Viral marketing has virus-like effects
Summary: Viewing a promotional video on the Web can lead to symptoms of a virus attack that are actually part of a marketing campaign
Internet security companies are warning about devious marketing tactics that have virus-like effects, but aren't actually viruses.
Antivirus company Sophos has warned that its Australian technical support have been receiving reports from people who receive an email inviting them to visit a Web site -- run by Avenue Media NV, based on Curacao in the Caribbean -- containing free comic video clips, including on of Bill Gates copping a pie in the face.
Users who visit the site and view a video clip begin sending the email invitation to their friends. The site achieves this because the video clip is not downloaded directly, but instead an ActiveX control is launched which not only displays the video, but also downloads and additional software component named "Internet Optimizer" onto the computer, which sends the emails.
The operation is legal because Internet Optimizer presents an End User License Agreement (EULA), which includes provisions that allow Avenue Media to send emails and instant messages to the users contacts, automatically update or add software to the computer and even update the EULA itself by publishing a new version at a specified URL.
"What tricks a lot of people is that the ActiveX control which kicks the process off is digitally signed," said Paul Ducklin, Sophos's head of technology, Asia Pacific. "Many users assume that a program which has been signed in this way is automatically both trustworthy and desirable. Ironically, even though Internet Explorer presents a 'security warning', many people treat this as some kind of a 'security approval' and are more inclined to go ahead."
Apart from reading the fine print of any contract or agreement that you sign, Sophos advises users to avoid this and similar attacks by:
- Updating your antivirus software to one which detects and deletes components of the tool, including the ActiveX control (detected as App/CrmRest-A) and the "Internet Optimizer" application (App/Optimiz-A).
- Tighten the security of their browser by setting "Download signed ActiveX controls" to "Disable" instead of the more common "Prompt", and ensuring that "Download unsigned ActiveX controls" is also set at "Disable".
- Blocking access to the domains "movies-etc.com" and "internet-optimizer.com" if you're running a Web proxy.
Let the editors know what you think in the Mailroom.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
i can not find any fixes posted for this any where, or any web pages where it is even addressed... I have been trying for days to remove it after a friend of mine accidentally opened it. and avenue media does not respond to their email regarding removal.