The art of stealth, using a 16-wheel juggernaut

The "Rootkit in IM rampage" story has now travelled from Eweek to Slashdot and the angles are shifting with the passing of the story, torch like, to its next port of call.

I saw an interesting comment that, assuming the people behind this bundle were pushing a form of rootkit (which they are), why would they want to make it obvious by splattering an Adware bundle all over the place? The question is, in fact rather easy to answer - when awareness of this thing first came about a week or so ago, I noted then that people were simply commentating on the advertising software payload - can you see where I'm going here? That's right - end user wastes all their time removing the wealth of popups and "browser enhancements", while all the time a big, fat juicy backdoor has opened up on their system and the box has had the root-down treatment.

And would they be likely to notice, or even think that anything else was involved other than the advertising software? Of course not. It's a deception, a slight of hand.

The art of stealth, using a 16-wheel juggernaut.

And what of the wheels that make the vehicle blast down the freeway offering low, low flights and 10% off viagra?

Well, it should be interesting to find out. As Wayne Porter has already blogged it, I won't repeat what he has already said, but suffice to say the following are included in this lovely bundle:

- 180 Solutions
- Zango
- Search Miracle
- The Freepod Toolbar
- MaxSearch
- Media Gateway

How much longer will this continue? Let's face it, the things that people are packing these bundles with are just getting worse and worse by the minute. And people like me have banged on about it until we are blue in the face. Take our advice, or leave it - but quite frankly, the damage is probably already done. I'm sure you don't want people associating you with rootkits but that is what will happen.

As an example, 180 Search Assistant has been used for pretty screwball installations in the past, at the hands of rogue affiliates and all those other clowns. Yet Zango never previously suffered from this, because the only people allowed to distribute it were 180 themselves.

Well now look what's happened - it's not been more than five minutes since you unchained it and allowed "certain third parties" to distribute it and...what happens?

Surprise, surprise, Zango gets bundled with a rootkit quicker than you can blink. I just can't understand the thought process that leads to letting people who you don't really know take the trust of your brand in their hands, and hope they won't smear it all over the sidewalk.

But as we have already seen - if you give people an inch, they will take a mile. Perhaps this is something you would consider covering on your new weblog? I'm interested to hear your thoughts on how you go about protecting a brand when we know full well there are people out there who will trawl it through the mud. How do you police the unpolicable?

And the juggernaut rumbles on...