| SPYWARE ALERT: MyFreeCursors.com - KeenValue SPYWARE ALERT: MyFreeCursors.com - KeenValue
Last Updated: May 4, 2003
Background: MyFreeCursors.com offers an “easy cursor change service”. By clicking on a cursor that a user wants, the site will attempt to download and run an installer using ActiveX. This installer not only installs the cursor, but may install the following three applications:
n-CASE
iGetNet
KeenValue
The focus of this advisory is the KeenValue program.
Details: The hard-to-find privacy policy, located (among many places) at myfreecursors.com/privacy/ , details some alarming characteristics of the KeenValue program. Supposedly, KeenValue "provides you with the ability to obtain advertiser-supported versions of software applications (valued at up to $30) free-of-charge or at a reduced cost"… but take a look at the following sections of the "privacy policy" / terms of use:
quote:
Delivery of KeenValue Advertising
Advertisements are delivered to your computer screen by:
• Pop-Up Windows
• Pop-Up Slider Windows
• Embedded Ads
• Desktop icons and installation files that may be placed on your computer for you to link to other products and services.
So it displays ads. What else is new?
Well according to the "privacy disclosure statement" portion of the document, KeenValue collects the following information:
• Web sites/pages viewed
• The amount of time spent at some Web sites
• Response to the Advertisements displayed
• Standard web log information including IP address and system settings
• What software is on your personal computer
• Your first and last name, country, and five digit ZIP code
• Your usage characteristics and preferences
Not only that, but the privacy policy actually states KeenValue may READ THE CONTENTS OF THIRD-PARTY COOKIES STORED ON YOUR MACHINE, and may also INSTALL "certain rich media player applications, browser plug-ins, virtual machines, and runtime environments" without your knowledge.
Known Distribution Sites: KeenValue may be installed through downloads from any of the following sites:
myfreecursors.com
thunderdownloads.com
crazymates.com
There may also be many other methods of distribution that are not yet known. It is highly recommended that users stay away from the above sites.
Protection: A database update was released today (5/04/2003) for SpywareBlaster that covers 16 variants of KeenValue. Adding the sites listed above to the restricted zone in Internet Explorer should also help prevent the installation of KeenValue (blocking them using the hosts file is another recommended method).
Responsible Parties: It seems as though eUniverse, Inc. (euniverse.com) is responsible for KeenValue, as well as the ThunderDownloads site, and possibly the MyFreeCursors site (all of the downloads there are digitally signed by eUniverse).
Best regards,
-Javacool
[text was edited by author 2003-05-04 17:25:53] |
|
 John2gQui Tacet ConsentitPremium
join:2001-08-10
England | Thanks for the info javacool. Yet more scumware (sigh). |
|
 GodTHE Dslr TrollPremium
join:2002-07-01
Colorado Springs, CO | also stay away from anything gator .. gain is a pain in the ass .. comes with gator,divx 5, and other progz = \ |
|
| reply to javacool
Thanks Javacool!
Great analysis! 
Regards, |
|
 l33tPremium
join:2003-01-23
Indianapolis, IN | reply to javacool
Thanks javacool |
|
| reply to javacool
said by javacool:
SPYWARE ALERT: MyFreeCursors.com - KeenValue
Not only that, but the privacy policy actually states KeenValue may READ THE CONTENTS OF THIRD-PARTY COOKIES STORED ON YOUR MACHINE
Best regards,
-Javacool
[text was edited by author 2003-05-04 17:25:53]
Make sure you have your firewall and/or browser set to block 3rd-party cookies!
[text was edited by author 2003-05-04 23:57:15] |
|
 MarillaI Am My Own ArbiterPremium
join:2002-12-06
Belpre, OH | said by Mark Walton:
Make sure you have your firewall and/or browser set to block 3rd-party cookies!
I think (I could be wrong) that what you are talking about is something totally different.
In the context of the 'application' mentioned above, "third party cookies" means that this company can access cookies of websites other than there own, because they have an application installed (that the user allowed to be installed) which knows where to find the cookies files and does so; has nothing to do with the browser itself.
What you are talking about, I'm fairly sure, is the settings on IE6 for third-party cookies on the web browser itself, but 'third party' here means something totally different: It means cookies from a website different than the one in your address bar. For instance, in a 'Frame' or 'IFrame'. I would NOT recommend totally blocking third-party cookies... however, I would recommend sticking with the default: Blocking third party cookies from sites without an implemented Privacy Policy.
The information in the paragraph above is my opinion; I can name four websites offhand that if I simply totally blocked third-party cookies, would not work very well. However, two of those sites (one of which is my own) has a properly implemented privacy policy so they work.. the other two, it simply does not work even with the default settings, and I have chosen to leave it like that, since if the admins of the sites in question don't know how to do proper privacy policies for this, I see no reason to bother with anything that would require cookies from their domain.
I simply wanted to mention that I believe these two uses of 'Third Party Cookies' are totally different and do not apply to each other; Changing the setting noted for blocking 'third party cookies' would NOT prevent the application noted above from accessing your 'third party cookies', because it's not the same thing, and their software isn't controlled by your browser's security settings anyway, even if it was the same thing. |
|
|
|
 dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | reply to javacool
Thanks for the information javacool. I see that you have already included KeenValue in the latest SpywareBlaster update 
--
Write your questions down on the back of a $20 dollar bill and send them to me |
|
