-03 NetRange: 205.134.182.0 - 205.134.182.255 CIDR: 205.134.182.0/24 NetName: AINETWEB-BLK182 NetHandle: NET-205-134-182-0-1 Parent: NET-205-134-160-0-1 NetType: Reassigned Comment: Hosting Infrastucture RegDate: 2002-12-03 Updated: 2002-12-03 TechHandle: AI-ORG-ARIN TechName: American Information Network TechPhone: +1-301-497-9620 TechEmail: nc@ai.net OrgTechHandle: NETWO142-ARIN OrgTechName: Network Operations OrgTechPhone: +1-800-779-6938 OrgTechEmail: noc@ai.net # ARIN WHOIS database, last updated 2004-03-22 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. OrgName: American Information Network OrgID: AI Address: 6470 Freetown Road Ste 200-39 City: Columbia StateProv: MD PostalCode: 21044 Country: US NetRange: 205.134.160.0 - 205.134.191.255 CIDR: 205.134.160.0/19 NetName: AINET-BLK NetHandle: NET-205-134-160-0-1 Parent: NET-205-0-0-0-0 NetType: Direct Allocation NameServer: DNS9.AI.NET NameServer: DNS6.AI.NET NameServer: DNS8.AI.NET Comment: RegDate: 1995-04-27 Updated: 1998-09-29 TechHandle: AI-ORG-ARIN TechName: American Information Network TechPhone: +1-301-497-9620 TechEmail: nc@ai.net OrgTechHandle: NETWO142-ARIN OrgTechName: Network Operations OrgTechPhone: +1-800-779-6938 OrgTechEmail: noc@ai.net # ARIN WHOIS database, last updated 2004-03-22 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. OrgName: American Information Network OrgID: AI Address: 6470 Freetown Road Ste 200-39 City: Columbia StateProv: MD PostalCode: 21044 Country: US Comment: RegDate: 1995-04-27 Updated: 2003-01-21 AdminHandle: AI-ORG-ARIN AdminName: American Information Network AdminPhone: +1-301-497-9620 AdminEmail: nc@ai.net TechHandle: NETWO142-ARIN TechName: Network Operations TechPhone: +1-800-779-6938 TechEmail: noc@ai.net # ARIN WHOIS database, last updated 2004-03-22 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. |
|
SparrowCrystal Sky
Premium Member
join:2002-12-03
Sachakhand |
to Rifleman
said by Rifleman:
The mods should put this in the news section to warn as many as they can.
Posted above - it's on the Front Page of BBR: »Spyware Scare Mongering |
|
 keith2468
Premium Member
join:2001-02-03
Winnipeg, MB
1 edit
2 recommendations |
to eburger68
So Suzi at Spyware Warrior tells you that stumbled across an anti-spyware application that takes the cake. She tells you that It all starts with a visit to the home page for MyNetProtector, an alleged anti-spyware application, and that the home page is: www.mynetprotector.com/landing.php?hop=0 You go there. You see a deceptive pop-up claiming that spyware has been detected on your system. You think that people visiting the home page are getting a spurious pop-up. But in fact the homepage is » www.mynetprotector.com/and Spyware Warrior has successfully spread a lie about a competitor. I have no idea about the MyNetProtector, I see the junk in the EULA, so it obviously comes with a lot of hidden ad-ware, but obviously also, assuming I read Eric's post correctly, we can't trust Spyware Warrior to be honest about its competitors. I mean, since when do home pages end with landing.php?hop=0 ??? |
|
 mers2
Premium Member
join:2004-03-20
USA |
mers2
Premium Member
2004-Aug-20 7:24 pm
said by keith2468:
So Suzi at Spyware Warrior tells you that stumbled across an anti-spyware application that takes the cake.
She tells you that It all starts with a visit to the home page for MyNetProtector, an alleged anti-spyware application, and that the home page is:
www.mynetprotector.com/landing.php?hop=0
You go there. You see a deceptive pop-up claiming that spyware has been detected on your system.
You think that people visiting the home page are getting a spurious pop-up.
But in fact the homepage is
»www.mynetprotector.com/
and Spyware Warrior has successfully spread a lie about a competitor.
I have no idea about the MyNetProtector, I see the junk in the EULA, so it obviously comes with a lot of hidden ad-ware, but obviously also, assuming I read Eric's post correctly, we can't trust Spyware Warrior to be honest about its competitors.
I mean, since when do home pages end with landing.php?hop=0 ???
Have you read the posts from Eric, Suzi and Rifleman detailing the crap this software put on their machines?? I'd say their point has been well proven and is not the lie you claim it is. |
|
keith2468
Premium Member
join:2001-02-03
Winnipeg, MB
1 edit
1 recommendation |
Yes, Mers, did you read what I posted.
How long have these guys been on the web and they don't know what home page URLs look like?
When people speak about competitor's products, listen carefully and see what they reveal a lot about themselves.
The homepage they give for the competitor product is not the real homepage.
The actual homepage doesn't have the pop-up that the page with the positive results flag does. You've been fooled.
Sure the other product apparently has crap spyware.
But the topic is what was stated or quoted in the original post.
It is important to be able to trust anti-spyware vendors. If they get caught exaggerating the bad point of other products, or making out right false statements about the home page ... not good.
It could be carelessness, it could be lack of expertise, it could be that the investigation is in the preliminary stages. But I mean, the homepage not being that URL with the failed test flags on it.
I wouldn't trust either product.
I don't trust security vendors that post explict exploits in open forums either.
I'm fussy that way. There are a lot of those guys that I view as not having the business ethics to be trusted with the keys to my systems. Those who secretly spread adware are one catagory.
Those who make up things about their competitors are another. And this is true even when the compitor truely is untrustworthy.
Remember, security products run with full system privliges, just like most other programs, and that gives them the keys to your shop. You have to trust that the business ethics of the software vendors whoses products you download, and that they won't sabotage your system or other products.
If you don't have the facilities or expertise to do a full analysis of their products yourself, you can still do an analysis of their ethics by reading what they say. |
|
 CudniLa Merma - Vigilado
MVM
join:2003-12-20
Someshire |
Cudni
MVM
2004-Aug-20 7:37 pm
Why does that page exist, what is its purpose? Do any of downloaded progs, from that site, lead to landing.php?
Cudni |
|
keith2468
Premium Member
join:2001-02-03
Winnipeg, MB |
Cudni, do you think it is their homepage? Or do you think maybe it isn't their homepage? Eric quotes that it is their homepage and that the pop-up appears to visitors if they merely visit the site, i.e. before any scans are run. I suspect that it actually appears after the scans are run. Even if the pop-up appears whether your computer is infected or not, the description below is false: quote:
Visitors are greeted with a deceptive popup claiming that spyware has been detected on their systems (see screenshot # 1).
|
|
|
 BubbaGIT-R-DONE
MVM
join:2002-08-19
St. Andrews
1 edit
1 recommendation |
to eburger68
17 August 2004
MY NetProtector.com - Scare ad that states your computer is infected!
said by WebHelper4U.com:
Free Version installs 3rd Party Adware
Aliases:
Major Adware Varaints that is bundled along with the 3rd parties bundled partners:
eZula TopText iLookup
BargainBuddy (eXact Advertising)
WebHancer
StatBlaster (Wild Media, LLC)
PurityScan (Click Spring, LLC)
At-Games.com (AddictiveTechnologies.net )
http: //www.addictivetechnologies.com/privacypolicy-KV.asp
Partners:
http: //www.enconfidence.com/privacy.asp, eUninverse
http: //www.megasearchbar.com/privacy/
http: //info.lycos.com/legal/sidesearch_la.asp
http: //www.incredifind.com/pp.cfm, eUniverse
http: //www.404search.com/eula.html
https: //www.spywarelabs.com/BundleEULA.txt, Virtual bouncer
http: //www.toprebates.com/cgi/shop.plx?pid=1150&page=eula
http: //www.abetterinternet.com/policies.htm, twaintech.dll transponder variant
http: //www.shopathomeselect.com/TermsAndConditions.asp
http: //www.sirsearch.com/eula/eula.html. eUninverse
|
|
CudniLa Merma - Vigilado
MVM
join:2003-12-20
Someshire |
to keith2468
No landing.php is not their home page as it, home page, reads » www.mynetprotector.com/index.php. Do you think it could have been changed? Why do they have the dodgy page on their site though, the one quoted and the one that competitors can seize upon? Cudni |
|
keith2468
Premium Member
join:2001-02-03
Winnipeg, MB |
to eburger68
Yes, the adware apparently really is there in MyNetProtector, so that part of the claim about is true. And unlike Ad-Eliminator there is no slander about this product being a trojan or having "trojan-like" qualities.
Just this incorrect statement about the homepage and what happens when someone visits it.
In fact, is Spyware Warrior a vendor? Or is it just unaffiliated forums run by volunteers? Maybe the link was an innocent mistake by a volunteer? |
|
| keith2468 |
to Cudni
|
|
BubbaGIT-R-DONE
MVM
join:2002-08-19
St. Andrews
1 recommendation |
to eburger68
the pop-up appears to visitors if they merely visit the site, i.e. before any scans are run.Keith....I'm going to look at this trip I just took as an unknowledgeable surfer. I am using IE and I have my settings at Medium. I know nothing about protection and have no Security\Privacy software installed. I am told by friends I need to get protection and to go to the below link. The argument concerning the actual Home Page name is trivial. It's the hooks and turns the less knowledgeable can take that gets them everytime. So select the item that's being discussed with laxed security and try to see what can be construed as a Home page. You perhaps will then see that.... Visitors are greeted with a deceptive popup claiming that spyware has been detected on their systems....is not False in that perspective. This link---> » www.shopping-bestbuy.com ··· ry-3.htm |
|
CudniLa Merma - Vigilado
MVM
join:2003-12-20
Someshire |
to keith2468
As it stands, at the time of writing, the home page referenced in originating thread is not that of mynetprotector. However the page does exist with symptoms that were outlined and we don't know if that page was not the home page at the time eburger68  was notified of it. That page is still there on their site waiting... Cudni |
|
