Solved

Spyware bundled with IE???

Posted on 2004-09-03
9
7,160 Views
Last Modified: 2011-09-20
Hi guys,

This is a creepy story so make sure you read it with your lights on. Since I noticed the problem I've replicated it with the same result. Here it goes:

I'm helping a friend of mine build his first machine from scratch. Brand new case, mobo, CPU, hd, and a his own clean legal Windows XP CD. Recycled CD-RW and RAM.

After the first boot he's beaming at seeing his machine actually work. XP is installed with default settings. Then we install Norton Internet Security and Norton Systemworks. GoBack comes next. Then we install Spybot S&D and AdAware. Nothing else is installed in the machine and the box has not been connected to the Net. We run Spybot and it finds a DSO Exploit and the Alexa browser object. AdAware finds two more Alexa-related files and removes them.

Where did these come from? The box hasn't been connected to the Net once since it was built and no other software was installed besides the mentioned above.

Here's another example. While resetting one of my machines, I reinstalled W2K and after installing a couple drivers I proceed to install NAV, Internet Security, and GoBack. Again, I install Spybot S&D and AdAware. Again, Spybot detects the DSO Exploit and Alexa. Again AdAware detects two more Alexa files. All in removed. I run Windows Update and install SP4. After rebooting Spybot and AdAware report nothing. I run Windows Update again and install the Update for IE 6. Machine is rebooted after that. This time Spybot and AdAware find the same DSO and Alexa files... again! And this time the DSO is proving a bit harder to remove. I'll figure that out, tho. What is really bothering me is the possibility that Microsoft is bundling this Alexa crapware INSIDE distributions of IE? and why? The only thing that was installed in between a clean machine and an Alexa report was the IE update.

If any of you guys have an extra box that you can use for a test, give it a try. Since this is not really a Question I'm offering the points as an incentive to test this stuff and try to figure out what's going on with IE and Alexa.

Good Vibes!

Lobo
0
Comment
Question by:Lobo042399
  • 4
  • 3
  • 2
9 Comments
 
LVL 10

Accepted Solution

by:
dis1931 earned 250 total points
ID: 11978321
Well Alexa is:

http://pages.alexa.com/prod_serv/quicktour_new.html

Basically a toolbar.  However, it is not bundled with IE.  If you have ever noticed the Show Related Links under the tools menu then you have seen Alexa.  IE uses Alexa servers when you use the feature "Show Related Links".  If you don't use it then it is not an issue.  It is not spyware but considered a data miner as it uses the info you typed into a search engine or on the page that is displaying and uses that information to track "related" webpages for you.  It is not anything bad but feel free to remove it.  It is basically like when ad-aware detects objects such as your recent documents, etc...as tracking...yes they are tracking but not necessarily being distributed or used in any bad way.

Dis
0
 
LVL 10

Expert Comment

by:dis1931
ID: 11978322
And yes, it will show up on any PC that has IE at least any version that incorporates the Related Links feature.
0
 
LVL 10

Expert Comment

by:dis1931
ID: 11978528
Here's a great article i found:

http://www.imilly.com/alexa.htm

especially the part about redirecting the Related Links to use google!
0
 
LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 250 total points
ID: 12026355
Does this question in our PAQ help?
http://www.experts-exchange.com/Security/Win_Security/Q_21054787.html

I had to export specific Registry keys (backed up); and then modified them to get rid of the DSO exploits in the XP environment and IE.  Anytime I find problems that need cleaning, of course, turn off system restore in the process, then when cleaned reinstate (xp pro)
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 17

Author Comment

by:Lobo042399
ID: 12027309
Hi dis & asta,

Thanks for the heads up on Alexa. It sux that MS is including it anyway. I do not use IE but still, I'd rather have my machine clean of any of that... ummm...  stuffware.

The DSO Exploit reported by Spybot is a bug. I did a bit of research on it and found that the guys at Spybot are aware of it and will fix it in the next update so I can breathe easy on that one. Here's a post by Team Spybot at their official forum regarding the issue:

http://forums.net-integration.net/index.php?showtopic=17159

Good Vibes!

Lobo
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12028023
Thanks, Lobo, I could not agree with you more, though we choose to use IE due to the number of end-users and the OS that aligns with it.  Doesn't mean we're not 'exploring' alternatives.  It sure keeps us all challenged; but so often because of history and other issues, the IE element fixes things that developers err on that other Browser's don't (good news and bad news, of course).  But can't help thinking that if we were more aggresively working with MS, we could use the various feedback options to help them help us better than we do in terms of escaping to other solutions because of the "big guy" and all those other syndromes, IMHO.  But that said, also researched the issue of DSO exploits extensively when I saw all the hits on our systems, and managed without problems to get rid of all such occurrences, using IE.

If you like, I'll be happy to post the step-by-step, if still an issue when I get to those systems sometime this weekend.  They've never reoccurred.

":0) Asta
0
 
LVL 17

Author Comment

by:Lobo042399
ID: 12028745
Hi asta,

I've seen a couple of Registry fixes for the DSO (bug) thing. Mine is under control and I'm gonna wait for the Spybot fix.

I've been a Netscape user since waaay back and the only times I use IE is when some clueless designer has used so many FrontPage extensions in a site that it won't render on anything else. A lot of people I know is using encarnations of Mozilla (FireFox seems to be very solid) and I've seen small companies using Netscape and Netscape Mail to avoid the bugs that plague IE and Outlook. There are alternatives out there.

Oh, the fixes for DSO, better let me create a new Question with DSO in it. That way the PAQ becomes usable to others.

Good Vibes!!

Lobo
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12029147
Sounds totally excellent!  Firefox has top-notch reviews so far.
":0) Me
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12031808
Wow, thanks, Lobo.  I feel special .... and seriously, I learned in this process and sure appreciate your thoughtfulness.
Best wishes and smiles,
":0) Asta

P.S.  This was the manual process for DSO Exploits that helped me a bit more than my other 'finds':
http://www.dslreports.com/forum/remark,10295736~mode=flat?hilite=DSO+Exploit
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now