Sign in with
Sign up | Sign in
Your question

WebTrendsLive?

Tags:
  • Games
  • Video Games
Last response: in Video Games
Share
June 9, 2005 10:28:24 PM

Archived from groups: alt.games.battlefield1942 (More info?)

Anyone know anything about WebTrendsLive and why it seems to be associated
with the EAGames website?

Thanks,
Clark

More about : webtrendslive

Anonymous
June 10, 2005 1:46:35 PM

Archived from groups: alt.games.battlefield1942 (More info?)

"Clark" <who@whoknows.com> wrote in message
news:cT%pe.2088$I14.1340@newssvr12.news.prodigy.com...
> Anyone know anything about WebTrendsLive and why it seems to be associated
> with the EAGames website?
>
> Thanks,
> Clark
>

WebTrendsLive is a log analysis software package that has the capability of
making reports and doing real-time analysis visitors to a web site. It's
used all over.

What type of "association" specifically are you talking about? Company owns
another? You see something on the site about it?
June 10, 2005 9:18:38 PM

Archived from groups: alt.games.battlefield1942 (More info?)

The link to EAGames in the drop down on the right side says "Redirect", and
on the left it says http://www.eagames.com. If I go to the site and watch
the bottom of the browser I see the WebTrendsLive address being shown, which
is how I know that what it was. The page takes a very time to load like it
was going through another site all the while the address was flashing with
something about download from WebTrendsLive.
I visited the eagames site on another computer and afterward the same
indications were in the URL address history, so it appears to happen every
time.

Is this software a type of spyware resident on my computer or is it
something that locks onto the address and redirects every time it is
requested? The reason I call it an association, it because the eagames site
is the only one I see it with.

Thanks,
Clark


"Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
news:42a9a76e$1_2@newspeer2.tds.net...
>
> "Clark" <who@whoknows.com> wrote in message
> news:cT%pe.2088$I14.1340@newssvr12.news.prodigy.com...
>> Anyone know anything about WebTrendsLive and why it seems to be
>> associated with the EAGames website?
>>
>> Thanks,
>> Clark
>>
>
> WebTrendsLive is a log analysis software package that has the capability
> of making reports and doing real-time analysis visitors to a web site.
> It's used all over.
>
> What type of "association" specifically are you talking about? Company
> owns another? You see something on the site about it?
>
Anonymous
June 11, 2005 12:02:55 AM

Archived from groups: alt.games.battlefield1942 (More info?)

"Clark" <who@whoknows.com> wrote in message
news:o Xjqe.2387$751.1320@newssvr30.news.prodigy.com...
> The link to EAGames in the drop down on the right side says "Redirect",
> and on the left it says http://www.eagames.com. If I go to the site and
> watch the bottom of the browser I see the WebTrendsLive address being
> shown, which is how I know that what it was. The page takes a very time
> to load like it was going through another site all the while the address
> was flashing with something about download from WebTrendsLive.
> I visited the eagames site on another computer and afterward the same
> indications were in the URL address history, so it appears to happen every
> time.
>
> Is this software a type of spyware resident on my computer or is it
> something that locks onto the address and redirects every time it is
> requested? The reason I call it an association, it because the eagames
> site is the only one I see it with.

It's purely for web stats tracking - nothing to do with spyware. There's a
transparent image loaded from the WebTrendsLive stats server with the EA id
on it - all it does it update their real-time tracking database (page
impressions, visitor demographics, etc). There are also DoubleClick tracking
items too. It's all harmless stuff. Why is it nowadays everyone immediately
assumes spyware when they see something like this?

Dan
Anonymous
June 11, 2005 12:02:56 AM

Archived from groups: alt.games.battlefield1942 (More info?)

Why is it nowadays everyone immediately
> assumes spyware when they see something like this?


Cuz lots of time it IS spyware.

In this case, it appears not to be.
June 11, 2005 1:29:26 AM

Archived from groups: alt.games.battlefield1942 (More info?)

OK, Thanks

Clark

"Spack" <news@worldofspack.co.uk> wrote in message
news:3gu6crFe81ejU1@individual.net...
>
> "Clark" <who@whoknows.com> wrote in message
> news:o Xjqe.2387$751.1320@newssvr30.news.prodigy.com...
>> The link to EAGames in the drop down on the right side says "Redirect",
>> and on the left it says http://www.eagames.com. If I go to the site and
>> watch the bottom of the browser I see the WebTrendsLive address being
>> shown, which is how I know that what it was. The page takes a very time
>> to load like it was going through another site all the while the address
>> was flashing with something about download from WebTrendsLive.
>> I visited the eagames site on another computer and afterward the same
>> indications were in the URL address history, so it appears to happen
>> every time.
>>
>> Is this software a type of spyware resident on my computer or is it
>> something that locks onto the address and redirects every time it is
>> requested? The reason I call it an association, it because the eagames
>> site is the only one I see it with.
>
> It's purely for web stats tracking - nothing to do with spyware. There's a
> transparent image loaded from the WebTrendsLive stats server with the EA
> id on it - all it does it update their real-time tracking database (page
> impressions, visitor demographics, etc). There are also DoubleClick
> tracking items too. It's all harmless stuff. Why is it nowadays everyone
> immediately assumes spyware when they see something like this?
>
> Dan
>
Anonymous
June 11, 2005 3:32:16 AM

Archived from groups: alt.games.battlefield1942 (More info?)

"Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
news:42a9eaee$1_3@newspeer2.tds.net...
> Why is it nowadays everyone immediately
>> assumes spyware when they see something like this?
>
>
> Cuz lots of time it IS spyware.

No, spyware looks very different to this. Img tags in a page linking off
site to small transparent images are almost always some form of tracking
system, completely benign (I was adding this sort of thing to sites I ran 11
years ago, back when Netscape was but a startup and Mosaic was the dominant
browser). Spyware is by definition software that runs on your machine
collecting and sending information to a recipient; a cookie or img tag
doesn't fall into this category.

It's unfortunate that with the rapid increase in internet access, and
subsequent explosion of issues this has brought with it (mostly due to
people having little idea what they are doing and blindly opening every
piece of email they are sent - I am no longer amazed that the a few people
where I work keep bringing their home PCs in for a good clean out as they
continually manage to ignore the daily warnings from anti-virus and other
security software on their systems that updates are required to keep them
"safe"), that paranoia has taken hold to the point that every little glitch
or unexpected occurrence is immediately considered to be
spyware/malware/virus related. I'm not saying people shouldn't be wary, just
that they shouldn't jump to conclusions so fast.

Dan
June 11, 2005 3:45:31 AM

Archived from groups: alt.games.battlefield1942 (More info?)

I hate to bring it up, but is it paranoia if the threat is real? I see
people every day that have had their browser hijacked, or their system
slowed down by spyware, or even systems made unusable. I am not an
experienced programmer so when I see a website that can see my internal IP
address through a router and a firewall, how do I know what else they can
do.

Maybe we need to shift some of the blame to where it belongs-the malware
programmers-and ease up on the poor inexperienced folks who are the victims
of their endeavors.

And Lastly, if you are collecting my information or habits or whatever, I
would expect a check! ;) 

Clark

"Spack" <news@worldofspack.co.uk> wrote in message
news:3guijvFe5g4hU1@individual.net...
>
> "Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
> news:42a9eaee$1_3@newspeer2.tds.net...
>> Why is it nowadays everyone immediately
>>> assumes spyware when they see something like this?
>>
>>
>> Cuz lots of time it IS spyware.
>
> No, spyware looks very different to this. Img tags in a page linking off
> site to small transparent images are almost always some form of tracking
> system, completely benign (I was adding this sort of thing to sites I ran
> 11 years ago, back when Netscape was but a startup and Mosaic was the
> dominant browser). Spyware is by definition software that runs on your
> machine collecting and sending information to a recipient; a cookie or img
> tag doesn't fall into this category.
>
> It's unfortunate that with the rapid increase in internet access, and
> subsequent explosion of issues this has brought with it (mostly due to
> people having little idea what they are doing and blindly opening every
> piece of email they are sent - I am no longer amazed that the a few people
> where I work keep bringing their home PCs in for a good clean out as they
> continually manage to ignore the daily warnings from anti-virus and other
> security software on their systems that updates are required to keep them
> "safe"), that paranoia has taken hold to the point that every little
> glitch or unexpected occurrence is immediately considered to be
> spyware/malware/virus related. I'm not saying people shouldn't be wary,
> just that they shouldn't jump to conclusions so fast.
>
> Dan
>
Anonymous
June 11, 2005 2:19:40 PM

Archived from groups: alt.games.battlefield1942 (More info?)

"Clark" <who@whoknows.com> wrote in message
news:vCpqe.3274$%j7.1711@newssvr11.news.prodigy.com...
>I hate to bring it up, but is it paranoia if the threat is real? I see
>people every day that have had their browser hijacked, or their system
>slowed down by spyware, or even systems made unusable. I am not an
>experienced programmer so when I see a website that can see my internal IP
>address through a router and a firewall, how do I know what else they can
>do.

There's a difference between paranoia and being careful.

You got an example of a website showing your internal IP? AFAIK the only way
it could happen is if (a) the IP is being displayed in code/object in the
page (and most browsers prevent this by default nowadays), or (b) your
router/firewall is misconfigured. Either way, someone knowing your internal
IP inside the router/firewall is no use unless the "attacker" somehow gains
root level access to your router - and if they can do that, knowing your
internal IP is the least of your worries :p 

> Maybe we need to shift some of the blame to where it belongs-the malware
> programmers-and ease up on the poor inexperienced folks who are the
> victims of their endeavors.

I would lay the blame on everyone- after all, if the vulnerabilities didn't
exist in the first place there would be no malware, and for those pieces of
malware that require installation, blame the users who blindly click Yes to
every box that appears (back to my reply, one guy who's machine I regularly
clean up always runs anything that is sent to him by email, the last major
one being a fake animated greeting card). You're right that if malware
wasn't there in the first place that life would be easier, but it's human
nature to try and do things you're not supposed to do ... if it wasn't we'd
all still be wandering around in jungles scrabbling for bugs in the earth.

> And Lastly, if you are collecting my information or habits or whatever, I
> would expect a check! ;) 

Check the T&C of any site you go to - pretty much all have a disclaimer that
shows that by using the site you agree to any and all data collection as
required by the site. If you don't like it, you can choose not to use the
sites. You might as well turn off your internet access though, as by default
all websites collect at least minimal data. With the addition of some simple
code you can get a lot of information about each visitor to your site - even
something that's been around a long time like BrowserHawk can easily
determine the country you are in, what screen resolution you are using, and
a whole lot more - if you're interested to see what can be gleaned with
little effort take a look at http://www.browserhawk.com/showbrow.asp :) 

Dan

> Clark
>
> "Spack" <news@worldofspack.co.uk> wrote in message
> news:3guijvFe5g4hU1@individual.net...
>>
>> "Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
>> news:42a9eaee$1_3@newspeer2.tds.net...
>>> Why is it nowadays everyone immediately
>>>> assumes spyware when they see something like this?
>>>
>>>
>>> Cuz lots of time it IS spyware.
>>
>> No, spyware looks very different to this. Img tags in a page linking off
>> site to small transparent images are almost always some form of tracking
>> system, completely benign (I was adding this sort of thing to sites I ran
>> 11 years ago, back when Netscape was but a startup and Mosaic was the
>> dominant browser). Spyware is by definition software that runs on your
>> machine collecting and sending information to a recipient; a cookie or
>> img tag doesn't fall into this category.
>>
>> It's unfortunate that with the rapid increase in internet access, and
>> subsequent explosion of issues this has brought with it (mostly due to
>> people having little idea what they are doing and blindly opening every
>> piece of email they are sent - I am no longer amazed that the a few
>> people where I work keep bringing their home PCs in for a good clean out
>> as they continually manage to ignore the daily warnings from anti-virus
>> and other security software on their systems that updates are required to
>> keep them "safe"), that paranoia has taken hold to the point that every
>> little glitch or unexpected occurrence is immediately considered to be
>> spyware/malware/virus related. I'm not saying people shouldn't be wary,
>> just that they shouldn't jump to conclusions so fast.
>>
>> Dan
>>
>
>
June 11, 2005 5:55:01 PM

Archived from groups: alt.games.battlefield1942 (More info?)

> You got an example of a website showing your internal IP?

http://www.testmyfirewall.com/

After I saw this I did some research and found out the address is not
routable and I should not be worried. I have to turn off Active Scripting
to keep it from happening and if I do that, other things don't work. Even
Outlook Express has some startup script. But knowing the address is not
routable does not relieve my worries about other things being done, and what
can be done seems to change on a daily basis.

Many of the EULAs have disclaimers in them and then proceed to install other
software that is not related to the basic installation. If you think this
is acceptable, I would suggest there should be a standard EULA to protect
the rights and properties of the authors and any nonstandard information be
in bold type at the beginning. At least in this manner, everyone that
agreed would be totally aware of what is being done. Do you remember the
situation with a well known firewall program where someone selling a
Firewall had decided to also install spyware in the same package?

My original question was whether there was spyware on my computer or not.
That is not being paranoid, just observant. In this situation, you said the
information gathering is benign. That may be true, but I have no way of
knowing. I will continue to be "paranoid" so I don't accidentally open the
wrong e-mail or happen to click the wrong button on some pop up window.

Clark


"Spack" <news@worldofspack.co.uk> wrote in message
news:3gvojgFeg7t6U1@individual.net...
> "Clark" <who@whoknows.com> wrote in message
> news:vCpqe.3274$%j7.1711@newssvr11.news.prodigy.com...
>>I hate to bring it up, but is it paranoia if the threat is real? I see
>>people every day that have had their browser hijacked, or their system
>>slowed down by spyware, or even systems made unusable. I am not an
>>experienced programmer so when I see a website that can see my internal IP
>>address through a router and a firewall, how do I know what else they can
>>do.
>
> There's a difference between paranoia and being careful.
>
> You got an example of a website showing your internal IP? AFAIK the only
> way it could happen is if (a) the IP is being displayed in code/object in
> the page (and most browsers prevent this by default nowadays), or (b) your
> router/firewall is misconfigured. Either way, someone knowing your
> internal IP inside the router/firewall is no use unless the "attacker"
> somehow gains root level access to your router - and if they can do that,
> knowing your internal IP is the least of your worries :p 
>
>> Maybe we need to shift some of the blame to where it belongs-the malware
>> programmers-and ease up on the poor inexperienced folks who are the
>> victims of their endeavors.
>
> I would lay the blame on everyone- after all, if the vulnerabilities
> didn't exist in the first place there would be no malware, and for those
> pieces of malware that require installation, blame the users who blindly
> click Yes to every box that appears (back to my reply, one guy who's
> machine I regularly clean up always runs anything that is sent to him by
> email, the last major one being a fake animated greeting card). You're
> right that if malware wasn't there in the first place that life would be
> easier, but it's human nature to try and do things you're not supposed to
> do ... if it wasn't we'd all still be wandering around in jungles
> scrabbling for bugs in the earth.
>
>> And Lastly, if you are collecting my information or habits or whatever, I
>> would expect a check! ;) 
>
> Check the T&C of any site you go to - pretty much all have a disclaimer
> that shows that by using the site you agree to any and all data collection
> as required by the site. If you don't like it, you can choose not to use
> the sites. You might as well turn off your internet access though, as by
> default all websites collect at least minimal data. With the addition of
> some simple code you can get a lot of information about each visitor to
> your site - even something that's been around a long time like BrowserHawk
> can easily determine the country you are in, what screen resolution you
> are using, and a whole lot more - if you're interested to see what can be
> gleaned with little effort take a look at
> http://www.browserhawk.com/showbrow.asp :) 
>
> Dan
>
>> Clark
>>
>> "Spack" <news@worldofspack.co.uk> wrote in message
>> news:3guijvFe5g4hU1@individual.net...
>>>
>>> "Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
>>> news:42a9eaee$1_3@newspeer2.tds.net...
>>>> Why is it nowadays everyone immediately
>>>>> assumes spyware when they see something like this?
>>>>
>>>>
>>>> Cuz lots of time it IS spyware.
>>>
>>> No, spyware looks very different to this. Img tags in a page linking off
>>> site to small transparent images are almost always some form of tracking
>>> system, completely benign (I was adding this sort of thing to sites I
>>> ran 11 years ago, back when Netscape was but a startup and Mosaic was
>>> the dominant browser). Spyware is by definition software that runs on
>>> your machine collecting and sending information to a recipient; a cookie
>>> or img tag doesn't fall into this category.
>>>
>>> It's unfortunate that with the rapid increase in internet access, and
>>> subsequent explosion of issues this has brought with it (mostly due to
>>> people having little idea what they are doing and blindly opening every
>>> piece of email they are sent - I am no longer amazed that the a few
>>> people where I work keep bringing their home PCs in for a good clean out
>>> as they continually manage to ignore the daily warnings from anti-virus
>>> and other security software on their systems that updates are required
>>> to keep them "safe"), that paranoia has taken hold to the point that
>>> every little glitch or unexpected occurrence is immediately considered
>>> to be spyware/malware/virus related. I'm not saying people shouldn't be
>>> wary, just that they shouldn't jump to conclusions so fast.
>>>
>>> Dan
>>>
>>
>>
>
>
Anonymous
June 11, 2005 7:49:57 PM

Archived from groups: alt.games.battlefield1942 (More info?)

"Clark" <who@whoknows.com> wrote in message
news:V2Cqe.2517$I14.1218@newssvr12.news.prodigy.com...
>> You got an example of a website showing your internal IP?
>
> http://www.testmyfirewall.com/
>
> After I saw this I did some research and found out the address is not
> routable and I should not be worried. I have to turn off Active Scripting
> to keep it from happening and if I do that, other things don't work. Even
> Outlook Express has some startup script. But knowing the address is not
> routable does not relieve my worries about other things being done, and
> what can be done seems to change on a daily basis.

That website is merely a way of getting paranoid users to pay for software
they don't need. It uses a simple piece of Javascript (albeit encoded) to
write whatever the local IP address of the machine is into the page. There
are many of these sites around whose sole purpose is to scare people into
thinking they are vulnerable when they are most likely not. It's a somewhat
effective form of extortion. I would encourage you not to bother using that
site again, and instead if you're worried to use a reputable site (the
problem being that the reputable ones are not widely known as their
reputation tends to remain within the closed circles of those who work with
security systems). I can highly recommend the audit system at Security Space
(http://www.securityspace.com/ ), you get one free standard audit which does
a pretty thorough job, and one of the companies I have worked for has
regular audits done to ensure their systems are as well protected as
possible (when you're running e-commerce systems 24/7 it pays to ensure your
systems are reliable and customer data is safe). The ShieldsUp scanner at
www.grc.com also used to be safe enough and would return pretty accurate
results, but take the rantings of the site owner with a pinch of salt.

> Many of the EULAs have disclaimers in them and then proceed to install
> other software that is not related to the basic installation. If you
> think this is acceptable, I would suggest there should be a standard EULA
> to protect the rights and properties of the authors and any nonstandard
> information be in bold type at the beginning. At least in this manner,
> everyone that agreed would be totally aware of what is being done. Do you
> remember the situation with a well known firewall program where someone
> selling a Firewall had decided to also install spyware in the same
> package?

I don't think this is acceptable, however it's often the case that it is in
the EULA (a few years ago there was a raucous when a number of applications
included spyware/adware without warning, the most notable being Gator and an
ad serving program whose name escapes me for the moment) but hidden away
where it's easy to miss. However, this sort of thing tends to be included in
software that I wouldn't trust to have on my system in the first place -
before installing any software you are unsure off (and that should be at
least 99% of it) it's easy enough to search around Google to see if anyone
else has reported unlisted or suspect software being included in the
installations. It's one of the reason ZoneLabs and Real software (just a
couple from a long list) will never go near any machine I am responsible
for.

> My original question was whether there was spyware on my computer or not.
> That is not being paranoid, just observant. In this situation, you said
> the information gathering is benign. That may be true, but I have no way
> of knowing. I will continue to be "paranoid" so I don't accidentally open
> the wrong e-mail or happen to click the wrong button on some pop up
> window.

I guess I was overly harsh in my first reply. I daily have to deal with
people claiming that there must be spyware or a virus on their PC due to
various reasons when it often turns out to be something completely unrelated
(eg. a slow PC doesn't necessarily mean that a worm is spreading emails;
often due to people installing XP on a PC with only 128MB of RAM and a sub
1Ghz CPU will easily do the same :p ) When I saw the word spyware in your
post I immediately assumed you were this sort of person, and for that I
apologise.

I'd suggest running at least 4 applications regularly - a reputable virus
scanner (I'm a big fan of McAfee VirusScan, it's been the AV choice where I
work for more than 6 years and we've never had an infection yet, although
like any AV package it will occassionally misdetect innocuous programs as
infected, but I'd rather it did this than allow real infected ones),
Ad-Aware (while occassionally missing things, it's pretty good at finding
and removing a large number of known malware applications, www.lavasoft.de),
SpyBot Search & Destroy (normally finds the things Ad-Aware misses,
http://www.safer-networking.org/en/index.html), and HijackThis (takes a
while to work out how to use it, but is good for checking registry entries
that are commonly affected, http://www.spywareinfo.com/~merijn/). This is
not a comprehensive list of applications that will guarantee to protect you
from everything - however, it's a good start when you're unsure if you may
be infected, and I tend to take them with me when I fix friends PCs. Also
you need to make sure you keep them all up to date, and keep your machine
patched. But the most important thing I tell people is to never trust
anything you download (or your machine tries to download when you visit a
site), or are sent by email - do a bit of research first.

Dan
June 11, 2005 8:01:01 PM

Archived from groups: alt.games.battlefield1942 (More info?)

"I would encourage you not to bother using that site again"

I think you miss the point. I did not go directly to the site, but was sent
there through another site. That is the kind thing that happens when you are
innocently surfing. If something malicious was going on, it would have been
too late. What their purpose is really doesn't matter, but the fact they
can do it, does. I knew about the encoded Javascript and I can stop it, but
if I do, I cannot even sign into my ISP's web page. You didn't mention, do
I have my router or firewall setup incorrectly which allowed them to see the
address?

There was an article today that mentioned there are almost 4500 versions of
spyware/adware out already. The prediction was that soon hackers would be
able to insert code into RSS feeds to infect your computer. They are also
using "rootkits" to hide from anti-virus programs. There was a comment
about arrests being made where spyware was being used for corporate
espionage. Do you think that company "agreed" to having the spyware
installed on their computer?

If all you are engaged in is collecting "benign" information, good for you.
But the rest of us need the help of expert programmers, such as yourself, to
help defend against those who seem to want to hurt us for either their own
personal pleasure or monetary gain.

Clark

"Spack" <news@worldofspack.co.uk> wrote in message
news:3h0c0jFen5ffU1@individual.net...
>
> "Clark" <who@whoknows.com> wrote in message
> news:V2Cqe.2517$I14.1218@newssvr12.news.prodigy.com...
>>> You got an example of a website showing your internal IP?
>>
>> http://www.testmyfirewall.com/
>>
>> After I saw this I did some research and found out the address is not
>> routable and I should not be worried. I have to turn off Active
>> Scripting to keep it from happening and if I do that, other things don't
>> work. Even Outlook Express has some startup script. But knowing the
>> address is not routable does not relieve my worries about other things
>> being done, and what can be done seems to change on a daily basis.
>
> That website is merely a way of getting paranoid users to pay for software
> they don't need. It uses a simple piece of Javascript (albeit encoded) to
> write whatever the local IP address of the machine is into the page. There
> are many of these sites around whose sole purpose is to scare people into
> thinking they are vulnerable when they are most likely not. It's a
> somewhat effective form of extortion. I would encourage you not to bother
> using that site again, and instead if you're worried to use a reputable
> site (the problem being that the reputable ones are not widely known as
> their reputation tends to remain within the closed circles of those who
> work with security systems). I can highly recommend the audit system at
> Security Space (http://www.securityspace.com/ ), you get one free standard
> audit which does a pretty thorough job, and one of the companies I have
> worked for has regular audits done to ensure their systems are as well
> protected as possible (when you're running e-commerce systems 24/7 it pays
> to ensure your systems are reliable and customer data is safe). The
> ShieldsUp scanner at www.grc.com also used to be safe enough and would
> return pretty accurate results, but take the rantings of the site owner
> with a pinch of salt.
>
>> Many of the EULAs have disclaimers in them and then proceed to install
>> other software that is not related to the basic installation. If you
>> think this is acceptable, I would suggest there should be a standard EULA
>> to protect the rights and properties of the authors and any nonstandard
>> information be in bold type at the beginning. At least in this manner,
>> everyone that agreed would be totally aware of what is being done. Do
>> you remember the situation with a well known firewall program where
>> someone selling a Firewall had decided to also install spyware in the
>> same package?
>
> I don't think this is acceptable, however it's often the case that it is
> in the EULA (a few years ago there was a raucous when a number of
> applications included spyware/adware without warning, the most notable
> being Gator and an ad serving program whose name escapes me for the
> moment) but hidden away where it's easy to miss. However, this sort of
> thing tends to be included in software that I wouldn't trust to have on my
> system in the first place - before installing any software you are unsure
> off (and that should be at least 99% of it) it's easy enough to search
> around Google to see if anyone else has reported unlisted or suspect
> software being included in the installations. It's one of the reason
> ZoneLabs and Real software (just a couple from a long list) will never go
> near any machine I am responsible for.
>
>> My original question was whether there was spyware on my computer or not.
>> That is not being paranoid, just observant. In this situation, you said
>> the information gathering is benign. That may be true, but I have no way
>> of knowing. I will continue to be "paranoid" so I don't accidentally
>> open the wrong e-mail or happen to click the wrong button on some pop up
>> window.
>
> I guess I was overly harsh in my first reply. I daily have to deal with
> people claiming that there must be spyware or a virus on their PC due to
> various reasons when it often turns out to be something completely
> unrelated (eg. a slow PC doesn't necessarily mean that a worm is spreading
> emails; often due to people installing XP on a PC with only 128MB of RAM
> and a sub 1Ghz CPU will easily do the same :p ) When I saw the word spyware
> in your post I immediately assumed you were this sort of person, and for
> that I apologise.
>
> I'd suggest running at least 4 applications regularly - a reputable virus
> scanner (I'm a big fan of McAfee VirusScan, it's been the AV choice where
> I work for more than 6 years and we've never had an infection yet,
> although like any AV package it will occassionally misdetect innocuous
> programs as infected, but I'd rather it did this than allow real infected
> ones), Ad-Aware (while occassionally missing things, it's pretty good at
> finding and removing a large number of known malware applications,
> www.lavasoft.de), SpyBot Search & Destroy (normally finds the things
> Ad-Aware misses, http://www.safer-networking.org/en/index.html), and
> HijackThis (takes a while to work out how to use it, but is good for
> checking registry entries that are commonly affected,
> http://www.spywareinfo.com/~merijn/). This is not a comprehensive list of
> applications that will guarantee to protect you from everything - however,
> it's a good start when you're unsure if you may be infected, and I tend to
> take them with me when I fix friends PCs. Also you need to make sure you
> keep them all up to date, and keep your machine patched. But the most
> important thing I tell people is to never trust anything you download (or
> your machine tries to download when you visit a site), or are sent by
> email - do a bit of research first.
>
> Dan
>
>
Anonymous
June 11, 2005 9:28:42 PM

Archived from groups: alt.games.battlefield1942 (More info?)

"Clark" <who@whoknows.com> wrote in message
news:1VDqe.3515$%j7.3000@newssvr11.news.prodigy.com...
> "I would encourage you not to bother using that site again"
>
> I think you miss the point. I did not go directly to the site, but was
> sent there through another site. That is the kind thing that happens when
> you are innocently surfing. If something malicious was going on, it would
> have been too late. What their purpose is really doesn't matter, but the
> fact they can do it, does. I knew about the encoded Javascript and I can
> stop it, but if I do, I cannot even sign into my ISP's web page. You
> didn't mention, do I have my router or firewall setup incorrectly which
> allowed them to see the address?

I said it's a bit of code that runs in the browser. That info is not from
their site, it's not available to see from outside your browser. It's a
tactic used to make you think you're vulnerable, just like the old activex
one that made it look like your entire hard drive was visible from the net,
when in fact it was visible only to you in the control in your browser.

> There was an article today that mentioned there are almost 4500 versions
> of spyware/adware out already. The prediction was that soon hackers would
> be able to insert code into RSS feeds to infect your computer. They are
> also using "rootkits" to hide from anti-virus programs. There was a
> comment about arrests being made where spyware was being used for
> corporate espionage. Do you think that company "agreed" to having the
> spyware installed on their computer?

No, but then again do you think companies agree to letting unhappy employees
or staff (eg. cleaners) install software to sell info to their competitors?
That's where most of this comes from - it's not some hidden installation of
software that you never see, it's a deliberate circumvention of company
security procedures. Do you think the company I used to work for agreed to
allow a cleaner to steal one of it's laptops containing valuable customer
data?

> If all you are engaged in is collecting "benign" information, good for
> you. But the rest of us need the help of expert programmers, such as
> yourself, to help defend against those who seem to want to hurt us for
> either their own personal pleasure or monetary gain.

And hence the list of useful applications I provided. Those were written by
expert programmers to do exactly what you're asking for :) 

Dan

> Clark
>
> "Spack" <news@worldofspack.co.uk> wrote in message
> news:3h0c0jFen5ffU1@individual.net...
>>
>> "Clark" <who@whoknows.com> wrote in message
>> news:V2Cqe.2517$I14.1218@newssvr12.news.prodigy.com...
>>>> You got an example of a website showing your internal IP?
>>>
>>> http://www.testmyfirewall.com/
>>>
>>> After I saw this I did some research and found out the address is not
>>> routable and I should not be worried. I have to turn off Active
>>> Scripting to keep it from happening and if I do that, other things don't
>>> work. Even Outlook Express has some startup script. But knowing the
>>> address is not routable does not relieve my worries about other things
>>> being done, and what can be done seems to change on a daily basis.
>>
>> That website is merely a way of getting paranoid users to pay for
>> software they don't need. It uses a simple piece of Javascript (albeit
>> encoded) to write whatever the local IP address of the machine is into
>> the page. There are many of these sites around whose sole purpose is to
>> scare people into thinking they are vulnerable when they are most likely
>> not. It's a somewhat effective form of extortion. I would encourage you
>> not to bother using that site again, and instead if you're worried to use
>> a reputable site (the problem being that the reputable ones are not
>> widely known as their reputation tends to remain within the closed
>> circles of those who work with security systems). I can highly recommend
>> the audit system at Security Space (http://www.securityspace.com/ ), you
>> get one free standard audit which does a pretty thorough job, and one of
>> the companies I have worked for has regular audits done to ensure their
>> systems are as well protected as possible (when you're running e-commerce
>> systems 24/7 it pays to ensure your systems are reliable and customer
>> data is safe). The ShieldsUp scanner at www.grc.com also used to be safe
>> enough and would return pretty accurate results, but take the rantings of
>> the site owner with a pinch of salt.
>>
>>> Many of the EULAs have disclaimers in them and then proceed to install
>>> other software that is not related to the basic installation. If you
>>> think this is acceptable, I would suggest there should be a standard
>>> EULA to protect the rights and properties of the authors and any
>>> nonstandard information be in bold type at the beginning. At least in
>>> this manner, everyone that agreed would be totally aware of what is
>>> being done. Do you remember the situation with a well known firewall
>>> program where someone selling a Firewall had decided to also install
>>> spyware in the same package?
>>
>> I don't think this is acceptable, however it's often the case that it is
>> in the EULA (a few years ago there was a raucous when a number of
>> applications included spyware/adware without warning, the most notable
>> being Gator and an ad serving program whose name escapes me for the
>> moment) but hidden away where it's easy to miss. However, this sort of
>> thing tends to be included in software that I wouldn't trust to have on
>> my system in the first place - before installing any software you are
>> unsure off (and that should be at least 99% of it) it's easy enough to
>> search around Google to see if anyone else has reported unlisted or
>> suspect software being included in the installations. It's one of the
>> reason ZoneLabs and Real software (just a couple from a long list) will
>> never go near any machine I am responsible for.
>>
>>> My original question was whether there was spyware on my computer or
>>> not. That is not being paranoid, just observant. In this situation, you
>>> said the information gathering is benign. That may be true, but I have
>>> no way of knowing. I will continue to be "paranoid" so I don't
>>> accidentally open the wrong e-mail or happen to click the wrong button
>>> on some pop up window.
>>
>> I guess I was overly harsh in my first reply. I daily have to deal with
>> people claiming that there must be spyware or a virus on their PC due to
>> various reasons when it often turns out to be something completely
>> unrelated (eg. a slow PC doesn't necessarily mean that a worm is
>> spreading emails; often due to people installing XP on a PC with only
>> 128MB of RAM and a sub 1Ghz CPU will easily do the same :p ) When I saw
>> the word spyware in your post I immediately assumed you were this sort of
>> person, and for that I apologise.
>>
>> I'd suggest running at least 4 applications regularly - a reputable virus
>> scanner (I'm a big fan of McAfee VirusScan, it's been the AV choice where
>> I work for more than 6 years and we've never had an infection yet,
>> although like any AV package it will occassionally misdetect innocuous
>> programs as infected, but I'd rather it did this than allow real infected
>> ones), Ad-Aware (while occassionally missing things, it's pretty good at
>> finding and removing a large number of known malware applications,
>> www.lavasoft.de), SpyBot Search & Destroy (normally finds the things
>> Ad-Aware misses, http://www.safer-networking.org/en/index.html), and
>> HijackThis (takes a while to work out how to use it, but is good for
>> checking registry entries that are commonly affected,
>> http://www.spywareinfo.com/~merijn/). This is not a comprehensive list of
>> applications that will guarantee to protect you from everything -
>> however, it's a good start when you're unsure if you may be infected, and
>> I tend to take them with me when I fix friends PCs. Also you need to make
>> sure you keep them all up to date, and keep your machine patched. But the
>> most important thing I tell people is to never trust anything you
>> download (or your machine tries to download when you visit a site), or
>> are sent by email - do a bit of research first.
>>
>> Dan
>>
>>
>
>
Anonymous
June 12, 2005 8:12:46 AM

Archived from groups: alt.games.battlefield1942 (More info?)

>OK, Thanks
>
>Clark
>
>"Spack" <news@worldofspack.co.uk> wrote in message
>news:3gu6crFe81ejU1@individual.net...
>>
>> "Clark" <who@whoknows.com> wrote in message
>> news:o Xjqe.2387$751.1320@newssvr30.news.prodigy.com...
>>> The link to EAGames in the drop down on the right side says "Redirect",
>>> and on the left it says http://www.eagames.com. If I go to the site and
>>> watch the bottom of the browser I see the WebTrendsLive address being
>>> shown, which is how I know that what it was. The page takes a very time
>>> to load like it was going through another site all the while the address
>>> was flashing with something about download from WebTrendsLive.
>>> I visited the eagames site on another computer and afterward the same
>>> indications were in the URL address history, so it appears to happen
>>> every time.
>>>
>>> Is this software a type of spyware resident on my computer or is it
>>> something that locks onto the address and redirects every time it is
>>> requested? The reason I call it an association, it because the eagames
>>> site is the only one I see it with.
>>
>> It's purely for web stats tracking - nothing to do with spyware. There's a
>> transparent image loaded from the WebTrendsLive stats server with the EA
>> id on it - all it does it update their real-time tracking database (page
>> impressions, visitor demographics, etc). There are also DoubleClick
>> tracking items too. It's all harmless stuff. Why is it nowadays everyone
>> immediately assumes spyware when they see something like this?
>>
>> Dan
>>
>
Damn my daughter gets all kinds of spyware from spongbob site


Arguing on usenet is like competing in the special
olympics, even if you win you're still retarded.
Anonymous
June 16, 2005 10:11:32 PM

Archived from groups: alt.games.battlefield1942 (More info?)

"Clark" <who@whoknows.com> wrote in message
news:8l6se.2231$ks4.376@newssvr12.news.prodigy.com...
> I appreciate you letting me know about the "trick part", I did not
> understand that.
>
> But!!!
> This was an article I saw today. Notice the part about directing traffic.
> Sorry I did not want to post the entire article, but you get
> the drift. If you want to read it, try http://www.techweb.com
> "At the same time, con artists, called "phishers," who have used bogus
> emails to lure recipients to a fake online banking or
> merchant site to steal passwords and personal information are increasingly
> switching to pharming, which subverts some part of the
> Internet infrastructure.
>
> With pharming, malicious code is often placed on vulnerable domain name
> systems, which then direct traffic to fraudulent websites.
> A DNS takes the domain name typed into a browser and uses it to locate the
> site on the Internet.
>
> On March 16, for example, Verisign detected an apparent pharming attack
> that registered a 300 percent increase in probes of
> DNS computer servers. The apparent attack coincided with users of certain
> websites being redirected to a site that distributed
> spyware and adware."
>
> Would the EAGames site be considered "vulnerable"? I have no way of
> knowing for sure, but as I said earlier, I will remain
> vigilant--not paranoid!

Reading the above it appears to a more sophisticated way of adjusting DNS
records than the old "cache poisoning" trick (which was patched long ago in
most DNS software, but old systems may still be vulnerable).

"Pharming" isn't down to whether the web site is vulnerable - it's the DNS
software that's the potentially vulnerable part. Eg. When you type in
www.eagames.com your PC uses DNS to find out the IP address associated with
that name so it knows where to address the data packets. This relies on the
DNS your PC talks to returning the correct data - if it instead returned an
IP address that wasn't the one for www.eagames.com you would only realise if
the server it resolved to had a web site that looked like the EA Games site.
If it looked like anything else you'd be suspicious.

"Pharming" is a technique for attacking a vulnerable DNS to change the IP
addresses it returns - however, one thing that article neglects to mention
is that it may take several weeks for the attack to actually affect some
users, due to the distributed nature of DNS. If you request www.eagames.com
then you send a request to your ISPs DNS (most of the time this is true,
unless you manually override the DNS server addresses). Your ISPs DNS server
will then cache that address for a time determined by the authoritative
server (this would be the original server that relates the host name to the
IP address, which can be found by doing a whois lookup on the domain name).
If you request www.eagames.com again before your ISPs DNS releases it from
cache, then it doesn't ask the original server again, it just sends you the
IP from it's cache. "Pharming" requires the attacker to find a way to change
the DNS records in one of 3 places

(1) Caching DNS - only affects the users using that DNS server, and so not
particularly effective. For widespread changing requires attacking a lot of
DNS servers at ISPs all over the World.

(2) DNS server that holds the original hostname to IP mapping - this will
eventually affect everyone, but many users might not notice for a while. The
owners of the domain name tend to spot this before anyone else and so can
reverse the changes quickly. This is most likely what happened in the
article text you quoted - anyone who was attempting to visit the hosts
affected and their ISP did not have the address in cache would have been
redirected to the bogus site.

(3) The root servers for the top level domains - as effective as (2) because
the requests can be directed to another DNS server (eg. when you ask for
www.eagames.com and your ISPs DNS doesn't have it cached, it will first ask
the root servers for the authoritative DNS server IP for .com, then ask that
one for the DNS server IP for eagames.com), but unlikely to succeed as these
are very well looked after. Trying this is going to be noticed very quickly
and records restored from backups.

"Pharming" attacks are really going to work if there's some gain as the
result, and so will likely target DNS records for banks and credit card
companies, as a replacement to the email spoofing ("phishing"), and instead
of spoofing domain changes with the major registrars (which has in the past
resulted in redirection of domains such as Amazon.com, Google.com and
eBay.de).

DNS cache poisoning was a much simpler way to do this, but once it became
widely publicised it was easy to prevent. Basically, a DNS server would
return data for a domain that it was not authoritative for, and the
requesting server would overwrite it's cached data. This affected a wide
range of systems back in the old days - I still remember having to clear
caches on a couple of servers I manage and applying the patches that were
hastily released. Most of the time it resulted in just not being able to get
to a few sites (the most notable being when amazon.com became inaccessible
to many people) rather than trying to actually fool people into thinking
they were visiting the original site to hand over details.

Whether EAGames' DNS are vulnerable, I don't know. With attacks like this
being publicised most major registrars and ISPs should be patching systems
pretty quickly. As I mentioned earlier, online banking is most at risk from
something like this where it might be hard to spot that it's been done. If
EAGames were to be attacked then I'd expect to see some dodgy spyware site
pop up rather than a duplicate of the EAGames site with some malicious
installer, but given EAGames' huge profile you can never rule anything out.

"Be pure, be vigilant .... behave!". I guess that's an apt quote for the
modern times :p 

Dan
!