May 07, 2002
Never trust anyone who spells "cool" with a K

From Salon comes this story about a "family entertainment portal" called Flowgo and how a pop-up ad that ran on Flowgo's server installed a nasty piece of spyware on many user's computers.

The ad, purchased by a Los Angeles Internet marketing firm named IntelliTech Web Solutions, was designed to automatically redirect visitors away from Flowgo (no mouse click required) and to dump them at a booby-trapped site called KoolKatalog.

Once at KoolKatalog, visitors were invited to feed an e-mail address into a digital slot machine created in the Shockwave animation format. Solve the puzzle faster than anyone else, and KoolKatalog would send you a swell prize!

In the nanosecond it took most people to recognize the obvious junk mail trap, the real damage was already nearly done. According to virus experts, code in the pages at KoolKatalog exploited a known flaw in an old version of the Java engine of Microsoft's Internet Explorer browser to covertly download the first of 10 files onto visitors' computers

The thing that caught my eye about this was that Flowgo is one of the domains we've blocked from sending SMTP mail into our company because they were identified as a spammer. I suspect that someone complained about mail they had probably signed up for (though they may not have realized what they were doing) rather than genuinely unsolicited mail, but in any event we were seeing several hundred messages from them per day for awhile there. We don't see much anymore; maybe they took all the undeliverable messages as a hint. In any event, while Flowgo was certainly wronged here, I'm not going to weep for them. I will, however, take this opportunity to make sure my antivirus software is up to date...

Posted by Charles Kuffner on May 07, 2002 to Technology, science, and math