Rootkit-spyware pusher ContextPlus shuts down
ContextPlus, known for the Apropos rootkit which plagued thousands of internet users, has shut down operations according to a notice on their homepage.
Due to concerns over the practices of some of its distribution partners, ContextPlus has determined that it is no longer able to ensure the highest standards of quality and customer care and therefore is discontinuing further distribution of its software.
The page also gives an email address where users can request an uninstaller for the software.
Not surprisingly, the company is blaming its affiliates -- sounds familiar, yes? According to this article, several high-level investigations are underway. ContextPlus also is responsible for PeopleOnPage. F-Secure has a good description of the software.
Apropos uses highly sophisticated stealth techniques to avoid detection. The spyware collects a user’s browsing habits and system information and sends it back to the ContextPlus servers. Targeted pop-up advertisements are displayed while browsing the web.
F-Secure also describes the rootkit technology used by ContextPlus.
Apropos contains a kernel-mode rootkit that allows it to hide files, directories, registry keys and processes. The rootkit is implemented by a kernel-mode driver which starts automatically early in the boot process. When the files and registry keys have been hidden, no user-mode process is allowed to access them.
The folks behind ContextPlus, Apropos and PeopleOnPage evidently did not want to be known and there's little information about them to be found on the internet. The ContextPlus.com domain registration info shows a name and address in Poland. Interestingly enough, the domain history on 2-28-2005 shows the name Apropos with an address and phone number in Kirkland, Washington. PeopleOnPage.com shows an address in Poland with the name Kent Ertugrul . A Google search for Kent Ertugrul brings up a hit showing him as director and CEO of 121 Media, which is a contextual advertising company according to the website. I don't know if there's any connection between ContextPlus/PeopleOnPage and 121 Media, but it might be worth further investigation.
At any rate, one can speculate that the recent actions by the Federal Trade Commission and CDT (Center for Democracy & Technology) against spyware and adware pushers might have motivated the ContextPlus folks to shut down their operations. The web will be a better place without the ContextPlus adware, spyware and rootkit software being foisted on users.