recent posts

Web Fraud 2.0: Distributing Your Malware
Opera Update Plugs Multiple Security Holes
Web Fraud 2.0: Digital Forgeries
Web Fraud 2.0: Validating Your Stolen Goods
Web Fraud 2.0: Cloaking Connections

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

180Solutions Issues 'Mea Culpa'

Earlier this week, Security Fix called attention to yet another example of 180solutions' ad-serving software being installed without user consent. The guy who recorded the video of the whole episode, Harvard Ph.D. student and spyware hunter Ben Edelman, refused to tell 180solutions anything about the distributor involved, because as he explained on his blog, the last few times he posted such examples in public "180 trivialized the finding and issued a self-serving press release. Rather than admit that their software still becomes installed improperly, 180 danced around the issue and tried to use these wrongful installations to obtain a public relations benefit."

Sure enough, soon after that post 180 put out a press release saying it had terminated its relationship with the distributor responsible for the rogue installs, and that it had "remessaged" the affected users (sent them pop-up notices) to let them know about the fraudulent installs.

Well, according to a post on 180's own blog today, the bad guys that the company went after were a different group of distributors who also happened to be installing 180's Zango search assistant without user consent.

"The primary breakdown here was not with our software, although our software was certainly hacked. No amount of software development will ever make any software completely bulletproof," 180 co-founder Keith Smith said in the blog. "The primary breakdown here was in our reporting and detection mechanisms. In the end, the mechanisms we have in place were able to help us find the bad guys. But, in our opinion, that process took too long, and for that we apologize."

Allow me to add my 2 cents here: The primary breakdown is that as long as there is a strong economic incentive, hackers will always find a way to game 180's system to fraudulently install the adware. (Computer-security firm Sunbelt Software also has an interesting post on this issue in its blog.)

By Brian Krebs |  February 24, 2006; 4:40 PM ET From the Bunker
Previous: Winamp Update Fixes Big Security Hole | Next: SiteAdvisor Adds Search Safety

Comments

Please email us to report offensive comments.



I see 180 didn't waste any time claiming victim status. Absurd.

There's got to be some way to shut these clowns down.

Posted by: S. H. | February 24, 2006 5:49 PM

It's rather amusing to hear 180 demand the Edelman should share his findings with them. The nerve.

Posted by: _r | February 24, 2006 6:26 PM

They are rather childish about this, even though 100% of users dont what their crap on their system.

deuchbags.

Posted by: Funkynuckles | February 24, 2006 11:47 PM

180 is doomed. Regardless of what they do today they will not excape the long arm of the law which can reach back at least 5 years.

Posted by: Stiennon | February 24, 2006 11:54 PM

Brian,
I was impressed with your article in the Post Magazine from last week and further interested in the growing debate of the left over meta-data in the picture of 0x80 that some people found. Are you able to comment on that issue at all (i.e., was it an oversight, deliberate or was it real/false information)? If this is something you can not discuss then I appologize; otherwise, what might we be able to expect to come out of it as a possible resolution?

Posted by: dying to know | February 27, 2006 10:56 AM

The comments to this entry are closed.

 
 

©  The Washington Post Company