these are quite possibly programs written by porn sites that are then downloaded to your computer because you inadvertently clicked on a pop-up or link to download it.
You would not find much information on them because they are not viruses or worms that spread. They are just programs written by some website in the hope that you download them by mistake so they can then have you visit their pages. Thus they can name the program asdsasfsdgsdf.exe and it will execute the same instructions.
What i’m trying to say is that they can name it any damn thing. So what you should be less worried about is the name of the program, and you should be more worried about your browsing habits. Avoid clicking on every link that says “Click Here”.
Also disable Install-on-Demand from your browser settings if you’re using IE.
Incidentally, having dialers on your machine is a bad thing. Some dialers are written to disconnect your modem and reconnect to the internet using a number of the hacker’s choosing, often a foreign ISP that has a deal with said hacker. The upshot is a several hundred dollar internet charge…
I actually have a fair idea of who inadvertantly put these things on our machines - a certain colleague who due to laptop absence recently used the very four computers I found these things on. It certainly wasn’t me clicking on “Click here!”
When his laptop came back, I tactfully helped him remove them from there too…
Option :Enable Install-on-Demand (Internet Explorer): pertains to MS updates (to which you refer).
Option :Enable Install-on-Demand (Other): pertains to other websites that can embed code to cause programs to inadvertently be downloaded to your comp (as, perhaps, experienced by the istara). This is what i was referring to.
“Components that can be installed by using self-installing program files that are registered with Internet Explorer 6 are controlled by the Enable Install on Demand (Other) setting.”
Key words being “that are registered with Internet Explorer 6”, meaning that it can only download updates for programs that are already on your computer.
In regards to install-on demand. I was wondering on how easy it is to spoof certificates?
If some company that everyone hated like Comet Cursor wanted to bypass the “click yes to install” function, would it be difficult for them to fake the certificate of some provider which is more often approved with a checkmark in the “always accept from this provider” box (someone like Microsoft or RealNetworks)?
Not that Comet Cursor would do, but maybe a maker of one of those dialers or some ad seller.
In order to subvert install on demand, someone would have to convince Microsoft into bundling their software into an update that would be offered from the Microsoft site. Or Microsoft would have to be hacked, but that’s somewhat less likely.
But it sounds like you’re interested in ActiveX controls. A cryptographic attack on certificates is unfeasable with current technology. However, a social-engineering attack is quite possible. Over a year ago, someone used fraudulent information to acquire certificates that said they were from Microsoft. There was no evidence that they were ever used for malicious purposes. Also, certificates are approved on a per certificate basis, not per name basis. For instance, if you had check “Always trust content” on a genuine Microsoft certificate, it would not automatically trust content from the fraudulent Microsoft certificate, or even a different genuine Microsoft certificate. Of course it’s also possible that a genuine Microsoft certificate could be stolen, but I haven’t heard of that happening either.
The easiest thing to do to avoid this problem is to never say “always trust content from <X>”, and to always think about why a web page is asking you if you want to install and run a program. For what it’s worth, I don’t even say “always trust content from <my own company>”, simply because I want to know when things are being installed.
Don’t let other people who won’t abide by this policy use your computer (or use my solution if you know how: set up an account which has restricted priveleges so that they can do whatever they want and it won’t affect you).
And when you’re using other people’s computers, even if you know what you’re doing, always use the most conservative choices (“no, don’t allow this to run”) unless the owner is giving you explicit permission to do otherwise. Most savvy users who are respectful to others follow this rule already, but I would really like it if it were so commonplace that even the non-savvy users would be in the habit of being careful. So teach this to that nimrod with the laptop.
Actually I read that a year ago parties unknown had broken in a ms warehouse and had stolen a few thousand certificates and paper they used to make them
The ms spokeperson said they couldnt relate a active cost to ms but the school of thinking was they were to be used for bootleg versions of ms products
Last I heard of it they were tracking the numbers down and just said theyed put up a note if someone tried to use them to register a product
On porn dialers these supposedly work like a internet 1-900 number you use the dialer and get charged so much a minute the biggest company involved in them was vanutti <sp>
