PDA

View Full Version : Why doesn't spybot flag it?



kplpsy
2007-08-29, 20:47
Paltalk knowingly sponsors malware sites that contain WinFixer or a WinFixer varient (such as Drive Cleaner). These malware ads display anywhere it has html ads such as the "view profile" link. If you loop thru these ads by clicking the view profile link you will eventually come across the WinFixer ad. I was able to receive these ads repeatedly early yesterday morning, but having trouble accessing the ad since then. My guess is that the ad is showing at certain times, maybe during the early AM hours and perhaps only for the free version of the software. I will continue to try and reproduce these ads, and provide screenshots each time it occurs. WinFixer is particularly nasty in that it will attempt to exploit your IE or Java. Simply clicking cancel doesn't close it. Instead it will take you to a page where it initiates a fake scan on your computer alerting of you various problems in attempts to scare you into buying this rogue software. Of course, if it can exploit you during this process. It will. The next IE or Java exploit will surely infect thousands of unsuspecting Paltalk users thru these types of ads that Paltalk's very own red coats admit to sponsoring.

I confronted Paltalk's support regarding this issue, and they acknowledged it, and simply said to click cancel and it will go away. When I pointed out that it was malware and exploiting unpatched Windows, they said that it "isn't Paltalk but an advert". I fail to understand why the security community refuses to hold Paltalk accountable for channeling malware through it's software. Ads or not, It is through use of Paltalk that people are infected, and Paltalk continues to sponsor such malware sites. It's interesting the community accepts this. That's like saying. I didn't kill that person! My hitman did it! Try giving that excuse to a judge in a court of law.

I'll tell you this though, You will not find trusted sites such as yahoo displaying WinFixer ads on their pages or IM software. And if WinFixer was to find itself into one, then it would be removed as soon as it is reported.

The main players in the community are too influenced by politics and money, and in my opinion, fail utterly at what is supposed to be their mission: to combat all forms of malware, the programs, and organizations that knowlingly sponsor and profit from it. But popular software such as Paltalk is allowed to get away with this. Little bit of money, and political influence and all the AV software and Anti spyware software turn a blind eye.

Just go and do a google search for hijackthis and Paltalk. You'll find loads of hijackthis logs from infected Paltalk users and you'll find neutral security minded people that recommend against use of Paltalk for the very reasons I stated above.

Why don't you guys at Safer networking throw up a banner for WinFixer so that when someone accesses your main page all of those people get those scarey messageboxes and then immediately directed to WinFixer's scare page. and then Explain to them that It isn't Safer Networking that is doing it! It's our Advertisement! Gee what would happen then?

tashi
2007-08-29, 21:39
I fail to understand why the security community refuses to hold Paltalk accountable for channeling malware through it's software.
Many in the security community are active in holding a company responsible if they redirect to Winfixer.
One example; MVP Sandi Hardmeier's blog: Spyware Sucks (http://msmvps.com/blogs/spywaresucks/default.aspx)



I'll tell you this though, You will not find trusted sites such as yahoo displaying WinFixer ads on their pages or IM software. And if WinFixer was to find itself into one, then it would be removed as soon as it is reported.
Actually... WinFixer (http://msmvps.com/blogs/spywaresucks/search.aspx?q=WinFixer&o=Relevance)
WhitePages/AOL/ValueClick/MSN/Messenger Plus! Sponsor/Myspace/ActiveNetworks.



The main players in the community are too influenced by politics and money, and in my opinion, fail utterly at what is supposed to be their mission: to combat all forms of malware, the programs, and organizations that knowlingly sponsor and profit from it. But popular software such as Paltalk is allowed to get away with this. Little bit of money, and political influence and all the AV software and Anti spyware software turn a blind eye.



Why don't you guys at Safer networking throw up a banner for WinFixer so that when someone accesses your main page all of those people get those scarey messageboxes and then immediately directed to WinFixer's scare page. and then Explain to them that It isn't Safer Networking that is doing it! It's our Advertisement! Gee what would happen then?
While I understand your frustration, no need to infer we are ignoring WinFixer.

You might consider bringing your concerns regarding Paltalk to Sandi's attention also.

Best regards.

kplpsy
2007-08-30, 00:49
Thank you for your reply and telling me about Sandi's site.

It is frusterating trying to alert Paltalk and the community when you get no response. Well, except from Paltalk, and that was Oh, it's ok just click cancel.

I don't believe Spybot ignores WinFixer, but if it's ignoring admitted sponsors and channelers, then that's a problem. This is the reason so many people are infected by malware. Site's like Sandi's help, but not enough people know about it. It really needs to be done in software such as Spybot. No one says you have to popup a big warning message. Just a casual informational message stating that it allows banner ads and has had a history of being used as a channel to transmit malware. Perhaps a real-time monitor. If x many complaints are received then software like Spybot puts up a red flag on that program until the ad gets removed.

Maybe Paltalk isn't showing these ads on purpose, it's difficult to say when there's finger pointing back and forth all over the place. But they've had this problem for years, and it should be documented and easily accessible to the general population.

tashi
2007-08-30, 01:52
Hi kplpsy.

This certainly warrants further investigation, I will bring your topic to a detective's attention.

Cheers, tashi

Yodama
2007-08-30, 08:40
Thanks for reporting this.

We will check Paltalk and collect evidence.
If Paltalk shows malware advertising, they will have no choice to either remove that advertising or get detected by Spybot S&D themselves.
While companies can make mistakes in choosing business partners, they should take adequate measures if it is clear that the business partner is criminal.
In case of Winfixer it is very clear: criminal.

kplpsy
2007-08-30, 18:15
Hey guys, I havn't been able to reproduce the WinFixer ad thru Paltalk since. It may have been removed (for now). I fell asleep last night before I was able to check during the early AM hours. If I do come across another AD I'll inform you ASAP so that others can verify it. I am pretty certain I'll see this AD again. I've been using Paltalk for over a year now and I've seen it many times (on and off).

Is there a specific email I should contact for this?

Yodama
2007-09-03, 08:29
thank you for your help,

if you can make the sceenshots it would be a great help, you can send them to detections-at-spybot.info (replace -at- with @)

For now we have found a way to block the advertising within PalTalk while this did not appear to have an impact on the workings of PalTalk. That way users can use PalTalk and need not fear the Winfixer advertising.