Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Friday, June 03, 2005

Direct Revenue: BUSTED!

Let it never be said that I don't carry out a threat. After that little escapade, I wonder if Direct Revenue really expected anything less. Allow me to recap: Aurora. Nobody likes it. Everybody has it. No-one can find an install site.

Sunbelt Software threatened. Claims of Ceres / Aurora's legitimacy from Direct Revenue.

Paperghost: R0xoring the b0xor.

I've had a particular site on the radar for some time now (initally playing with it a good while back), but the damn thing went down before I could save any evidence. I know a number of other people have had this one in their sights too. However, in an act of total stupidity, the people behind this site brought it back online, and it's a decision they'll likely regret for some time.

The time for babble is done - let's cut right to the chase. The following pictures will say it far, far better than I ever could.

Let me recap this. Pore over every single word of it:

"Aurora is the brand name of one Ad Client which, as stated above, is only installed upon affirmative acceptance of the EULA".

Now, they must do EULA stuff like that before EVERY install. Even something as nasty as, say, Ceres? (which is basically Aurora by another name). There could never be any confusion as to exactly which EULA they mean in any given installation, could there?

Wrong. Prepare to watch the plot thicken.

This is a shot from the site in question:



Note the part that rather humorously says "100% spyware free". Prepare to be amazed.

Well, I want a speeded up version of XP, so let's try this thing...



Again, note the part I've handily highlighted in a big, red box. No virus! No spyware! No trojan! Woo-hoo! Free software and it won't break stuff!

However, things may look good to start off with...



But I assure you, it's all about to go nipples-skyward:







Web Rebates??!? Stuff running from the temp directory?!? Dodgy looking .EXE in the System32 folder?!? AAAARGH!!!!

Just when you think it can't get any worse, you fire up Internet Explorer to see if any of the above might be related to Spyware, when....wait? What are those new additions? Where's my homepage gone? You lied to me, FasterXP guys!!



Fasterhomepage.com? Well, it's only faster because you replaced my homepage with a single Smiley Central ad. Hmm...could do with some new smileys...maybe I'll check that site out someday....but wait! What's this!!



Well, things couldn't get any worse, so I might as well install it and see if it helps to fix this mess. There's no EULAs, so I should be okay, because when you see a EULA, it usually means a crapload of Adware...

/ If anyone has a tape of Thus Spake Zarathrusta, you'd best start playing it right...about......



...now! AAAARGH!!!

It's J-Lo, but she's wearing clothes! Worse yet, she's appeared before me in a Ceres pop-up!!

And at no point were there any EULAS, signposts or anything else. Just a crafty trail of rather useless installs that lead you, inevitably, to a Direct Revenue bumper-edition! The Ceres (or if you're really lucky, Aurora) install is even delayed, presumably to make it look like its coming from the second website. That being the case, shouldn't the second site really have some sort of EULA too?

It's worth noting the only EULA you see throughout this whole ordeal is the one back at the gates of Fasterxp.com. Contained within this ramble (which mentions MySearch bar, but not much else) is a buried link to Abetterinternet.com EULA, which also DOES NOT MENTION any install of Ceres. It's just more vaguely worded nonsense, and it's a wonderful world we live in where someone can a load a PC up with this garbage, and expect to get away with it because the end-user should have known to read two seperate sets of EULAS, for a bunch of downloads that are made to look like they're all part of a different deal in the first place!

What a crock! What about all those claims of "no spyware / Trojans / Viruses"? Can these guys point to any legitimate program that runs from a temp directory?

I didn't think so.

I've since been informed by Dave Methvin (of PCPitstop.com) that Direct Revenue say they see no problem with the above install, because of the link to the Abetterinternet site. Funny, seeing how that link goes to a general, no names mentioned, multipurpose EULA. As I've shown above, Ceres and Aurora have their own EULAs, so why aren't they used? Especially as Dave has revealed that the above site rotates installs of both advert packages.

How can anyone see this as anything other than a total farce of an install? I could quite happily rant about this all day, but I'll wrap this up nice and simple:

Direct Revenue, you're getting closer to the mother of all pay-offs.

See how easy I did that? And not a EULA in sight.

Labels:

posted by paperghost at 6:05 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.