Re: skeech hosts files msn redirect and getting rid of it

From: pneuguin@yahoo.com
Date: 03/25/03 

From: pneuguin@yahoo.com
Date: 25 Mar 2003 08:38:30 -0800

"Lord Shaoladin Moustachey" <abuse@127.0.0.1> wrote in message news:<3e802282_1@lon-news.intensive.net>...
> <pneuguin@yahoo.com> wrote in message
> news:810f8014.0303241003.723036@posting.google.com...
> > "Lord Shaoladin Moustachey" <abuse@127.0.0.1> wrote in message
> news:<3e7f01f0$1_4@lon-news.intensive.net>...
> > > <pneuguin@yahoo.com> wrote in message
> > > news:810f8014.0303232139.3dbb5047@posting.google.com...
> > > > I assume Microsoft employees read this newsgroup.
> > > >
> > > > Skeech.com is modifying the Windows hosts files to redirect
> > > > users from the following Microsoft sites to Skeech.com:
> > > >
> > > > 64.255.2.119 auto.search.msn.com
> > > > 64.255.2.119 auto.search.msn.co.uk
> > > > 64.255.2.119 search.msn.com
> > > > 64.255.2.119 search.msn.co.uk
> > > > 64.255.2.119 www.msn.com
> > > >
> > > <snip>
> > >
> > > LOL loads of spammy companies do that.
> > >
> > > And WTF does it have to do with MS?
> >
> > They are hijaking Microsoft's name. Pay attention to the websites they
> are
> > hijaking.
> >
>
> They aren't hijacking ***, they changed your hosts file.

Whatever. They aren't notifying you of it, I would call it a hijack.

> It's a private machine, whatever spyware ran, ran implicity with your
> permission if you like the fact or not it's your responsibility.

Nowhere did it notify me that it would by modifying my hosts table.

> > > What exactly could MS sue them for?
> >
> > Trademark and copyright infringement. If skeech hijaked a bunch of DNS
> > servers, there would, without any doubt, be hell to pay. Microsoft can
> just
> > argue that it's a local DNS in this case, because that is more or less
> > exactly what the hosts file acts as.
>
> If skeech did, which they haven't.

Yes they did, but there is little point in arguing.

> Exactly there's the KEY word, local, private, not public.

It's irrelevant

> No liability.

Well if Microsoft doesn't mind being associated with skeetch, than
that's fine for them.

> > There is a precident. A company made up their own DNS server and started
> > assigning names to anybody that wanted it. It would ONLY work if you had
> > their DNS in your DNS server list. They were sued out of existence,
> > because it was claimed (falsely I believe) that they were infringing on
> > the rights of other companies by doing this.
>
> Yeh well spammers will try anything.

It wasn't spam. It was a company that was making cheaper DNS services
to only those that wanted it. It had nothing to do with spam. The
"official" DNS servers got upset though because they couldn't charge
70 bucks for a registered domain name when they had competition.

It was something more akin to the newer services like dynamic hosting,
such as is offered by www.dynu.com.

> > > "Uh they some dumb users ran some spyware *** and it changed their
> hosts
> > > files so everytime they use their browser it went to them"
> > >
> > > If you are stupid enough to run spyware with rights to alter your hosts
> file
> > > then you deserve what you get ;)
> >
> > Spyware isn't always obvious. Every now and then I stumble across a page
> > with a million pop ups, and while in the process of closing a window,
> another
> > window pops up right over the close tab and I click something without even
> > seeing it.
>
> No it's not always obvious, nor are vxd or ring 0 trojans but if you're
> careful you don't get slapped.

Not really.

> Using Mozilla is a good start ;)

I generally do, but my windows box is nothing more than a machine to
hold media files now. Since I'm often looking at a directory I sometimes
just change the address to point to a url, because it's quick.

> >
> > I generally run adaware, but more often than not, I simply run Linux which
> > is impervious to spyware. The reason that Microsoft OSes are so
> vulnerable
> > is that Microsoft's design enables it. In Unix you have a clear partition
> > between "your software" and the "OS" and it's very easy to find out what
> > files have been modified by anything like spyware under Unix.
>
> Well it's not impervious to spyware if you surf as r00t :)

Why would anybody need to run as root?

Try running Windows 2000 as a non privledged user. You can't install
anything, you can't modify anything. It's too much of a hassle to
run as anything other than a privledged account under windows.

> And the fact of the matter is *nix is no better suited to avoiding spyware
> or viruses, it's just that no-one is writing the software for that platform
> as it doesn't have a reasonable cost benefit ratio.

Whatever the reason, I don't have to deal with it there.

> So how exactly would you find out what files have been modified by spyware?

ls -aclR | grep (todays date)

> And it's just as easy on Windows..if you run it properly :)

Oh please. The only way to do it is constantly backing up your
registry and restoring it. What purpose does it serve to allow the
registry to start programs on startup without your knowledge other
than to create viruses and spyware? I won't argue the merrits of
what Microsoft did, but I can readily point to the problems that
result.