IP: Friendly Trojan (fwd)

[Dave Farber <farber () cis upenn edu>]

> From: Paul Tanenbaum <pjt () ARL ARMY MIL>
> Subject: Friendly Trojan
> Date: Mon, 18 Dec 2000 12:55:14 EST
>
>
> All,
>      In an otherwise unrelated email message, Dave Towson wrote the
> following, which I thought this crowd might be interested in:
>      Paul
>
> >      At home, I clear the web cache for both IE and Netscape with every
> > boot, so any info that could be gleaned from the cache would only apply to
> > the current day's browsing.  And at work, I clear the caches each day at
> > 1700 via the Windows task scheduler.  But I recently encountered another
> > form of snooping that may be far more pervasive than I realize.  I received
> > a message from a friend saying she had sent me an electronic birthday card
> > that I could pick up at a specified web site.  When I picked it up, it
> > played some music that was billed as being encoded in MIDI format.  There
> > was a note near the bottom of the page that offered a free music playing
> > browser plugin that sounded pretty neat, so I investigated.  In the "fine
> > print" when I went to download the plugin was a cryptic note about the
> > plugin including "webhancer" technology.  That raised a flag with me, so I
> > searched for and found a pointer to webhancer.  It is a client that runs in
> > the background and sends to the webhancer site information on such things
> > as DNS lookup times, connection speeds, page opening times and page abandon
> > rates.  It does this for all web-related activities, and not just for the
> > one that Trojaned it into your system.  Now, I wonder how many other
> > freebies carry such Trojans and don't have the courtesy to warn the
> > recipient.
> >
> > Dave



For archives see: http://www.interesting-people.org/