Spyware Sucks

I'm not sure how I feel about this; the fall out from the now infamous EOLAS patent dispute has had a fundamental effect on how we interact with the Web when using Internet Explorer, and I have never felt that the change was for the better.  Heck, I never supported the patent in the first place(another MVP described it as a "hot button issue" for me in an email dialogue tonight).

Many will not remember this, but a few years ago there was a "developer preview" (my terminology, can't remember exactly what they called it) that was released for a short while for testing that directly addressed the EOLAS patent - it was a horrid thing, and I'm so glad they didn't go ahead with it.  Basically, every single control on a web page that required user interaction triggered a dialogue box.  I remember testing the changes at Java Boutique, sometimes triggering dozens of dialogue boxes per page.

Thankfully, the original version of the changes to Internet Explorer didn't proceed, and we ended up with the discreet, "Click to activate and use this control" prompt.  The prompt is becoming more rare nowadays, as web sites learn how to work around the changes.

The following shots show how Microsoft's adaptations to address the EOLAS patent matured over the years.  Here you see the very irritating dialogue box that popped up for every affected control, an older version of the mouseover text, and the final version.  Sadly, I can't remember when the change from "Press SPACEBAR or ENTER to activate and use this control" to "Click to activate and use this control" occurred - perhaps one of my readers will share their knowledge of that.

The entire EOLAS brouhaha has been a real roller coaster ride; EOLAS were originally awarded $521 million by jury in 2003 but that award was partially overturned on appeal - one of the facets of the appeal was should the jury have been allowed to consider whether EOLAS patent was/is invalid.  The case was due back at court last month for a retrial, but was postponed. 

In the midst of the lawsuit, in November 2003 the Deputy Patent Commissioner of the US Patent and TradeMark Office, Stephen G Kunin, ordered the agency's examiners to reconsider the EOLAS patent that had been awarded to the University of California back in 1998.  That had only happened 151 times in the last 22 years!!!

This led to the patent being invalidated in March 2004 in a preliminary ruling:
http://www.theregister.co.uk/2004/03/05/eolas_web_patent_nullified/

Then, in August 2004, Microsoft has another win, with the Patent Office reported as rejecting all 10 patent claims under review:
http://news.com.com/Microsoft+wins+again+in+Eolas+patent+dispute/2100-1032_3-5315367.html?tag=nefd.lede

But then in 2005, the patent was upheld, although I do note that Microsoft do have permission to fight it out once again after it was issued with a patent covering the same concepts as the EOLAS patent - basically it's a "who invented it first" fight - the hearing was scheduled for June this year; I haven't found any evidence of a result, and that could take up to a year. 

Then the cats was put right in the middle of the EOLAS pigeons.  A recent US Supreme Court decision cast real doubt on the original award of $521 million when that Court ruled that Microsoft cannot be forced to pay for patent infringements that occur when copies of Windows are made and installed on computers abroad.  Remember, the jury originally granted the University of California and Eolas US$1.47 for each of the 354 million copies of the Windows operating system that included the Internet Explorer browser between Nov. 17, 1998, when the patent was issued, and Sept. 30, 2001 - but that count of 354 million was *worldwide*.   By reducing the scope of computers caught by patent infringement penalties, EOLAS were looking at a potential reduction in their award from US$521 million award to US$187 million - a massive drop in anyone's language.

On August 2007 EOLAS Chief Operating Officer Mark C Swords released a letter to EOLAS shareholders advising that although he could not talk about the exact terms of the settlement, the Board of EOLAS were anticipating a dividend of between $60 and $72 per share, although I must point out that there has been no direct link drawn between the release of the dividend and the settlement with Microsoft in the letter from Mr Swords.  There will be an informal meeting for EOLAS shareholders at 7.00pm on Tuesday 4 September 2007 at the Holiday Inn Select, 1801 Naper Boulevard, Naperville, Illinois, at which the "future business plans of EOLAS, its finances, and "such information regarding the settlement as [EOLAS] are permitted to disclose" will be discussed.

So, it all seems to be over - it has not only been a roller coaster ride, it has also been fascinating watching the US legal system and its events here, and the US Patents Office, and how activities there affected what was happening in the Courts. 

In the end, EOLAS got their settlement and Internet Explorer users got the short end of the stick... have EOLAS gone after other those behind other web browsers in the same way as they went after Microsoft? Um, not as far as I know...

"The court says, clearly and unambiguously, that anti-spyware vendors' labeling judgments are completely protected by 47 USC 230(c)(2), a statute designed to protect online filtering judgments. In support of this conclusion, the court says that:

1) Kaspersky qualifies as an interactive computer service provider (specifically, as an access software provider)
2) The labeled software does not have to be actually "objectionable;" the vendor qualifies for protection so long as it subjectively considers the software objectionable.
3) There is no "good faith" standard in the statute for the vendor's decision to consider software objectionable."

Source: http://blog.ericgoldman.org/archives/2007/08/antispyware_ven.htm

Bronwyn has put out a call for members to join geekgirlsblog; I suppose I'd better put my name in the hat

I haven't met Bronwyn - our respective home towns are many thousands of miles apart, and I don't get to travel much nowadays - but those I know who have met her have nothing but good things to say.  Hopefully one day our paths will cross.

Source: http://techtalkblogs.com/blog/archive/2007/08/30/3132.aspx

One of the biggest problems I face when tracking down malicious banner advertisements is gathering proof sufficient to convince a web site and/or advertising network that they have a problem.  Sometimes I am unable to reproduce a reported hijack by a banner advertisement despite my best efforts.  When my correspondent is inexperienced they can struggle to gather the required data for me to analyse and publicise.

Eric Lawrence of Microsoft has also seen the need for a product that will make it easy for the inexperienced to generate an HTTP or HTTPS log, so he has created a simpler version of Fiddler especially to address this need.

Called Fiddlercap, the product can be used to easily take a snapshot of HTTP traffic, which is then sent to a "debugging buddy" (that would be me) :o)

My only question is whether Fiddlercap and Fiddler can be installed side by side.  I must ping Eric about that, see what I can find out.

You can download Fiddlercap here: http://www.fiddler2.com/fiddler/help/log.asp

Ok, so the neanderthals behind the Storm spam (whose grammatical skills leave a lot to be desired) have given up, for now, on the idea of playing to the guilty conscience and voyeurism.  Now they're trying to lure people in with music videos.

Subject: dude this is not even on MTV yet
Subject: Cool Video is out
Subject: Hot new video
Subject: OMG, check out the new video
Subject: this video is out out yet
Subject: this video rocks
Subject: your gonna love this. lol
Subject: awesome new video

------
Beyonce just cut there new video.

See it before the video is released. Click on the link to pull it off my
server: <<<URL deleted>>>
------
P. Kelly finished a new video.

See the cut before it hits MTV. Paste this address in your browser for the video: <<URL deleted>>
------
Fergie just filmed their new video.

See it here before it releases. Go here for the video:
<<URL removed>>
------
Snoop Dog did a new video.

Be the first to see it. Click on the link to pull it off my server:
<<URL removed>>

If you are silly enough to go to the Web sites being offered you will see:

"If the video does not start playing you need to load the right codec.  Click on the link to install it.
------

The download offered is Zhelatin/Storm worm aka Email-Worm.Win32.Zhelatin.hs. Believe me, you don't want to take the bait and go to those sites, even for curiosity's sake.

You use Windows Internet Explorer 7 to browse a Web page, and you examine the state of the Edit with <HTML editor> command on the File menu. However, you notice that the state of this command is inconsistent with the state of the Edit with <HTML editor> command on the Page menu. For example, the Edit with Notepad command on the File menu may be enabled, while the Edit with Notepad command on the Page menu is disabled.

Additionally, the state of Edit with <HTML editor> command on the Page menu will vary from disabled to enabled if either of the following conditions is true:

• You refresh the Web page in the current Internet Explorer window.
• You open the same Web page in another Internet Explorer window.

Note The <HTML editor> placeholder represents a program that you can use to edit HTML files. For more information about how to specify the HTML editor, see the "More information" section.

http://support.microsoft.com/default.aspx/kb/939946

All URLS broken for safety reasons:

The bad advertisement is hxxp://b1.adbrite.com/iads/35249.swf (an advertisement for monstermarketplace.com).  Please read this article if you cannot reproduce the hijack.

Note: there may be more hijacking adverts - this is just the one I found today.  The owner of the blog knows about this information and will be able to get rid of the dangerous advertisement, then we will monitor the situation.

Summary:

Referer: hxxp://seo.mhvt.net/blog/?p=137  --> Host: ads.adbrite.com

Referer: hxxp://b1.adbrite.com/mb/banner_shim.swf?bannerURL=hxxp://b1.adbrite.com/iads/35249.swf
&clickTAG=http%3A%2F%2Fclick.adbrite.com%2Fmb%2Fclickx-flash-version: 9,0,47,0 --> Host: b1.adbrite.com

Referer: hxxp://b1.adbrite.com/iads/35249.swf  --> Host: www.errorsafe.com

Referer: hxxp://b1.adbrite.com/iads/35249.swf  --> Host: winantivirus.com

Referer: hxxp://b1.adbrite.com/iads/35249.swf  --> Host: drivecleaner.com

Referer: hxxp://b1.adbrite.com/iads/35249.swf  --> Host: www.mysurvey4u.com

Referer: hxxp://b1.adbrite.com/iads/35249.swf  --> Host: www.errorsafe.com

Details...

GET /mb/text_group.php?sid=404027&zs=3136305f363030 HTTP/1.1
Accept: */*
Referer: hxxp://seo.mhvt.net/blog/?p=137
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: <<deleted>>
HTTP/1.1 200 OK
Via: 1.1 <<deleted>>
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Date: Wed, 29 Aug 2007 23:55:14 GMT
Content-type: text/html
Server: lighttpd/1.4.16
Cache-Control: no-cache, no-store, must-revalidate
P3P: policyref="hxxp://www.adbrite.com/p3p.xml",CP="NOI NID"
Set-Cookie: <<deleted>>
Set-Cookie: <<deleted>>
------------------------------------------------------------------
GET /iads/35249.swf HTTP/1.1
Accept: */*
Referer: hxxp://b1.adbrite.com/mb/banner_shim.swf?bannerURL=hxxp://b1.adbrite.com/iads/35249.swf
&clickTAG=http%3A%2F%2Fclick.adbrite.com%2Fmb%2Fclick
x-flash-version: 9,0,47,0
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: b1.adbrite.com
Proxy-Connection: Keep-Alive
Cookie: <<deleted>>
HTTP/1.1 200 OK
Via: 1.1 <<deleted>>
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 15639
Date: Wed, 29 Aug 2007 23:55:14 GMT
Content-Type: application/x-shockwave-flash
ETag: "5853fd-3d17-46c1ca76"
Server: Apache
Last-Modified: Tue, 14 Aug 2007 15:29:58 GMT
Accept-Ranges: bytes
X-Pad: avoid browser bug

------------------------------------------------------------------
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Referer: hxxp://b1.adbrite.com/iads/35249.swf
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: www.errorsafe.com
Proxy-Connection: Keep-Alive

------------------------------------------------------------------

HTTP/1.1 302 Found
Via: 1.1 <<deleted>>
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Date: Wed, 29 Aug 2007 23:55:17 GMT
Location: hxxp://winantivirus.com/download/2007/index.php?aid=
59idf95t&ax=1&ex=1&ed=2&h=10&j=1&mtrt=tmpsron
Content-Type: text/html
Server: Apache
X-Powered-By: PHP/4.4.2
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Set-Cookie: <<deleted>>
Set-Cookie: <<deleted>>

-----------------

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Referer: hxxp://b1.adbrite.com/iads/35249.swf
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: www.errorsafe.com
Proxy-Connection: Keep-Alive

------------------------------------------------------------------

HTTP/1.1 302 Found
Via: 1.1 <<deleted>>
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Date: Wed, 29 Aug 2007 23:55:17 GMT
Location: hxxp://winantivirus.com/download/2007/index.php?aid=
59idf95t&ax=1&ex=1&ed=2&h=10&j=1&mtrt=tmpsron
Content-Type: text/html
Server: Apache
X-Powered-By: PHP/4.4.2
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Set-Cookie: <<deleted>>

------------------------------------------------------------------

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Referer: hxxp://b1.adbrite.com/iads/35249.swf
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Proxy-Connection: Keep-Alive
Host: winantivirus.com

------------------------------------------------------------------

HTTP/1.1 302 Found
Via: 1.1 <<deleted>>
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Date: Wed, 29 Aug 2007 23:55:18 GMT
Location: hxxp://drivecleaner.com/.freeware/index.php?aid=
59idf95t&ax=1&ex=1&ed=2&h=10&j=1&mtrt=tmpsron&lid=dc-p22&mtrt=null&p=22
Content-Type: text/html; charset=UTF-8
Server: Apache
X-Powered-By: PHP/4.4.2
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Set-Cookie: <<deleted>>

------------------------------------------------------------------

/.freeware/index.php?aid=59idf95t&ax=1&ex=1&ed=2&h=10&j=1&mtrt=tmpsron&lid=dc-p22&mtrt=null&p=22 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Referer: hxxp://b1.adbrite.com/iads/35249.swf
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Proxy-Connection: Keep-Alive
Host: drivecleaner.com

------------------------------------------------------------------

HTTP/1.1 200 OK
Via: 1.1 <<deleted>>
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Date: Wed, 29 Aug 2007 23:55:18 GMT
Content-Type: text/html
Server: Apache
X-Powered-By: PHP/4.4.2
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Set-Cookie: <<deleted>>

------------------------------------------------------------------

GET /stats.php?campaign=59idf95t&u=1188431995592 HTTP/1.1
Accept: */*
Referer: hxxp://b1.adbrite.com/iads/35249.swf
x-flash-version: 9,0,47,0
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: www.mysurvey4u.com
Proxy-Connection: Keep-Alive

------------------------------------------------------------------

HTTP/1.1 200 OK
Via: 1.1 <<deleted>>
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Date: Wed, 29 Aug 2007 23:59:57 GMT
Content-type: text/html
Server: lighttpd/1.4.13
X-Powered-By: PHP/5.2.0-8+etch7
Last-Modified: Wed, 29 Aug 2007 23:59:57 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache

------------------------------------------------------------------

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Referer: hxxp://b1.adbrite.com/iads/35249.swf
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: www.errorsafe.com
Proxy-Connection: Keep-Alive

------------------------------------------------------------------

HTTP/1.1 302 Found
Via: 1.1 <<deleted>>
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Date: Wed, 29 Aug 2007 23:59:58 GMT
Location: hxxp://winantivirus.com/download/2007/index.php?aid=59idf95t&ax=1&ex=1&ed=2&h=10&j=1&mtrt=tmpsron
Content-Type: text/html
Server: Apache
X-Powered-By: PHP/4.4.2
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Set-Cookie: <<deleted>>

------------------------------------------------------------------

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Referer: hxxp://b1.adbrite.com/iads/35249.swf
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Proxy-Connection: Keep-Alive
Host: winantivirus.com

------------------------------------------------------------------

HTTP/1.1 302 Found
Via: 1.1 <<deleted>>
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Date: Thu, 30 Aug 2007 00:02:52 GMT
Location: hxxp://www.errorprotector.com/free/index.php?aid=59idf95t&ax=1&ex=1&ed=2&h=10&j=1&mtrt=tmpsron&lid=erp-l1&mtrt=null&l=1
Content-Type: text/html; charset=UTF-8
Server: Apache
X-Powered-By: PHP/4.4.2
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Set-Cookie: <<deleted>>

MSN Messenger and Windows Live Messenger contain a heap overflow in the handling of malformed webcam streams. By convincing a user to accept a webcam invitation, a remote attacker may be able to execute arbitrary code with the privileges of the user on an affected system.

US-CERT is aware of publicly available exploit code for this vulnerability.

More information regarding this vulnerability can be found in Vulnerability Note VU#166521.

US-CERT recommends users upgrade to Windows Live Messenger 8.1 to mitigate the security risk.

Source: http://www.us-cert.gov/current/index.html#msn_messenger_web_camera_stream

Two updates have been released, one for Vista and one for Vista x64 - both require validation.

This update apparently resolves an issue where messages become stuck in the Outbox and cannot be deleted when using Windows Mail. After you install this update, you may have to restart your computer.

Vista
http://www.microsoft.com/downloads/details.aspx?FamilyID=09f002d9-a140-42a8-99f5-a86f2b7e39f1&DisplayLang=en

Vista x64
http://www.microsoft.com/downloads/details.aspx?FamilyID=09dabf39-1e37-46dd-91bc-be5abe3f39b7&DisplayLang=en

The feeds are not password protected!!!

Voyeurism and guilty consciences will get 'em every time

Each 'youtube.com' hyperlink actually points to an IP address unrelated to youtube itself.  The sites in question will try to infect visiting computers with the Storm Trojan.

It just goes on and on and on....

-----

Subject: Dude, what if your wife finds this?
Subject: OMG, what are you thinking
Subject: LMAO, your crazy man
Subject: LOL, dude what are you doing
Subject: man, who filmed this thing?
Subject: how did you get that on film, man?
Subject: oh man your nutz
Subject: Where did you take that?
Subject: LOL, that is too cool..
Subject: HAHAHAHAHAHA, man your insane!
Subject: sheesh man, what are you thinkin
Subject: this is too crazy, but she is hot
Subject: Dude your gonna get caught, lol
Subject: I cant belive you did this
Subject: are you kidding me? lol
Subject: Who is that your with? lol
Subject: where did you hide that camera?
Subject: where did you hook up with that?
Subject: ROTFLMAO, who is that your with?
Subject: Dude dont send that stuff to my home email...

-----

You can see your face right in the video. its all over the web dude. here is the link I got
http://www.youtube.com/<<deleted>>

You can see your face right in the video. its all over the web dude. this is the link to it.
http://www.youtube.com/<<deleted>>

You can see your face right in the video. its all over the web dude. here is where I found it
http://www.youtube.com/<<deleted>>..

-----

If your mom sees this she this video of you she is gonna freak. here is where I found it
http://www.youtube.com/<<deleted>>..

If your mom sees this she this video of you she is gonna freak. go look at it...
http://www.youtube.com/<<deleted>>

If your mom sees this she this video of you she is gonna freak. take a look, lol
http://www.youtube.com/<<deleted>>

If your mom sees this she this video of you she is gonna freak. check it out yourself
http://www.youtube.com/<<deleted>>

-----

What are you thinkingif pat sees this your divorced dude. :-{) go look at it
http://www.youtube.com/<<deleted>>

What are you thinkingif pat sees this your divorced dude. :-{) this is the link to it.
http://www.youtube.com/<<deleted>>..

-----

this i not good. If this video gets to her husband your both dead. see for yourself
http://www.youtube.com/<<deleted>>

-----

LMAO, I cant believe you put this video online. Everyone can see your face there. LOL here is the link I got
http://www.youtube.com/<<deleted>>

LMAO, I cant believe you put this video online. Everyone can see your face there. LOL here is where I found it...
http://www.youtube.com/<<deleted>>

-----

You need to take this offline, it is in everyones email. :-( take a look, lol...
http://www.youtube.com/<<deleted>>

-----

If your dad see this video you made, he is gonna kill you. go look at it...
http://www.youtube.com/<<deleted>>

-----

Dude I know thats you, someone emailed me a link to the video. see for yourself
http://www.youtube.com/<<deleted>>

Dude I know thats you, someone emailed me a link to the video. here is where I found it...
http://www.youtube.com/<<deleted>>

-----

OMG, what are you doing man. This video of you is all over the net. go look at it
http://www.youtube.com/<<deleted>>..

OMG, what are you doing man. This video of you is all over the net. this is the link to it.
http://www.youtube.com/<<deleted>>

OMG, what are you doing man. This video of you is all over the net. see for yourself
http://www.youtube.com/<<deleted>>

-----

Man you have got to tell me where you picked her up. I saw this on the web, it has to be you. this is the link to it.
http://www.youtube.com/<<deleted>>

Man you have got to tell me where you picked her up. I saw this on the web, it has to be you. see for yourself
http://www.youtube.com/<<deleted>>

Man you have got to tell me where you picked her up. I saw this on the web, it has to be you. take a look, lol...
http://www.youtube.com/<<deleted>>

----

Umm, no - so, please, those of you who are saying "use Firefox" to avoid the scareware, please stop.

http://commercial-archive.com/node/136476