I've been quoted by The Register and spywaresucks is the 3rd most visited blog on msmvps.com

I found out today that my blog entry about the problems with HP Director and IE7 is currently the 3rd most commonly visited page at msmvps.com - amazing.  The only blogs visited more often are Chrisl and Coad.

My HP article is not only an often visited article, it also attracted more reader comments than any other article that I have written, and would have attracted even more if comments were not automatically barred after 60 days:
http://msmvps.com/blogs/spywaresucks/archive/2006/10/22/197647.aspx

I also found out today that I have been quoted by The Register:
http://www.theregister.co.uk/2007/01/27/myspace_scareware_myscare/

""I have said this many times, but I strongly recommend that MySpace be blocked on your networks," writes Sandi Hardmeier, a consultant under Microsoft's most valuable professional program, on her blog. "Don't let your kids go there. Don't let your employees go there. It simply isn't safe."

Pot, meet kettle, perhaps."

The blog entry they have taken the quote from is this one:
http://msmvps.com/blogs/spywaresucks/archive/2007/01/25/516895.aspx

Let's not forget that it was The Register, and Temerc, that first drew the MySpace problem to my attention.  Temerc has posted about the problem on dozens of forums, including his own:
http://temerc.com/phpBB2/viewtopic.php?p=3422711#3422711

I have now tweaked my home network now so that I can access MySpace, while still preventing anybody else on the network from getting there, so that I can keep an eye on things. 

Mike Burgess of MVP Hosts File fame, advised that MySpace adverts are served up from delb.myspace.com (216.178.33.60), which redirects to Right Media (ad.yieldmanager.com).  Whois Results for www.yieldmanager.com

I'll be honest - I still think it is time to go after Right Media; they are further up the distribution chain than MySpace, ActiveWin and the Messenger Plus! sponsor program, all of which I have personally seen being used as a conduit to get Winfixer aka Drivecleaner aka Errorsafe on to victims' computers.  The FTC went after Zango, and I can see no reason why they could not go after Right Media as well.

That being said, it is extremely important to keep the pressure on MySpace to clean up its act.  With its "119.5bn ad impressions in Q4" (source: The Register)  (which I calculate to be 1,327,777,777.78 ad impressions per day, at 90 days per quarter) it presents a risk to potentially millions more people than the Messenger Plus! sponsor program ever did (the latest statistics posted by Patchou reveal that Messenger Plus! is being installed roughly 230,000 times per day and has 14 million activer users) and, unlike CiD, MySpace doesn't have the option of editing its users' HOSTS file in an attempt to protect visitors from risk.

I am sure that, if they could be convinced to take such a step, a threat by MySpace to take their business elsewhere would be more than enough to encourage Right Media to clean up their act.  Add to that convincing Circle Distribution (CiD - the provider of the Messenger Plus! Sponsor Program) and other high volume clients to do the same thing, and negative press from the anti-spyware community, and we may just be able to make a difference.

www.yieldmanager.com redirects to https://my.yieldmanager.com/ which is a Right Media log-in page.

 

Published Sat, Jan 27 2007 14:55 by sandi
Filed under:

Comments

# re: I've been quoted by The Register and spywaresucks is the 3rd most visited blog on msmvps.com

Saturday, January 27, 2007 4:57 PM by Mike Nolet

As the person responsible at Right Media for ensuring this doesn't happen I thought it'd be appropriate to respond.  

First -- simply because delb.myspace.com (myspace's adserver) sometimes redirects to ad.yieldmanager.com (our adserver) doesn't mean that this came from us.  As you may have noticed, you will also see ads from many different ad networks.  I'm not trying to point blame elsewhere, but it's impossible to say who caused this without actual referring urls from the end users. This is an industry-wide problem, and please see the links below for more info on both how clever these spyware providers can be and what's being done about it.

Second -- We have been working extremely hard on stopping this behavior from ever occuring on the Right Media Exchange.  We have an automated auditing tool that checks our ads 24/7 for behavior such as this.  Over the past 3 months we have shut down hundreds of ads that try to do active-x installs and even a couple parties that attempted to spread viruses using ad networks. Please check out the following articles from our blog for more info:

http://blog.rightmedia.com/2007/01/27/banner-ops-and-errorsafe/

http://blog.rightmedia.com/2006/08/02/Two-Viruses-Ten-Creatives-and-an-Automated-Creative-Tester/

http://blog.rightmedia.com/2006/08/30/how-media-guard-works/

Please email me at mnolet@rightmedia.com if you have any additional questions.

-Mike

# Right Media Blog » Blog Archive » Response to blog posts about Myspace spyware installs

Saturday, January 27, 2007 5:20 PM by Right Media Blog » Blog Archive » Response to blog posts about Myspace spyware installs

PingBack from http://blog.rightmedia.com/2007/01/27/response-to-blog-posts-about-myspace-spyware-installs/

# re: I've been quoted by The Register and spywaresucks is the 3rd most visited blog on msmvps.com

Saturday, January 27, 2007 6:07 PM by sandi

Re Right Media's response I say this:

"I also saw Winfixer malware advertisements from Right Media being served up to Messenger Plus! sponsor programs via Circle Distribution.

Frankly, your "automated auditing tool" is not working.

Patchou of Messenger Plus! and CiD ended up editing every Sponsor Program users' HOSTS file to block known Winfixer domains completely - so why can't *you* block Winfixer domains at your end?"

# re: I've been quoted by The Register and spywaresucks is the 3rd most visited blog on msmvps.com

Monday, January 29, 2007 7:55 AM by peter

You forgot the obvious problem (not Right Media):

 IE sucks.

And the solution is not to blame others, but to:

 Not use IE.

# re: I've been quoted by The Register and spywaresucks is the 3rd most visited blog on msmvps.com

Monday, January 29, 2007 5:21 PM by sandi

Oh yay. Here comes the {insert alternative browser of choice} fan.

Peter - I don't think you realise the harm you do when you spout the rhetoric but forget to include security education.

I feel sorry for the 37.14% of FF 1.x users who are being hit via unpatched exploits - that browser gets targeted you know...

And the 99.85% of unpatched Opera 8x users...

And the 80.49% of unpatched Opera 7x users...

And the 13.63% of unpatched Opera 9x users...

Do me a favour. Instead of saying "IE sucks" and "not use IE" and leaving it at that, how about starting to EDUCATE users about safe hex.

Start saying "use {web browser} because {insert reason}" instead of just "IE sucks".

AND start telling people they have to patch their Web browser, NO MATTER WHAT BROWSER THEY ARE USING, OR WHAT THE VERSION IS.

As those of us with our heads in the real world say, "it only takes one exploit" and as far as I am concerned, patching, or lack thereof, is as important, if not more so, than the number of exploits.

# re: I've been quoted by The Register and spywaresucks is the 3rd most visited blog on msmvps.com

Wednesday, January 31, 2007 4:35 PM by chuck

instead of saying 'your "automated auditing tool" is not working' and leaving it at that, how about giving Mike Nolet a list of the referring urls that you're complaining about.  it would be nice to see the blurb about safe hex being followed up with prudent evidence.

# re: I've been quoted by The Register and spywaresucks is the 3rd most visited blog on msmvps.com

Thursday, February 01, 2007 3:57 AM by sandi

Chuck,

I have been down the road of submitting problem URLs when battling winfixer malware getting on to systems via the Messenger Plus! sponsor program.  In that case the advertisements were coming from Circle Distribution who happen to purchase their content from none other than Right Media (funny how that name keeps coming up) - I passed on captured URLs to Patchou of Messenger Plus! and he apparently forwarded those URLs on to those behind CiD - in the end CiD pushed out a HOSTS file update that blocks access to known Winfixer domains, and frankly I am tired of covering CiD and Right Media's back by monitoring their advertisements for problems and passing on URLs because:

1) I am doing *their* job for them by monitoring their advertisements - and doing it for FREE;

2) simply reporting problem advertisements is failing to address the primary problem - that the advertisers are getting through in the first place.

The winfixer malware advertisements always point to, and try to download malware, from the same set of URLs.  

It is up to Right Media to bite the bullet and start telling advertisers to submit content that Right Media will host.  

It is time for Right Media to find a way to stop the malware guys from using scripts to get malware on to systems on the sly.

It is time for Right Media to stop their advertisements from being able to access known Winfixer domains to download malware.

It is NOT up to me to be watching *their* back and watching for problems with *their* advertisements and telling them where *they* have problems.

Yes, we are watching the Right Media blog and know about "Media Guard" and will be watching to see what effect it has on the problems caused by Right Media's malware advertisements.

# re: I've been quoted by The Register and spywaresucks is the 3rd most visited blog on msmvps.com

Thursday, March 22, 2007 9:35 PM by Scott

Good informative thread. I'm a fan of Zonealarm Pro because when all else fails ZA saves me over & over again. I know what I'd like to do with/to right media & a number of others that ZA has brought to my attn lately.;)

PS: I wasn't aware that opera had security probs but everyone should know IE & anything from Microsoft has big intentional security holes. People with any knowledge who use IE deserve what they get. :P

# The ongoing winfixer saga

Sunday, April 22, 2007 5:08 AM by Spyware Sucks

So, what do we do about an advertising network like ValueClick that will not clean up its act? A network

# Yahoo! to Acquire Right Media

Tuesday, May 01, 2007 5:28 AM by Hosts News
Yahoo announced today they will acquire Right Media ... let's hope they clean up the unsavory tactics