Security researcher Roger Thompson got a surprise the other night when he borrowed a computer to view a friend's Facebook blog--Internet Explorer wanted to download some malicious Microsoft Data Access Components (MDAC) objects. That didn't seem right, so he tried another computer, and said "I got extra copies of the browser starting, and ads being served."
Thompson is no stranger to such tricks. He heads Exploit Prevention Labs, a company that specializes in finding and mitigating browser exploits found on Web pages. This attack really surprised him. It uses an exploit of MS06-014, which means if your computer has been updated with the latest patches from Microsoft issued since September 2006, you won't experience a thing. But if you haven't updated your Windows computer in more than one year, you'll be subjected to a barrage of unwanted adware.
On an infected machine, a Google homepage now shows adware.
(Credit: Roger Thompson/Explabs)If you're one of the hundreds of consumers who reportedly complained to the feds about a less-than-pleasant experience with the media search sites MovieLand.com, Moviepass.tv or Popcorn.net, this piece of news may provide a little vindication.
The Web operations, which allegedly bombarded unsuspecting users of its software with a sequence of large, music-accompanied pop-ups that demanded payment of up to $99, have reached a settlement with the Federal Trade Commission, the agency said in a news release Thursday.
Screenshot of Popcorn.net
Last August, the FTC filed a court complaint against the operators of those sites, accusing them of violating federal laws that prohibit unfair and deceptive practices. Each offers a piece of Windows-only software designed to act as a "download manager" for movies, music, sports and other entertainment.
The allegedly illicit scheme worked something like this, according to the FTC: Consumers had the option of signing up for a three-day trial of the service, after which pop-up windows began appearing and demanding payment of a license fee ranging from $19.95 to $99. The FTC complaint (PDF) claimed the pop-ups "significantly disrupt consumers' use of their computers," and "redisplay again and again with ever-increasing frequency."
As part of the settlement, signed September 5 by a federal judge, the Web operations agreed to provide consumers with a way to uninstall their software, to refrain from downloading software onto a user's computer without his or her consent, and to pay a little more than $500,000 for "consumer redress."
Yes, that means some consumers will be eligible for some sort of payout, said FTC spokeswoman Claudia Bourne Farrell. But there's no need for people who think they might be eligible to contact the FTC because "as part of the settlement, the defendants will provide us with a database of consumers who are eligible and a redress administrator will contact them," she added in an e-mail interview. It wasn't immediately clear, however, what the eligibility requirements are in the first place.
If a court finds that the operation "misrepresented financial information" to the FTC, then it may also have to cough up a $1.8 million judgment.
- prev
- 1
- next
