lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <004201c2c886$a93bb2f0$6601a8c0@rms2>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Question about the new Xupiter toolbar

Hi,

Has anyone looked into this new Xupiter toolbar to see how it is being
installed on people's computer?  In particular is it using some IE
security hole for the install or does it just use the standard ActiveX
drive-by download mechanism?

Here's more info about Xupiter from Slashdot:

World's Most Annoying IE Toolbar 
Posted by michael on Thursday January 30, @09:02AM
from the someone-will-surpass-it-soon dept.

nautical9 writes "Following the same devious footsteps of the infamous
Bonzi Buddy, Gator, and Comet Cursor "enhancements", Xupiter now has
their own self-installing toolbar for IE. There are many claims that if
you leave your security preferences at their default level, it will
install itself without your express permission. And once on your system,
it's gracious enough to reset your homepage to xupiter.com, forward all
your searches to their search engine, download and automatically launch
applications (like gambling applets), and blocks all attempts to set
these back to normal. Removing it isn't trivial either - it
automatically checks for updates upon reboot, where it constantly
changes the registry settings it uses, making the jobs of spyware
removal programs like AdAware or Spybot Search & Destroy much harder. No
word yet if it collects and forwards personal data." 

http://slashdot.org/articles/03/01/30/1314236.shtml?tid=113

Richard M. Smith
http://www.ComputerBytesMan.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ