Privacy=Do you collect personally identifiable information on people who simply visit your sites while web-surfing?%0D0ANo. We only collect personally-identifiable information when people voluntarily provide such information, such as when they sign up for a service or promotional event. For web-surfers who simply visit our sites, or click onto banner ads, we collect anonymous Click Stream Data that permits us to provide better, targeted advertising messages.%0D%0A%0D%0AWhat is Click Stream Data?%0D%0AClick Stream Data is anonymous information on a web surfer, such as a web surfer's IP address, web pages which have been viewed by a surfer, date and time, domain type, and responses to advertisements.
Description=I wonÆt call a saved IP in combination with a log of visited web pages anonymous!
EditDate=20021020
SalisburyID=60
[Avenue A, Inc.]
Company=Avenue A, Inc.
Product=Cookie
Threat=Tracking cookie or cookie of tracking site
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=They say they no longer do tracking.
EditDate=20021020
SalisburyID=61
[ClickFinders]
Company=ClickFinders
Product=Cookie
Threat=Tracking cookie or cookie of tracking site
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Their cookie itself is a tracking cookie.
Privacy=What We Collect and How We Use It%0D%0AFrom our Web site visitors:%0D%0AUnless you elect to Opt-out of Tracking, Coremetrics collects non-personally identifiable information about you when you visit this site including information such as your IP address, the type of browser you are using and when you visited the site. We will also collect your personally identifiable information (PII) that you volunteer in emails or on any of our forms, such as name, address, telephone number, e-mail address, company information and resume information. Coremetrics may use this information so that you receive the content and information you request and/or would require, for our own marketing purposes or to consider your application for a position with Coremetrics.[...]
Description=Relatively harmless until you enter your data into their forms.
Privacy=No personal information is used by DoubleClick to deliver Internet ads.%0D%0ADoubleClick does not use your name, address, email address, or phone number to deliver Internet ads. DoubleClick does use information about your browser and web surfing to determine which ads to show your browser.
Description=Use information about your web surfingà that could include any information, like accounts and passwords.
Privacy=What anonymous information is collected on this site?%0D%0AAnonymous clickstream information is collected for every visitor to this site. This includes pages viewed, date and time, and browser type. [à]%0D%0A%0D%0AHow does this site use cookies?%0D%0AEngage uses cookies to identify your browser as you visit pages on the Engage site or sites in the Engage media network. Cookies allow Engage to gather anonymous clickstream information. Cookies also allow Engage to provide more relevant, targeted advertising as you travel through sites in the Engage media network.
Description=Targeted advertisemnt. Fair enough, they state the donÆt keep the recorded IP. But they donÆt need to if they save an unique ID in their cookie.
Privacy=Cookies%0D%0AA cookie is a small text file that a Web site can store on a user's PC on a temporary or a permanent basis. The cookie set by Enliven when an advertisement is served to your computer contains only an anonymous, randomly generated unique identification number. Cookies by themselves (and especially those containing only anonymous ID numbers) cannot be used to find out the identity of any user.%0D%0AAt the point of getting a request for an ad from the Web page a user visits, Enliven collects the following data related to the current advertising transaction: IP address, Enliven cookie number, the Web page from which the ad is requested, Search Terms (if in a search context), Browser type, and Operating System type. [à] We will update this privacy policy if our data collection and usage practices ever change.
Description=A unique number and the IP would be enough for me to call it tracking; but to also save search terms is even worse.
Privacy=We may use cookies to:%0D%0AKeep count of your return visits to our site or our clients' sites %0D%0AAccumulate and report anonymous, aggregate, statistical information on Web site usage %0D%0ADeliver content specific to your interests
Description=How do they want to deliver specific content, if not by watching my surfing behaviour?
Privacy=Cookies assist Commission Junction in tracking Internet Users' activities beginning from a Publisher's web site or subscription e-mail through an Advertiser's web site that the Internet User links to from the Publisher's site or e-mail.%0D%0ACommission Junction uses anonymous user data to create and report the browsing, purchasing and/or lead form completion activities of anonymous users.
Privacy=Keep count of your return visits to our site or our clients' sites,deliver content specific to your interests,save your password so you don't have to re-enter it each time you visit our sites.
Privacy=These companies may use information (not including your name, address, e-mail address or telephone number) about your visits to this and other Web sites to provide advertisements about goods or services that may be of interest to you.
Description=
EditDate=20030326
SalisburyID=277
[Action Liveshow Showtime]
Company=
Product=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=69
[BillByCall]
Company=TELEACTION Services GmbH
Product=
Threat=Dialer
CompanyURL=http://www.billbycall.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
XBlockID=404
EditDate=20021020
SalisburyID=70
[WebDialer]
Company=
Product=WebDialer aka DialerFactory aka HighSpeed
Threat=Dialer
CompanyURL=http://www.dialerfactory.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Dialer for Germany, Switzerland, Austria, Belgium, Canada, China, Czech Republic, Denmark, Egypt, Spain, Finland, France, Greece, Netherlands, Hongkong, Morocco, India, Ireland, Italia, Japan, Norway, Poland, Russian Federation, Sweden, Turkey, United Kingdom, USA, Venezuella
Functionality=Dialer for Germany, Austria, Switzerland, UK, Netherlands, Spain, Australia, Sweden, Norway, Danmark, Belgium, Italy, Ireland, Greece, Hongkong, Japan
Privacy=
Description=No real privacy policy, EULA is in german. Links to this dialer get sent as unrequested spam. Owner threatened to sue for molestation after asking him by mail to stop spam.
Description=Adds RAS phonebook entry and sets it as default. No real privacy policy, EULA is in german. Links to this dialer get sent as unrequested spam. Owner threatened to sue for molestation after asking him by mail to stop spam.
EditDate=20021020
SalisburyID=81
[Aconti]
Company=
Product=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=82
[InterFun]
Company=
Product=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Dialer, some about Ç 50 per call.
Privacy=
Description=Upon clicking 'enter', a window is opened saying 'opening website', while in the background the connection is made.
Description=Tested installer tries to cloak file extension - is labeled scene1.part2.mpeg.exe. Seems to be based on X-Diver. Dial in is up to Ç 300 (above installer for 'Soft Teens') !!!
Description=Dialer for Australia, Austria, Belgium, Germany, Greece, Italy, Luxembourg, Netherlands, Spain, Switzerland, United Kingdom, Finland, Singapore, Ireland, Jordan, Kenya, South Africa, Morocco, Pakistan, Cyprus, Denmark, Kazakstan, Portugal. Does also try to connect to the internet. Runs blindly in the background even if exited.
EditDate=20021020
SalisburyID=92
[EroStars]
Company=Flexcall Medien, Inh. Oliver Penzel
Threat=Dialer
CompanyURL=http://www.partnerprogramme-erotik.de/
Function=Seems to be branch of Hacker.ag or vice versa
Description=Dialer for Germany, Austria, Switzerland, Italy, UK, Spain, Belgium, Netherlands, Greece, Finland, Japan, USA
EditDate=20021020
SalisburyID=93
[RatedXXX]
Threat=Dialer
Description=Dialer for New Zealand (also international calls to NZ), also hijacker of IE start page.
EditDate=20021020
SalisburyID=94
[Huysuzseks]
Threat=Dialer
CompanyProductURL=http://www.turkhatun.com/
Description=Dialer for Australia, Austria, Belgium, Germany, Greece, Italy, Netherlands, Spain, Switzerland, Turkey, UK, US
EditDate=20021020
SalisburyID=95
[PCFun]
Threat=Dialer
Description=Dialer for Italy
EditDate=20021020
SalisburyID=96
[TeenXXX]
Threat=Dialer
Description=Dialer for US, UK, Germany, Netherlands, France, Italy, Albania, Algeria, Anguilla, Argentinia, Australia, Austria, Bahamas, Bangladesh, Barbados, Belgium, Benin, Bermuda, Bosnia & Herzegovina, Brazil, British Virgin Islands, Bulgaria, Burkina Faso, Cameroon, Canada, Chile, China (PRC), Colombia, Congo Republic (formerly Zaire), Cook Islands, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Djibouti, Dominica, Dominican Republic, Egypt, El Salvador, Ethiopia, Faerie Islands, Falkland Islands, Finland, Gabon, Gambia, Gibraltar, Greece, Greenland, Grenada, Guam, Guatemala, Guinea (PRP), Guyana, Haiti, Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Iran, Iraq, Ireland, Israel, Ivory Coast (Cote d'lvoire), Jamaica, Japan, Jordan, Kenya, Korea (South), Kuwait, Lebanon, Lesotho, Liberia, Lybia, Luxembourg, Macau, Madagascar, Malawi, Malaysia, Mali Republic, Malta, Mauritania, Mexico, Montserrat, Morocco, Namibia, Nevis, New Zealand, Nicaragua, Niger, Nigeria, Norway, Oman, Pakistan, Panama, Papua New Guinea, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Russia, Rwanda, St Kitts/Nevis, St Lucia, St Vincent & Grenadines, Saudi Arabia, Senegal, Seychelles Islands, Singapore, Slovak Republic, Slovenia, South Africa, Spain, Sri Lanka, Sudan, Suriname, Sweden, Switzerland, Syria, Taiwan, Thailand, Togo, Tongo Islands, Trinidad & Tobago, Tunisia, Turkey, United Arab Emirates, US Virgin Islands, Uruguay, Venezuela, Yugoslavia, Zambia, Zimbabwe
EditDate=20021020
SalisburyID=97
[eCommerce]
Threat=Dialer
Description=Dialer for Afghanistan, Albania, Algeria, American Samoa, Andorra, Angola, Anguilla, Antigua and Barbuda, Argentina, Armenia, Aruba, Australia, Austra, Bahamas, Barbados, Belarus, Belgium, Belize, Benin, Bermuda, Bolivia, Botswana, Brazil, Brith Virgin Islands, Brunei, Bulgaria, Burkina Faso, Burund, Cambodia, Cameroon, Canada, Cape Verde, Cayman Islands, Central African Republic, Chad, Chile, China, Colombia, Comoros, Congo, Cook Islands, Costa Rica, Croatia, Cuba, Cyprus, Czech Republic, Denmark, Djibouti, Dominica, Dominican Republic, East Timor, Ecuador, Egypt, El Salvador, Equatorial Guinea, Eritrea, Estonia, Ethiopia, Falkland Islands, Faroe Islands, Fiji, Finland, France, French Guinea, French Polynesia, Gabon, Gambia, Germany, Ghana, Gibraltar, Greece, Greenland, Grenada, Guadeloupe, Guam, Guatemala, Guinea, Guinea-Bissau, Guyana, Haiti, Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Iran, Iraq, Ireland, Israel, Italy, Ivory Coast, Jamaica, Japan, Kazakhstan, Kenya, Kiribati, Korea (North), Korea (South), Kuwait, Latvia, Lesotho, Liberia, Lybia, Liechtenstein, Lithuania, Luxembourg, Macau, Madagascar, Malawi, Malaysia, Maldives, Mali, Malta, Marshall Islands, Martinique, Mauritania, Mauritius, Mexico, Moldovo, Monaco, Montserrat, Morocco, Mozambique, Myanmar, Namibia, Nauru, Netherlands, Netherlands Antilles, New Caledonia, New Zealand, Nicaragua, Niger, Nigeria, Niue, Northern Mariana, Norway, Pakistan, Palau, Panama, Papua New Guinea, Paraguay, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Reunion, Romania, Russia, Rwanda, St Kitts/Nevis, St Lucia, Samoa, San Marino, Sao Tome and Principe, Saudi Arabia, Senegal, Seychelles, Singapore, Slovakia, Slovenia, Somalia, South Africa, Spain, Sri Lanka, St. Helena, Sudan, Suriname, Sweden, Switzerland, Taiwan, Tajikistan, Tanzania, Thailand, Togo, Tokelau, Tonga, Trinidad & Tobago, Tunisia, Turkey, Tuvalu, Uganda, Ukraine, United Arab Emirates, UK, US, Uruguay, Vanuatu, Vatican City, Venezuela, Vietnam, Virgins Islands, Wallis and Futuna Island, Yugoslavia, Zaire, Zambia, Zimbabwe, Zolo
EditDate=20021020
SalisburyID=98
[TIBS]
Company=Smooth Content Ltd
Threat=Dialer
Description=Dialer for 4 dozen countries
EditDate=20021020
SalisburyID=99
[00SyncNet]
Threat=Dialer
EditDate=20021020
SalisburyID=100
[GoInDirect]
Threat=Dialer
Description=Dialer for Argentinia, Australia, Austria, Belgum, Bolivia, Brazil, Bulgaria, Canada, Chile, China, Colombia, Croatia, Cyprus, Czech Republic, Denmark, Ecuador, Egypt, Finland, France, Germany, Greece, Honduras, Hong Kong, Hungary, India, Indonesia, Ireland, Israel, Italy, Japan, Jordan, Jorea, Luxembourg, Malaysia, Mexico, Netherlands, New Zealand, Norway, Panama, Paragguay, Peru, Philippines, Poland, Portugal, Puerto Rico, Romania, Russia, Saudi Arabia, Singapore, Slovenia, South Africa, Spain, Sweden, Switzerland, Taiwan, Thailand, Turkey, Ukraine, United Kingdom, Uruguay, Venzuela, Vietnum, Yugoslavia.%0D%0AShows fees only for countries where required.
Company=GoInDirect, 91 Rylander Boulevard Unit 7-240 Toronto Ontario M1B 5M5
Description=Dialer for Germany, Austria, Australia, Spain, Switzerland, USA, Luxembourgh. Comes from a Quiz site. More info in german: http://www.trojaner-info.de/news/dialer_millionengewinnspiel.shtml
Privacy="The connection to the Quiz server will be established on a secure internet connection. Your current line will be disconnected and a new connection will be made. This will be done completely without any troubles for you. For this connection, you'll be charged 1,86Ç by the Deutsche Telekom AG per minute on your next bill. This connection guarantees a fast and save play."
EditDate=20021027
SalisburyID=102
[Casino]
Threat=Dialer
Description=Dialer offering Casino access, violating german law by not telling it will close connection and open it's own. Secretely installs additional code.
EditDate=20021027
SalisburyID=103
[WebInstall]
Threat=Dialer/Hijacker
Company=Multiples, for example: Fussan Internetdienstleistungen
CompanyProductURL=http://www.steffi.cc/
Description=Dialer cloaked as 'Multimedia update' to view webcam pictures. No hint at the dialer functionality.
Threat=Dialer
EditDate=20021108
SalisburyID=104
[eConnect]
CompanyURL=http://cons.xrenoder.com/
CompanyProductURL=http://freehqmovies.com/
Description=Uninstaller available at http://econnect.libereco.com/uninstall/uninstall.exe
Threat=Dialer
Editate=20021109
SalisburyID=105
[MoneyTree]
CompanyProductURL=http://www.bobbiespage.com/
Description=Page installs multiple dialers. Adds itself to the list of trusted publishers. Could be a Central24 dialer because its certificate contains reference to Central24.
Description=Teh targeted dialer product is advertised in spam mail. Mail tells reader that 'Claudia' would commit suicide if the user doesn't dial in.
Privacy=[translated from german:]%0d%0Aº3.1: The webmaster may advertise as much as he wants according to his own ideas. Only the webmaster is responsible for the statements in this advertisement.[...]%0D%0Aº3.3: The webmaster agrees to keep IBS AG free of all disadvantages that could result through his bad behaviour.
Description=Seems to be very much the same as StarLux
SalisburyID=109
[CodeWeb]
Threat=Dialer
EditDate=20021120
Privacy="If you are of age only. NO VIRUS FOUND. The web site contains EROTIC LIVE WEBCAMS, PHOTOS, HARD MOVIES, MESSAGES AND VIDEO MESSAGES for adults only. If you click on Yes, the program disconnects you from your current provider and connects you again through a service that costs 2 EUR + IVA (2,4 EUR altogether) for minute, setting that as default connection. Please, use this connection to reach our services only. By making easier the access to the restricted area, the program sets that of the restricted area as start page. If you agree with the terms of use, IF YOU ARE OF AGE AND WANT TO SEE PORNOGRAPHIC STUFF, CLICK ON YES"
Description=Deletes its download file after installation
SalisburyID=118
[Dialler]
Threat=Dialer
EditDate=20030106
CompanyProductURL=http://powerdialler.com/
SalisburyID=119
[MasterConnector]
Threat=Dialer
EditDate=20020215
Company=Firstway Medien GmbH
Description=Dialup fee 59 Euro.
SalisburyID=278
[AllCyberSearch]
Company=Unknown
Product=AllCyberSearch
Threat=Browser hijacker
CompanyURL=http://www.allcybersearch.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Redirects IE standard search pages to the AllCyberSearch search page. Same Family as EzCyberSearch and GoCyberSearch (which is also listed as AllCyberSearch). Includes also TinyBar which seems to be the same page.
Privacy=Couldn't find a privacy statement
Description=There is no privavy statement on their website, so nobody knows what they data they collect and what they use it for.
EditDate=20021020
SalisburyID=26
[GoCyberSearch]
Company=Unknown
Product=GoCyberSearch
Threat=Browser hijacker
CompanyURL=http://www.gocybersearch.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=Couldn't find a privacy statement
Description=There is no privavy statement on their website, so nobody knows what they data they collect and what they use it for. The list of keywords is unprotected at http://www.gocybersearch.com/searchbar/log-clicks-bar.csv . The same directory also contains some scripts giving statistics to everyone who wants to look at them.
EditDate=20021020
SalisburyID=27
[Cool-XXX]
Company=
Product=Cool-XXX
Threat=Browser hijacker
CompanyURL=http://www.cool-xxx.net/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=28
[Duolaimi]
Company=
Product=
Threat=(Unverified) Browser hijacker
CompanyURL=http://www.duolaimi.net/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=According to the CEXX forum, resets start page to use duolaimi.net as a forwarder to the real start page, and locks the start page settings. Clicking on a category on duolaimi.net also opens a hidden window doing some very memory-intensive script operations.
Description=Sets IE start page, uses an unidentified ActiveX component to uninstall settings.
EditDate=20021020
SalisburyID=30
[PassThisOn]
Company=
Product=
Threat=Browser hijacker
CompanyURL=http://www.passthison.com/
CompanyProductURL=
CompanyPrivacyURL=http://www.passthison.com/
Functionality=
Privacy=
Description=Asks you continously to set your IE start page. More info at http://news.com.com/2100-1023-253074.html?legacy=cnet
EditDate=20021020
SalisburyID=31
[RocketSearch]
Company=
Product=
Threat=Browser hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Asks to be set as start page when visiting http://www.netperception.com/ , currently for sale.
EditDate=20021020
SalisburyID=32
[UnderageHost]
Company=
Product=
Threat=Browser hijacker
CompanyURL=
CompanyProductURL=http://www.loading-lolita.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Silently sets itself as IE start- and search pages (furthermore done by a file on every system start), and adds some favourites. Anyone visiting the site that installs it is sick!
EditDate=20021020
SalisburyID=33
[SuperSexPass]
Company=
Product=
Threat=(Unverified) Browser hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Redirects MSN search for URLs that could not be resolved.
EditDate=20021020
SalisburyID=34
[NetzAny]
Company=
Product=NetzAny
Threat=Browser Hijacker
CompanyURL=http://www.netzany.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=35
[FindTheWebsiteYouNeed]
Company=FindTheWebsiteYouNeed
Product=FindTheWebsiteYouNeed
Threat=Browser Hijacker
CompanyURL=http://www.findthewebsiteyouneed.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Seems to install using some exploit - user doesn't get asked, but on next IE start, start & search pages are set.
Privacy=From the License Agreement:%0D%0A"You are in full agreement that to gather the information necessary to provide our Information service requires our Software to gather URL and duration information of all web sites visits by the person using your computer while browsing the Internet. This information is then transferred to our database in order to provide you and other users with our 7FaSSt Search (tm) traffic reports. You are in full agreement to the transfer of any and all information necessary to provide the 7FaSSt Search(tm) services to others."
Description=Storing the tracked data in a database is bad enough, but what is meant by the last sentence? Transfer of all data to make the search engine services available to /others/?.%0D%0AAfter installation, the user is asked to enter user name and email address as if that would be necessary for use.
EditDate=20021020
SalisburyID=37
[CnsMin]
Threat=Browser hijacker
CompanyURL=http://www.3721.com/
EditDate=20021020
SalisburyID=38
[System1060]
Threat=Browser hijacker
Description=Set of files that do everything to appear as system files. Named taskmgr.exe and twunk_64.exe, both even have the original Microsoft description in their properties, but they don't have the original functionality. Instead, they begin phoning home on system start.
EditDate=20021020
SalisburyID=39
[Xupiter]
Threat=Browser hijacker/BHO
Description=A hijacker that comes with it's own IE toolbar.
CompanyURL=http://www.xupiter.com/
CompanyProductURL=http://www.xupiter.com/
EditDate=20021020
SalisburyID=40
[RapidBlaster]
Threat=BHO
Functionality=Offers porn
Description=Runs in background and connects in short intervals to the internet.
Privacy=For your convenience, Rapid Blaster auto installs new versions of the download to ensure your software is working to its highest capacity.%0D%0ARapid Blaster is not responsible for the privacy policies or the content of websites that are using the Rapid blaster.%0D%0ARapid Blaster reserves the right to modify this Privacy Policy, as well as the other Terms of Use, from time to time, without notice.
SalisburyID=41
[SearchAndBrowse]
Threat=BHO/Hijacker
Company=WebEnhancement Corp.
companyURL=http://www.searchandbrowse.com/
CompanyProductURL=http://www.gtawarehouse.com/
Description=Installs a new toolbar upon leaving page. %0D%0ASee more information here: http://and.doxdesk.com/parasite/SearchAndBrowse.html
Description=The browser start page gets reset to this page if you install Ultimate Popup Killer from their homepage for free. To get rid of it, you have to uninstall Ultimate Popup Killer.
EditDate=20021109
SalisburyID=44
[FreeHQMovies]
EditDate=20021109
CompanyProductURL=http://www.freehqmovies.com/
Description=Pages installs dialer and hijacks IE to itself.
SalisburyID=45
[Jethomepage]
EditDate=20021113
Threat=Hijacker
CompanyURL=http://www.jethomepage.com/
Privacy=No privacy policy
SalisburyID=46
[PlanColumbia]
Threat=Hijacker
EditDate=20021113
Description=Replaces startup and shutdown screen. See additional information here:%0D%0Ahttp://www.symantec.com/avcenter/venc/data/vbs.plan.a.html
SalisburyID=47
[StartSurfing]
EditDate=20021114
Functionality=Popup blocker.
Description=Blocks all internet access. An effective way to block popup, yes. After removal, you need to adjust your IE proxy settings. Should work as a local proxy. Danger because installed directly by found404.com popunder ads.
Privacy=To insure you always have the latest version and for your convenience this software will automatically update itself from time to time once installed. Also we will download other companies programs to your computer which you will have the choice to install or not install once downloaded.%0D%0ATo prevent your browser from becoming cluttered when our toolbar is installed, any other toolbars you currently have visible will be deactivated. They can be restored manually through the Internet Explorer "View" menu.%0D%0AOnce installed if you decide to change your start or search page this information will be sent back to our server. Also information in regards to your browsing will be sent to our servers, such as how long you surf for, and your surfing habits.
SalisburyID=49
[XRenoder]
Threat=Hijacker
EditDate=20021120
Description=Detected as 'Common hijacker', hijacks MSN pages.
SalisburyID=50
[Anal-Oral]
Threat=Hijacker
EditDate=20021120
CompanyProductURL=http://www.anal-oral.net
Description=Hijacks thehun.net and thehun.com pages.
SalisburyID=51
[QcBar]
Threat=Hijacker
EditDate=20021121
Description=Hijacker that adds tons of favorites and its own toolbar to display them.
Privacy=Why we need to obtain personal information ABOUT YOU%0D%0AYour personal information is used to enable us to deliver our online products and services to you.[...]%0D%0AWhat we do with your personal information%0D%0AYour email address and other personal information may be used to enable us to send you marketing or promotional material (such as promotional offers) on other products and services that we consider may be of interest to you.[...] The information you provide to Roar is also shared among our subsidiaries and the operators of our affiliated websites.
Description=Even personal information is collected and shared.
EditDate=20021123
Threat=Hijacker/Spyware
SalisburyID=53
[SearchAccurate]
Threat=BHO/Hijacker
EditDate=20021126
Description=Toolbar for IE with some advertisement links. Resets IE start page on each system start.
SalisburyID=54
[MSN Messenger Polygamy]
Company=Asdfuae
Product=MSN Messenger Polygamy
Threat=Browser hijacker
CompanyURL=http://www.asdfuae.tk/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=IE menu extension
Privacy=
Description=Adds an IE menu extension linking to Asdfuae's Messenger related website
Description=No privacy violation (except keywords are stored in combination with your IP), but installation removes all other installed BHOs. In addition, it hijacks the MS search pages to their own homepage.
Privacy=Our use of your personal or financial information or other information gathered by cookies is used for the limited purpose of fulfilling your requests for service, securing your internet experience, and realizing the demographic which we are serving so that we can continue to serve you better. The information that we collect directly from you includes IP Address, Browser Type, Time Stamps, Operating System, ISP (internet service provider), transactions placed, products and services used, and some banner ads that you may view. All of these are used solely for our internal benefit to create a better operational product and a record of your transaction in case of some failure immediately thereafter.
Description=HotPhrase seems to be a more harmless variant of SpeedPrhase.
SalisburyID=57
[SpeedPhrase]
Company=SpeedPhrase Corporation
CompanyURL=http://www.speedphrase.com/
CompanyProductURL=http://www.speedphrase.com/
Threat=Possible spyware/Malware
Description=Contrary to HotPhrase, the SpeedPhrase homepage contains no privacy policy at all, and installation of SpeedPhrase deletes all other registered Browser Helper Objects!
SalisburyID=58
[I-Lookup]
CompanyURL=http://www.i-lookup.com/
SalisburyID=59
[BandObjects]
Product=Bandobjects aka Go aka EStart.
CompanyProductURL=http://topsitez.us
EditDate=20030122
Description=Hijacks Internet Explorer start and search site, deleted Microsoft links from Favorites, and adds its own. That it creates log files in the root may hint that it'sin development and new versions may be coming.
SalisburyID=279
[SearchEx]
Threat=Adware/Trojan
Description=The newest form of this is documented by McAfee: http://vil.mcafee.com/dispVirus.asp?virus_k=100052
Description=Stealth, sends log as mail. Uses the AFP File Monitor & Protector to protect itself against removal. Please boot into safe mode before removing.
Functionality=Monitors keystrokes, passwords, URLs, running applications, access to private files.
Privacy=
Description=
EditDate=20021217
SalisburyID=171
[RadLight Media Player]
Company=
Product=RadLight Media Player
Threat=Tries to uninstall Ad-Aware
CompanyURL=http://www.radlight.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=DivX player
Privacy=From the license agreement shown upon install: You are not allowed to use any third party program (e.g Ad-aware) to uninstall application bundled with RadLight. Such programs will be removed. If you want to uninstall them, you may do so via Add/Remove in Windows' Control Panel.
Description=This application tries to remove Ad-Aware files upon install (a newer release warns clearly about that). Removal of these files is only recommended and necessary if you no longer comply to their license agreement.
Privacy=Author unknown (referrer ID: AAL611 at www.ignifuge.com)
Description=This application promises to be the alround solution to scan for viruses, clean the harddisk and more, but really is just a small window labeled 'MONEY' and a bigger banner, and by clicking on one of them the user gets redirected to a website where the unknown author gets money for every person he refers.
Description=Upon installation, sends mails to all people on your email contact list. See also http://vil.nai.com/vil/content/v_99760.htm
SalisburyID=23
[TotemShared Updater]
Threat=Malware
Description=Updater sending out statistics. Is kept even when host application is uninstalled. The startup entry is named as Uninstall0001 to fool the user into thinking this would be a one-time entry and not a permanent updater.
Description=Spends your bandwidth by downloading content that you 'may' want to see in the future, and allowing other users of the same client to download from your computer.
Privacy=When you are on-line, therefore, the Software may share Published Content that resides on your computer system with other Red Swoosh Clients that have requested such Published Content.%0D%0AFinally, from time to time the Red Swoosh Client may download to your computer system a particular item of Published Content or other information that may be of interest to you, as determined by the Published Content you have downloaded in the past.%0D%0AWe do need to monitor and retain the version of your Web browser, your computer's operating system, your connection speed, your Internet protocol address, the identifier associated with your Red Swoosh Client, and the Published Content that is available on your computer for download through the Red Swoosh network, and we also monitor and retain information regarding the transmission of Published Content as described below.%0D%0ATo attempt to make your downloads more efficient, Red Swoosh needs to know when you are online. Accordingly, each time a computer on which a Red Swoosh Client is installed logs on to the Internet, our server notes the time that it logged on and collects the information described in Section 3(b).
SalisburyID=25
[DyFuCA]
EditDate=20030120
Threat=Malware
Description=Drive-by download connecting to sextracker.com and trying to download Internet Optimizer by Avenue A Media
SalisburyID=284
[ComLoad]
EditDate=20030130
Threat=Malware/Security risk
Description=ActiveX control that will allow websites to load and run any executable program. Used for example by Coulomb ( http://www.coulomb.co.uk/ ). More information: http://www.doxdesk.com/parasite/Comload.html
SalisburyID=285
[Haczyk]
EditDate=20030130
Threat=Malware
Description=Installs unwanted, function unknown, but has a lot of tasks running at system startup.
SalisburyID=286
[BPS Spyware Remover]
Company=BulletProofSoft
Threat=Malware
Description=Uses a stolen Spybot-S&D database and is therefore a copyright infringement.
SalisburyID=287
[SpywareNuker]
Threat=Adware/Possible spyware/Malware
EditDate=20021208
CompanyURL=http://www.trekblue.com/
CompanyProductURL=http://www.spywarenuker.com/
Company=TrekBlue
Functionality=Supposed spyware removal utility.
Privacy=4. ACKNOWLEDGEMENT OF VALUE-ADDED APPLICATIONS%0D%0AYou acknowledge that the "Trek Blue" Program(s) include technology which allows "Trek Blue" to provide updates to the software directly to your computer. Additionally, you acknowledge that you wish to receive software and technology as updates at the discretion of "Trek Blue" for the purposes of complimenting or enhancing the "Trek Blue" Program(s). By installing, downloading, copying, updating or otherwise using the "Trek Blue" Program(s), you specifically agree to include and/or accept the noted software and technology through which "Trek Blue", its subsidiaries, affiliates, partners, divisions, and clients provide value-added upgrades and applications to your computer. You acknowledge that you desire to receive value added applications, if any, from "Trek Blue", its subsidiaries, affiliates, partners, divisions, and clients. You acknowledge that you desire to receive value-added content and applications as a condition to using the "Trek Blue" Program(s).
Description=Heavily advertisement by spam (unsolisicited email advertisement); phoning home on program start; silently installing updates and content (meaning advertisement) into your system. Those applications may even come from third parties. No limitation is made about this 'value-added' content, meaning the license allows them to install any spyware into your system without your knowledge. In addition, using the program isn't safe - LSP hijackers get removed, but the Winsock not fixed so you would loose your internet connections. Uses a stolen Spybot-S&D database and is therefore a copyright infringement.
Description=There's a security hole in IE allowing websites to execute code without asking you first. You can find more information at http://security.greymagic.com/adv/gm001-ie/
Functionality=Internet Explorer toolbar providing additional information and related links about visited websites.
Privacy=ALEXA COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS WHILE USING THE ALEXA SOFTWARE, AND, WITH VERSIONS 5.0 AND HIGHER OF THE BROWSER COMPANION SOFTWARE, THE PRODUCTS YOU PURCHASE ONLINE. ALTHOUGH ALEXA DOES NOT ATTEMPT TO ANALYZE WEB USAGE DATA TO DETERMINE THE IDENTITY OF ANY ALEXA USER, SOME INFORMATION COLLECTED BY THE SOFTWARE IS PERSONALLY IDENTIFIABLE. ALEXA AGGREGATES AND ANALYZES THE INFORMATION IT COLLECTS TO IMPROVE ITS SERVICE AND TO PREPARE REPORTS ABOUT AGGREGATE WEB USAGE AND SHOPPING HABITS.%0D%0A[...]%0D%0AWe employ other companies and individuals to perform functions on our behalf, such as technical support services. To perform those functions, it may be necessary for them to obtain access to AlexaÆs databases and servers, which may contain personally identifying information about users. They may not use such access or information for any purpose other than that for which they are retained.
Description=The privacy statement says it all. They are storing quite a lot information, including personal data like accounts (if account data is used in URL). They give other companies access to their databases; those may only use the data to what it was retained for. The statements says what the data was retained for, but doesn't give exlusions what it isn't retained for.
Functionality=Installs unknown items & advertisement popups on your system.
Privacy=BackWeb: Stay in the loop With BackWeb's reporting capabilities, you'll know who received each delivery, when they received it, and how they interacted with it.%0D%0ACameoCast: CameoCAST pushes content to your hard drive while you are online.%0D%0A[...]This information such as the type of browser being used, its operating system, and your IP address, is gathered in order to enhance your online experience.
Description=Comes with Western Digital Data Lifeline as well as with HP & Compaq systems. If you intended to install the normal BackWeb, please add BackWeb to your exclude list. But if you know nothing about installing BackWeb, chances are good that it is the 'lite' version. This one connects to a Cameocast server (Source: http://www.cexx.org/dlgli.htm), and you can read Cameo's privavy statement above.
Privacy=[...]With respect to Ad Servers: To try and bring you offers that are of interest to you, we have relationships with other companies that we allow to place ads on our Web pages. As a result of your visit to our site, ad server companies may collect information such as your domain type, your IP address and clickstream information. For further information, consult the privacy policies of:%0D%0Awww.linkshare.com%0D%0Awww.cj.com%0D%0Awww.reporting.net%0D%0Awww.directleads.com%0D%0Awww.performics.com%0D%0Awww.sitemeter.com%0D%0Awww.websponsors.com
Description=Privacy policy itself does not fulfil any spyware criteria, but does seem to hit only the website, not the installed software.
EditDate=20021020
SalisburyID=178
[BDE Projector]
Company=Brilliant Digital
Product=B3D Projector/Brilliant Digital Entertainment
Functionality=Plays 3d online files, stealth P2P network
Privacy=
Description=According to News.com (http://news.com.com/2100-1023-873181.html), the BDE Software contains technologie that would allow Brilliant Digital to turn every computer with BDE installed into a node of a Brilliant controlled network. Thus Brilliant could use your computer for distributed computing without your knowledge.
Privacy=The privacy policy link links to pages that doesn't contain any information about privacy. The link above I found on another website concering BonziBuddy. But it doesn't say anything the software.
Description=User reports on http://accs-net.com/smallfish/bonzi.htm tell about lots of unnecessary connections, even after uninstall. The missing privacy policy for the product is another point to avoid this program.
EditDate=20021020
SalisburyID=180
[BrowserToolbar]
Company=
Product=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Backdoor. Information about this one was collected from Symantec ( http://www.sarc.com/avcenter/venc/data/backdoor.autoupder.html ) and Trend Micro ( http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUA.A ) homepages, as I couldn't yet catch it.
EditDate=20021020
SalisburyID=181
[Bulla]
Company=Bulla Software Publishing
Product=Bulla Internet Explorer Browser Plugin
Threat=Tracking BHO
CompanyURL=http://www.bulla.com/
CompanyProductURL=http://www.bulla.com/
CompanyPrivacyURL=
Functionality=Announces to pay for clicking banners
Privacy=No Privacy Policy available online.
Description=According to http://and.doxdesk.com/parasite/Bulla.html all URLs are transmitted combined with a GUID. Installation works using an ActiveX component that has no trusted certificate. License Agreement in INF-Tool Demo (the installer) contains blank fields for authors name, email etc... The Bulla BHO redirects the browser startpage. May be a false positive if only the IEPlugin system file and browser helper object are found.
EditDate=20021020
SalisburyID=182
[C2.lop]
Company=C2 Media Ltd.
Product=
Threat=Browser hijacker, porn dialer
CompanyURL=http://www.lop.com/
CompanyProductURL=http://www.lop.com/
CompanyPrivacyURL=http://lop.com/privacy.html
Functionality=Search page & MP3 search engine
Privacy=We collect the following information:%0D%0AClick-stream data%0D%0AHTTP protocol elements%0D%0ASearch terms%0D%0AThis data will be used for the following purposes:%0D%0ACompletion and support of the current activity.%0D%0AWeb site and system administration.%0D%0AResearch and development.%0D%0AThis data will be used by ourselves and our agents.
Description=If security settings of IE are low, the TeenSex dialer is installed without asking the user. If not, the every few clicks a message box will pop up asking to install the direct access (means dialer). The user can choose to set lop.com as his IE start page by clicking a link to the bottom.%0D%0AA new lop.com dialer is also installed from http://www1.lop.com/dialer/go/
EditDate=20021020
SalisburyID=183
[CashBar]
Company=
Product=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=184
[CL/PRS]
Company=
Product=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=185
[ClickTheButton]
Company=
Product=ClickTheButton
Threat=Spyware
CompanyURL=http://www.clickthebutton.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Shopping helper
Privacy=
Description=ClickTheButton monitors your visits to shopping sites.
EditDate=20021020
SalisburyID=186
[ClickTillUWin]
Company=ClickTillUWin.com (owned and operated by Strategic Advertising Services)
Privacy=When playing ClickTillUWin, each lotto ticket requires the user to view a ten-second, full-page advertisement from one of our sponsors. In addition, from time to time, ClickTillUWin will show you occasional offers or opportunities for other targeted products or services based upon the URL destinations you visit at any given time.
Description=Hides itself using the name Explorer.exe. F-Secure lists it as a trojan (http://www.europe.f-secure.com/v-descs/dlder.shtml).
Functionality=Cursors add-ons for Internet Explorer
Privacy=
Description=I couldn't review the privacy statement for 4.0 because I got a 404 (File not found error). According to http://and.doxdesk.com/parasite/CometCursor.html , Comet Systems tracks what websites using Comet Cursors you visit.
Privacy=If you download and install the Software in order to use the CommonName(TM) service to locate a web site ("Software User"), CommonName(TM) collects personally identifiable information such as your name, your company name, your contact telephone number, your address, your e-mail address, your country of residence and your postal code, to enable us to provide you with appropriate customer service and support.%0D%0A[...]CommonName(TM) may share your personally identifiable information with the following third parties for the following purposes:[...]In order to bring the CommonName(TM) service to you, we have entered and may enter into arrangements with certain business partners such as web browser providers, search engines and internet service providers. Where it is necessary to share your personally identifiable information such as name and e-mail address with our business partners we will do so but only to the extent necessary for them to provide the specific services that they are required to.[...]
Description=The Privacy Statement makes it clear: they are collection personally identifiable information and giving it away: "We may sell or pass on your personally identifiable information to carefully selected organisations in which you may be interested."
Description=Cydoor has been using unique user IDs in the past, but is stating to do that no longer.%0D%0AFOR YOUR INFORMATION: It may be illegal and surely is illegitimate to use Cydoor-infected software after you have replaced Cydoor with the dummy. The dummy is only provided so that you may save all your data from the infected software after it has been cleaned; it is strongly suggested that you look for a spyware-free alternative.
Functionality=A download manager that has very useful features like splitted downloads.
Privacy=[...] SpeedBit may gather contact information and other personally identifiable information (such as username, e-mail address, country and zip-code), and demographic information (like their age, occupation or gender). SpeedBit, it's partners, affiliates or other third parties may use any information submitted or collected from you.
Description=See the privacy policy: anyone may use any collected information. To do that, DAP (at least older versions) tries to open a connection even if no downloads are queued. And the Internet Explorer toolbar was unstable on the Windows 98 SE system I tested it on.%0D%0AOne more thing: I couldn't find a link on their webpage that is pointing to the privacy statement URL above. Right now, you will only see it if you install DAP.
Functionality=Wants to deliver the newest downloads
Privacy=Unique Identifiers for End Users. [...] It also allows Downloadware to collect information regarding your own use of, and interaction with advertising [...]
Description=Not a threat itself, but it takes no responsibility for the software it installs on your machine. According to http://and.doxdesk.com/parasite/DownloadWare.html it will also install a dialer. Another bad thing is that the user can see no way how he can get those 'newest downloads' - there's no desktop icon or start menu item for this app!
Privacy=Expedioware never captures your name, e-mail address or any way of identifying you as the person who entered the information. Once you register you will receive a registration number will allow you to continue to use the third-party software.
Description=Only possible threat is the continued use of a personal ID (registration number).
Privacy=However, in order to provide the service, the eZula application collects information about its activity, such as the keywords that the application was activated on. When you react to the highlights then eZula will also collect a standard web log that may include more information about the action such as IP address, time etc.
Description=
XBlockID=9
EditDate=20021020
SalisburyID=198
[FlashTrack]
Company=FlashTrack, a division of FlashPoint Media, Ltd.
Description=McAfee detects this as a trojan (Source: http://vil.mcafee.com/dispVirus.asp?virus_k=99206&). And the Privacy Policy at the above address is not for the software. FlashTrack monitors web pages viewed and terms entered into online forms.
EditDate=20021020
SalisburyID=199
[Flyswat]
Company=FlySwat
Product=FlySwat
Threat=Adware/Spyware
CompanyURL=http://www.flyswat.com (unreachable)
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Search Enhancement for IE.
Privacy=Privacy Policy: The flyswat service logs anonymous click-streams as users navigate the Web. This data has no personal or demographic information associated with it and will be considered only in aggregate form. flyswat uses this information for product enhancement and may also share it with our partners to use for product enhancement.%0D%0AFAQ: If the flyswat application on your computer ever fails, it will automatically send a diagnosis back to the flyswat server, with information about the type of system and state of usage when flyswat failed."%0D%0A(Both sources: http://accs-net.com/smallfish/flyswat.htm)
Description=Flyswat creates a User ID to every user.
Functionality=Fills in passwords for you and shows you a lot of ads.
Privacy=Some information we may collect, use, and associate with your Anonymous ID includes:%0D%0AWhich web pages your computer views and how much time is spent at those sites%0D%0AYour response to the ads we display%0D%0AStandard web log information and system settings%0D%0AWhat software is on your computer%0D%0AYour first name, country, and five digit ZIP code%0D%0AYour GAINware usage characteristics and preferences%0D%0AInformation associated with your Anonymous ID is used in any of three ways: a) to offer assistance (e.g. knowing when to offer help filling in a form or adjust your computer's clock), b) to select and deliver installation files for optional new GAINware and/or third party software applications, and c) to deliver advertisements and information to you on behalf of our advertisers who are often competitors of the web sites you are viewing.
Description=Upon visit of some Gator related pages, it tries to download and install. According to Tribune Media Services (via http://www.securitynewsportal.com/ via http://www.cexx.org/gator.htm): "Gator tracks the sites that users visit and forwards that data back to the company's servers. Gator sells the use of this information to advertisers who can purchase the opportunity to make ads pop up at certain moments, such as when specific words appear on a screen. It also lets companies launch a pop-up ad when users visit a competitor's Web site."%0D%0AAnd Gator saves your identity in the HKEY_CLASSES_ROOT\CLSID section of the registry - good place to hide, if you've got something to hide.
Functionality=Wants to provide free full length streaming movies.
Privacy=3. Several PROMOTIONAL CONSOLES (daughter consoles/interstitials) may be launched for the duration of time you spend online. These consoles may continue to be launched as long as you have the GoHip! BROWSER ENHANCEMENT installed on your machine. GoHip! does not monitor the activities or collect information from users once they have left www.gohip.com.
Description=What does that mean? They open consoles for an outside company, and they reject any responsibility for what that outside company does. From the product description: "These promotional consoles are provided by an outside advertising agency, InternetFuel.com."
Privacy=For our Pop-Up Ads, very little information is required, other than knowing in what part of the world you are located. (For example, zip code, country code, etc.) Any information you provide is used to make your ad viewing a pleasant, beneficial experience by providing you with ads more closely aligned with your interests.
Functionality=Improves IEs look and provides an additional toolbar containing tailored ads.
Privacy=HOTBAR COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW AND THE DATA YOU ENTER IN SEARCH ENGINE SEARCH FIELDS WHILE USING THE SOFTWARE. HOTBAR USES THIS INFORMATION TO DETERMINE WHICH ADS AND BUTTONS TO DISPLAY ON YOUR HOTBAR TOOLBAR AND WHICH ADS TO SHOW YOUR BROWSER.
Functionality=A typical IE toolbar offering search and advertising
Privacy=12. UPDATES. You grant IMI permission to add/remove features and/or functions to the existing software and/or service, or to install new applications, at any time, in its sole discretion with or without your knowledge and/or interaction. You also grant IMI permission to make any changes to the software and/or service provided at any time.
Description=See Terms Of Use. IMI may change the software at any time and upload it to your computer without your knowledge. It also breaches your security by sending the whole URL to their server whenever it contains one of their keywords.
EditDate=20021020
SalisburyID=205
[INetSpeak]
Company=Jaypee Systems
Product=INetSpeak
Threat=Adware/BHO
CompanyURL=http://www.music-magnet.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Advertisement installed through MusicMagnet
Privacy=
Description=No privacy policy or any mentioning of the BHO found on website.
Functionality=A proxy boasting to improve internet speed, while monitoring your internet use to make prognoses.
Privacy=Marketscore monitors your surfing, essentially logging information about the web pages that you visit and the actions that you take, such as the purchases and transactions you make. [...] Please note that while we do not sell any personally identifiable member information, we do share personally identifiable information with those third parties who help us deliver the Marketscore service to you.
Privacy=We collect aggregate information about the number of AdTools' products downloaded and run, whether they are passed on, how the product is used, and which sites are visited as a result of interaction with the product.
Description=This product saves an identifier and keeps track of you like stated in the Privavy statement quoted above. A named feature on AdTools' website is: 'Comprehensive tracking'.
Privacy=If you are providing us Personally Identifiable Information, it will only be used within the AWS, Inc Internet domains unless you choose to allow third party data sharing (by opting in for such distribution during the registration process). Should you choose to provide your information to third parties, WeatherBug.com will share aspects of your information with our valued partners.
Description=My tests showed connections to DoubleClick, a company known for tracking cookies. WeatherBug also seems to have no button to close it - without killing it the hard way, it will run all the time.
Description=The MS Media Player assigns a unique ID to your machine that is transmitted each time the CD player queries the database for the name of a CD and its titles. It may also be transmitted when downloaded codecs.
EditDate=20021020
SalisburyID=210
[MS Works]
Company=Microsoft
Product=Works
Threat=Auto-Updater
CompanyURL=http://www.microsoft.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Office package auto updating executable.
Privacy=
Description=While removing this will stop Works from phoning home, it may also stop the spell checking in Outlook Express from working!
Functionality=I can't see any more functionality then providing ads.
Privacy=When you register with one of 180Solutions' distribution partners, you may be asked to provide certain personal information about yourself and your interests. In some cases, non-personally identifiable information about you may be passed to us by the partner. This may include, but is not limited to, your age, sex, geographic region and interests.%0D%0A[...] When n-CASE is actively running on your computer, the software generates logs of your surfing activity, including web pages you have visited and the order in which you visited these pages. These logs are then uploaded to 180Solutions' secure servers. We use these logs for market research purposes and to provide you with offers and content specifically targeted to your interests and habits. 180Solutions stores these logs on our servers, for our use.
Privacy=Access and Interference: You agree that you will not use any robot, spider, other automatic or manual device or process to interfere or attempt to interfere with the proper working of Supplied Licensed Materials.
Description=According to http://and.doxdesk.com/parasite/NetworkEssentials.html it sends visited URLs to its controlling servers. There is a privacy statement for the website, and a link to the terms that should contain 'SmartPops.com downloadable Application Privacy Statement' (& License Agreement), but I couldn't find any privacy information in that second one. Only that you may not interfere with its proper working.
Functionality=New.net wants to give access to new non-official top-level-domains.
Privacy=
Description=Even though they state that millions of users use their system, I've never run about such a domain, so I would call it safe to remove it without any loss. Also, New.Nets TLDs are not officially approved.
Privacy=From the License Agreement: Creative does not warrant that the functions contained in the Software will meet your requirements or that the operation of the Software will be uninterrupted, error-free or free from malicious code.
Description=Data is saved with the file extension .sys - do they have something to hide? I couldn't find anything about it in the License Agreement. There is no License Agreement or Privacy Policy shown before the installation, so the only available Privacy Policy is the general online Privacy Policy, which won't say a word about the News Update Engine.
EditDate=20021020
SalisburyID=215
[Onflow]
Company=Onflow Corporation
Product=Onflow Media Player
Threat=Adware/Possibly Spyware
CompanyURL=http://onflow.com/
CompanyProductURL=http://onflow.com/
CompanyPrivacyURL=http://onflow.com/legal/
Functionality=Wants to provide fully interactive online animation.
Privacy=Each time the Onflow Player displays images, it transmits data to our server such as the serial number of the Player, the image displayed, the web page in which it was shown and whether you moved your mouse over the image or clicked on it.
Description=Hides it purpose to bring you more ads under the cloak of a 'media player'.
Privacy=In the process of delivering this content, as well as performing online transactions, Radiate will sometimes query you for demographic data (gender, age, zip code, etc.). We will not collect any personally identifiable information about you (name, address, telephone number, email address) unless you provide it to us voluntarily. All of this information is aggregated for the purposes of reporting to advertisers and ad sales organizations the performance of their advertising campaigns.
Functionality=SaveNow wants people in the US help shopping. It wants to give you additional (advertisement) information whenever you surf, e.g. use a search engine.
Privacy=The Internet is an evolving medium and WhenU.com may change its privacy policy from time to time. Please review the WhenU.com privacy policy often. Use of any WhenU.com product indicates your knowledge and acceptance of the privacy policy posted on the WhenU.com site and toolbar at that time.
Description=Hiding data by misusing a structure in the registry reserved for other stuff doesn't help you trust a software. But anyway, who would use a software if he had to look up the current Privacy Policy every time?
Functionality=Provides you with 'coupon, cash back offer, donation to a school or charity or some other offer'
Privacy=By shifting the processing power to your desktop PC, TopMoxie is the only browser companion that places complete control of privacy issues in the hands of the consumer. The reminder service, powered by TopMoxie, does not collect any personally identifiable information from users and therefore ensures privacy protection and end-user anonymity.
Description=A good privacy statement, and it looks like harmless adware. But a quote from the EULA: "When installed on your computer, the software periodically communicates with our servers in order to update and monitor the Services. We may update the software on your computer when a new version is released or when new features are added". The EULA doesn't mention wether their privacy statement will still be valid for those updates.
Privacy=RankYou.com has partnered with Targitmail.com to make available special offers, discounts, and promotional announcements as an added value service to our subscribers. TargitMail.com will not make available any personal information to any fourth party.
Privacy=Providing personnally identifiable information, such as your e-mail address, will allow us to notify you of updates to our services and concerning products and/or services that we determine you would be interested in.
Description=Accord to http://and.doxdesk.com/parasite/UCmore.html every URL is transmitted with a unique ID.
Privacy=The software collects and transmits to Mindset servers the URLs of the Web pages visited on your browser. URLs are the addresses of the web pages that your browser visits (http://www.Mindseti.com, for example). The Mindset software collects and maintains information on both current and historical browsing. Mindset will use this information to build a summary of your interests so that Mindset can help its partners make relevant and personalized offers to you.%0D%0AMindset and its affiliates' software also collects some information from online forms that you fill out. This information is sent to us in order to save you the time and trouble of submitting such information to us yourself. We use this information to allow our partners to reach you with only those personalized and targeted offers and advertisements that may be relevant to your interests.
Description=How friendly those people at Mindset are. They are collecting information about you and transmit it back to themselves, so you don't need to bother to do it yourself!
Privacy=The software collects and transmits to Mindset servers the URLs of the Web pages visited on your browser. URLs are the addresses of the web pages that your browser visits (http://www.Mindseti.com, for example). The Mindset software collects and maintains information on both current and historical browsing. Mindset will use this information to build a summary of your interests so that Mindset can help its partners make relevant and personalized offers to you.%0D%0AMindset and its affiliates' software also collects some information from online forms that you fill out. This information is sent to us in order to save you the time and trouble of submitting such information to us yourself. We use this information to allow our partners to reach you with only those personalized and targeted offers and advertisements that may be relevant to your interests.
Description=How friendly those people at Mindset are. They are collecting information about you and transmit it back to themselves, so you don't need to bother to do it yourself!
Privacy=The software collects and transmits to Mindset servers the URLs of the Web pages visited on your browser. URLs are the addresses of the web pages that your browser visits (http://www.Mindseti.com, for example). The Mindset software collects and maintains information on both current and historical browsing. Mindset will use this information to build a summary of your interests so that Mindset can help its partners make relevant and personalized offers to you.%0D%0AMindset and its affiliates' software also collects some information from online forms that you fill out. This information is sent to us in order to save you the time and trouble of submitting such information to us yourself. We use this information to allow our partners to reach you with only those personalized and targeted offers and advertisements that may be relevant to your interests.
Description=How friendly those people at Mindset are. They are collecting information about you and transmit it back to themselves, so you don't need to bother to do it yourself!
Privacy=The software collects and transmits to Mindset servers the URLs of the Web pages visited on your browser. URLs are the addresses of the web pages that your browser visits (http://www.Mindseti.com, for example). The Mindset software collects and maintains information on both current and historical browsing. Mindset will use this information to build a summary of your interests so that Mindset can help its partners make relevant and personalized offers to you.%0D%0AMindset and its affiliates' software also collects some information from online forms that you fill out. This information is sent to us in order to save you the time and trouble of submitting such information to us yourself. We use this information to allow our partners to reach you with only those personalized and targeted offers and advertisements that may be relevant to your interests.
Description=How friendly those people at Mindset are. They are collecting information about you and transmit it back to themselves, so you don't need to bother to do it yourself!
Privacy=Examples of information that we collect are web page address, web page size, web page load time, web page completion state and network delay time.
Privacy=If you download our Web Driver software it will gather and store information about your computer that is specifically related to the functioning of the Web Driver software, such as processor type or the presence or absence of graphics accelerators and the related software drivers. The Web Driver software will not gather information from your computer about you, such as general application software you have installed or personal data that you store on your computer. The Web Driver software will report this configuration information to us on a regular basis. We use this information to identify your system's capability and to optimize the delivery of content to the Web Driver.
Description=Configuration information is transmitted on a regular basis.
Privacy=When we refer to "requested" information ("Requested Information"), we mean the information you provide to us directly, like your name, e-mail, or address.%0D%0A[...]ZapSpot may provide certain Requested, Calculated, or Roaming information to third parties such as marketers and advertisers, who make use of general customer data. We assure you that such disclosure does not include any information which could personally identify you or be directly associated with you as an individual.
Privacy=With whom your information may be shared: As a general rule, will not disclose any of your personally identifiable information except when we have your permission or under special circumstances, such as when we believe in good faith that the law requires it or under the circumstances described below. Please see the Terms of Service or Use Agreements for each of our products and services for more detailed information about how your personal information may be shared.
Description=But the Terms of Service or Use Agreements state nothing about further uses.
Privacy=In order to use our product, a user must first complete a registration form. During registration a user may be required to give his contact information (such as name and email address) and preferences for filtering message content. This is used to deliver to the user information they have asked to receive.
Description=Privacy Policy reads like tailored ads. It's still unclear wheather the user really has a choice.
Functionality=A toolbar with search functions and quick links.
Privacy=We use information that we collect to make your Search-Explorer.Com visit more productive and tailored to your individual preferences. We require certain specific information when you contact us or send us a request, and we store that information in secure databases. We share information, both personally identifiable and aggregate data, with companies who provide content to portions of our site and communicate with you on behalf of Search-Explorer.Com.
Description=Uses tracking cookies, and sharing PII. Another source of information: http://and.doxdesk.com/parasite/SearchExplorer.html
Functionality=A download accelerator for game demos.
Privacy=You understand that Content will be stored on your personal computer until it is deleted at your direction or until it is automatically deleted by the operation of the Kontiki Delivery Network.%0D%0A[...]%0D%0AUsage Information is information about the delivery and playback of content using the Kontiki software, including information about user behavior within the service, the name of content being delivered, the number of times it has been played or the types of searches that are going through the Kontiki Delivery Network.%0D%0A[...]%0D%0AKontiki may share Usage Information with content providers or other parties,but do not disclose information in any way in which Usage Information would be personally identifiable.%0D%0A[...]%0D%0AKontiki is not responsible for the operation of the third party DRM in any way, including revocation of your ability to use Content or the collection or use of information collected from you by the third party DRM.
Description=Some sort of download manager specialized for GameSpot content. That content may be deleted by the Kontiki network without user choice. And the software allows GameSpot to monitor the usage of the downloaded content. More information can be found at http://www.extremetech.com/article2/0,3973,365073,00.asp .
Privacy=We use personally identifiable information in the following ways: [...] To help you quickly find software, services or product information important to you. [...]%0D%0AFirst, we never collect any of your personal data, unless you enter it into a sort of form and post it to us explicitly. Secondly, we are very strict about not annoying you with unnecessary notifications of any sort.
Description=Start on system start even if automatic update is disabled. Never collecting personal data without explicit confirmation sounds good, but 'not annoying with unnecessary notifications' goes as far as not telling about the constantly in stealth running updater.
Functionality=Providing the user with little tips, discounts, product reviews and warnings.
Privacy=YOU ARE REGISTERED FOR POPUPNETWORK SERVICES USING A RANDOMLY GENERATED USER ID. THE POPUPNETWORK THEREFORE CANNOT AND DOES NOT COLLECT PERSONAL INFORMATION.%0D%0A[...]%0D%0AIn addition, many sponsorships and promotions require that some information be transferred. By requesting more information, you give the PopUpNetwork permission to transfer your personal information to the sponsor so they can fulfill your request.%0D%0A[...]%0D%0ADuring these communications, the URL of the page you are visiting will be transferred to our computers [...]
Description=Very annoying, as it doesn't help to kill the running processes, they seem to pop up again and again. The descriptions makes it clear that it is content-watching. Installation assigns the user a unique ID. According to the Privacy Policy, the randomly created ID alone would prevent them from collecting PII. Also if you click a link in a Pop Up Network window, you give them permission to transfer your PII to their partners. Ads are Opt-Out, not Opt-In. All URLs are transmitted to their server. Multiple links to them are http://www.popup.net , http://www.popupads.com , http://www.popupnotes.com and http://www.popuptips.com .
Privacy=HUNTBAR'S TOOLBAR SERVICE COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS, AND THE PRODUCTS YOU PURCHASE ONLINE WHILE USING THE TOOLBAR SERVICE.
Privacy=We do not sell or rent your personally identifiable information to third parties for marketing purposes without providing you with a choice to opt out from such disclosure.
Description=Internet background task installed by iWon. iWon's privacy policy allows you to opt-out of giving away PII. Contacts http://plus.iwon.com transmitting a GUID that is most probably a unique ID. This sets a cookie and returns a hidden page. More constant small traffic is following with yet unknown contents.
EditDate=20021020
SalisburyID=244
[SideStep]
Company=SideStep, Inc.
Threat=Spyware
CompanyURL=http://www.sidestep.com/
Functionality=Sidebar to help finding cheap flights, hotels and cars.
Description=Transmits URLs and unique ID with every page visited. See also http://and.doxdesk.com/parasite/SideStep.html
EditDate=20021020
SalisburyID=245
[Wazam]
Company=New York Internet Media, Inc.
Product=Wazam Toolbar
Threat=BHO
CompanyURL=http://www.wazam.com/
Functionality=According to homepage an IE toolbar.
Description=See also http://and.doxdesk.com/parasite/Wazam.html
Description=Scans viewed pages for keywords and displays corresponding ads. See also http://and.doxdesk.com/parasite/Cytron.html and McAfee at http://vil.nai.com/vil/content/v_99732.htm . Coded by http://www.cytron.com/ or http://slashdot.org/articles/02/10/25/1636215.shtml?tid=95
EditDate=20021020
SalisburyID=247
[EasyInstall]
Company=RedV
Threat=Spyware/Trojan
CompanyURL=http://www.adprotector.com/
CompanyProductURL=http://www.adprotector.com/
Privacy=There is no Privacy Statement on their homepage, just this description:%0D%0AAre you tired of Ads interrupting your work or play?%0D%0ARedV AdProtectorÖ is a great new product that allows you to completely remove programs that display advertisements and which may also be spying on your Internet surfing.%0D%0A%0D%0AAnd a short quote from their EULA:%0D%0AIn order to provide this service, RedV Network collects information on your web usage that remains anonymous to third parties. RedV Network may derive personal preference profiles from your Personal Information and web usage.
Description=For installation of their products, something named RedV easyInstall is installed. This program runs continuously and displays ads. The tray icon allows to suspend any incoming offers for up to two hours, but not constantly. A program that promises to get rid of ads, while silenty placing ads with their installer is trojan behaviour.
Privacy=Collection and Use: DELFIN will use personally identifiable information to provide and change service, to anticipate and resolve problems with your service, or to create and inform you of products and services that better meet your needs.%0D%0AWhat is anonymous information collected by others? In addition to anonymous information collected by DELFIN from users of DELFINÆs PromulGate Service and visitors to our Web Sites, advertising agents and other web sites you visit may collect anonymous information. The following types of anonymous information about Internet users are often collected by advertising agents (like DoubleClick and 24/7 Media, Inc.)
SalisburyID=249
[DeltaBar]
Company=DeltaClick
Threat=BHO/Spyware
CompanyURL=http://www.deltaclick.com/
Privacy=DeltaClick collects online behavior statistical information for our members. Examples of information that we may collect, other than through the registration form, include but are not limited to the URL of visited pages and MEMBER's IP address.%0D%0A[...]%0D%0Aathering this information enables us to tailor advertising content to Your interests and deliver offerings from advertisers that are relevant to You. DeltaClick gathers information only to personalize Your experience in this way, to improve the administration of the services and to increase the earning potential of our members. Summaries of the information will be made available to advertisers so that they may better target their advertising campaigns.
Description=Detection not completed as company homepage could not be reached.
Privacy=Information about your computer hardware and software is automatically collected by Cash Toolbar, but is used solely for traffic analysis purposes. This information includes: your IP address, browser type, domain names, access times and referring Web site addresses.%0D%0AThe customer's contact information is also used to contact the visitor when necessary. Users may opt-out of receiving future mailings; see the choice/opt-out section below. Demographic and profile data is also collected at our site. This information is shared with advertisers on an aggregate basis. We may use information collected to promote other affiliate programs, products, web sites and services.
Functionality=Searches harddisk for porn contents.
Privacy=Several PROMOTIONAL CONSOLES (daughter console/interstitial) may be launched for the duration of time you spend online. These consoles may continue to be launched as long as you have PurityScan installed on your machine. PurityScan does not monitor the activities or collect information from users once they have left PurityScan.%0D%0AWe may use customer contact information from the registration form to send the user information about our company and promotional material from some of our partners. The customer's contact information may also be used to contact the visitor when necessary and shared with other companies who may want to contact our visitors. Demographic and profile information may also be used to tailor the visitor's experience at our site, showing them content that we think might interest them. We may disclose information you enter during the join process to third parties.
Description=Running all the time while you are online; no monitoring if program is not running nearly implies monitoring while it does. For this, an executable is placed in the Autostart folder.%0D%0AAnd they take the right to give away all registration information.
SalisburyID=253
[ShowBehind]
Threat=Adware
Description=Silently installed adware that runs constantly. Uninstaller from developer not working.
Privacy=We use your GUID - a unique machine ID number associated with your computer - to help diagnose problems with our server, and to keep your eAnthology account status current.%0D%0AOur websites use cookies to keep track of your shopping cart and to ensure you don't see the same offer repeatedly. We use cookies to deliver content specific to your interests and to save your password to enter our websites, if you have one, so you don't have to re-enter it each time you visit our websites.%0D%0A[...] We may add other third-party content providers or advertisers at any time. To find out more about who our current third-party advertising suppliers are, and to obtain their website addresses, please contact:[...]
Description=User tracking, and to inform yourself about the additional content you may get, you have to write them a snailmail or email.
Description=Basically the software grants search capabilities. The terms of use allow SearchIt.Com to spy on your data as much as they want.
Privacy=12. UPDATES. You grant SearchIt.Com permission to add/remove features and/or functions to the existing software and/or service, or to install new applications, at any time, in its sole discretion with or without your knowledge and/or interaction. You also grant SearchIt.Com permission to make any changes to the software and/or service provided at any time.%0D%0A13. SERVER INTERACTION. You understand and accept that when the software is installed, it periodically comminutes with a server operated by SearchIt.Com and/or third party servers.%0D%0A14. INFORMATION COLLECTION. You understand and grant SearchIt.Com permission to assign each copy of the software an unique software identify code. You also grant SearchIt.Com permission to collect and store information of your internet usage habit, including but not limited to information about every web page you view with the full Uniform Resource Locators, and the content of web page. You understand and accept that Uniform Resource Locators and the content of web pages you view may include your personally identifiable information. You grant SearchIt.Com permission to collect and store information on which toolbar buttons you click on, your response to advertising, the search terms you entered on the toolbar and/or all ot er information relates to your internet usage habit. [...] SearchIt.Com does not currently enable users to access, review, edit, or delete information, including internet usage information, collected during use of the Service. By using the SearchIt.Com Software and/or Service you agree to waive any constitutional, common law, statutory, or regulatory right of access to such information that you might otherwise have or acquire. [Remark: this last part violates german law that allows every user to get insight into the data saved about him. The final sentence is legally not valid in Germany.]
SalisburyID=256
[FileFreedom]
Threat=Spyware
EditDate=20021128
Privacy=From readme.txt:%0D%0A2. Is this program watching me? Answer: When you download a new file using a P2P program, the Companion will look that file up in the File Catalog and display the information to you. A note is also made that you downloaded that particular file. This information is used to bring you personalized recommendations of other files. Recommendations are calculated by comparing the file's you downloaded to those of other users in order to find users that have similar tastes with you (the technical term for this is collaborative filtering). Information on what files you downloaded is stored in the form "user 424322 downloaded file 342525." FileFreedom does not track personally identifiable information - i.e. we DO NOT store something like "John Smith downloaded file.mp3"[...]%0D%0A4. Is this program spyware? Answer: NO! Spyware is a term that refers to programs that hide on your computer and collect personal information about you. The Companion meets none of these criteria. Whenever the FileSharing Companion is running, there will be 3 orange dots in your system-tray (by the clock). Furthermore, whenever the Companion communicates with the FileFreedom servers, a window will appear. There is nothing hidden about this program.
Description=The answer to the question if the program would spy that it is not hidden - during my tests those three disappeared even when the process was still running. Also they say they don't log downloads by name, but using numbers. Using unique IDs still allows personal identification! Furthermore the EULA (which isn't displayed, but saved in its folder) wants the user to agree to automated software updates without his knowledge.
Privacy=The eBay Toolbar is designed to be used in conjunction with the eBay site. Accordingly, your use of eBay Toolbar is also defined by the eBay User Agreement and Privacy Policy.
Description=According to http://pages.ebay.com/help/community/privacy-appendix2.html, information to advertisers (including even IP, viewed pages, etc.) is given only in non-personal identifiable version; and to external service providers only with your agreement. But this toolbar uses adfarm.mediaplex.com as a relocator when you click on 'My eBay' or do a search. A possible GUID is also transmitted to the relocator (MediaPlex) server. Your typed keywords are sometimes also transmitted to DoubleClick. In combination with tracking cookies (somethings MediaPlex and DoubleClick are known for) this would allow MediaPlex and DoubleClick to track you. eBay is not interested in giving any statement about this, which raises further suspicions.
SalisburyID=259
[eXactSearchbar]
Company=Pattern Discovery Software Systems Inc. / Exact Advertising LLC, owner of Mail.com
Description=The Spyware installer detection is the only one that is based only on filenames, without other criteria. The reason for this are two:%0D%0A1. files not yet installed don't have any registry references to them, and%0D%0A2. these detection is intended mainly for dialers - files that often differ in contnts (different text, different images, different toll numbers) while keeping the same name (within one dialer 'family').%0D%0AThe Download directories setting should be set only(!) to your download folders, where you can easily identify the files you downloaded. Files in other places will be searched for automatically, there is no need to enter them in the setting. In fact, adding your whole harddisk to this setting will most likely result in false positives.%0D%0AIf files like wbemtest.exe in your Windows/System folder are detected as a spyware installer, that is such a false positive.
SalisburyID=261
[CDilla]
Company=Macrovision
EditDate=20021217
Threat=Privacy breach
CompanyURL=http://www.macrovision.com/
CompanyProductURL=http://www.c-dilla.com/
Functionality=Copyright protection software
Description=BE WARNED: The application that has installed CDilla may stop working if you remove it!%0D%0ADo not remove if you haven't updated to 1.1 rel 3 or later!%0D%0A%0D%0ABasically, protection against pirated copies of copyrighted media is a good thing. The bad thing about this one is that it is often installed without the knowledge of the user. Old advertisement from Macrovision said that CDilla (or SafeCast to call it by their name) would protect against unauthorized internet downloads. While this would mean that it would watch all internet transfer, such functionality could not be found. Notice: while we currently detect CDilla, We DO condemn audio/video/software piracy.%0D%0A%0D%0ABE WARNED: The application that has installed CDilla may stop working if you remove it!%0D%0ADo not remove if you haven't updated to 1.1 rel 4 or later!%0D%0A%0D%0AYou may need to keep CDilla on your system because another application needs it as a license management system. There were some reports that CDilla would phone home, but that hasn't be proven. As a general safety measure, we recommend you use a firewall.
Privacy=We use IP addresses to analyze trends, administer the site, track user's movement, and gather broad demographic information for aggregate use.%0D%0A[...]Gigex collects personally identifying opt-in information from Gigex users ("Members") prior to each download%0D%0A[...}Those who use Gigex's services are Members. Gigex makes every effort to maintain the privacy of Members' personal information. Members who want to use our download services may agree to opt-in and to register for contests and accept our email messages as conditions of their free Gigex service. The Gigex demo download service is free to registered Members.[...]Member information also may be used for marketing and promotional purposes by Gigex and may be shared with our affiliates, companies that have been prescreened by Gigex or a successor in interest. We use email to inform you of new Gigex features, to let you know of urgent problems on our site, and to present special members-only opportunities to buy game-related products and services that are appropriate to the interests of our members.
Functionality=Download manager
Description=Installs by ActiveX without informing the user or asking for confirmation when the user wants to download game demos. Whole the user may think he just does a download, he is made a member by Gigex. Gigex collects personal identifiable information about members, thus qualifying for being called spyware.
SalisburyID=263
[BookmarkExpress]
EditDate=20021227
Threat=Discontinued adware, but update server still available
Privacy=IPinsight Software generates Line Speed, Geography, Gender/Age estimates, User ID, and IP address information, which it transmits to the IPinsight servers for use in the preparation of the companyÆs data file products.%0D%0A...%0D%0AUnique Identifier: IPinsight maintains file integrity through the use of a unique random number (GUID) for each user, which is stored in the userÆs Windows Registry.%0D%0A...%0D%0AP Address: Finally, when you install IPinsight's Software, it collects several bits of information about the configuration of your computer. This information includes information about the computer's hardware configuration, such as the amount of free space on your hard drive, and information about the computer's software configuration, such as the name and version of the operating system.
Description=Uses information collected from you to improve their database. The function of this database is not completely clear, but they will use it to track your location down to your neighbourhood, including geolocated demographic statistics about you.
Description=May install third-party software without knowledge of the user.
Privacy=While we don't know the identity of MP Software users, the MP client side technology and the MP server technology could in the future, anonymously collect and use the following kinds of information:%0D%0ASome of the Mini-products viewed%0D%0AResponse to the Mini-products viewed%0D%0AStandard web log information (excluding IP Addresses) and system settings%0D%0AWhat software is on the personal computer%0D%0AAny demographic information you may provide at your choice like First name, Country, and ZIP code%0D%0A[...]%0D%0AWe associate such information with a particular personal computer through a randomly generated Anonymous ID number and use it to accomplish the following:%0D%0AEnable the functionality provided in the MP (for example, to offer mini-products like mini-books, mini-magazines, mini-stuff etc. according to user selections)%0D%0A╖ Select and deliver installation files for optional new software applications%0D%0A╖ Deliver sponsorships to a computer screen on behalf of sponsors%0D%0A[...]%0D%0AWhen running on a computer, the MP regularly communicates with MP servers, and in some cases, third party servers, among other reasons, to: - maintain/update the MP or the MP Server;%0D%0A- facilitate installing and uninstalling the MP or MP Server;%0D%0A- retrieve mini-products and sponsorships for display;%0D%0A- facilitate various MP or MP Server features;%0D%0A- collect computer user usage information in an anonymous manner; and/or update user information. %0D%0A[...] %0D%0ATo improve the features or functions of the MP Server, or the MP or third-party Software, we may occasionally install technologies, such as certain rich media player applications, browser plugins, virtual machines, and runtime environments (collectively "Enabling Technologies"). %0D%0A[...] %0D%0ANote that soon after you have uninstalled the MP, any Enabling Technologies or mini-programs or third party software that were previously installed (such as browser plug-ins and audio/video players) will remain on the computer, because other programs may rely on these Enabling Technologies to function correctly.
SalisburyID=266
[GigaTech SuperBar]
Company=GigaTech Software, Inc.
Threat=BHO/Adware/Possible Spyware
CompanyURL=http://www.gigatechsoftware.com/
Privacy=Non-existent
Functionality=Fills in names, passwords and form data. Enhanced search functions for IE.
Description=Installs unrequested and without informing the user, for example with the last TwistedHumor comic.%0D%0AWhy a account/password/form filling utility? It has been long ago integrated into IE.
Privacy=YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT DEMOGRAPHIC AND PERSONALLY IDENTIFIABLE INFORMATION COLLECTED BY THE LICENSED SOFTWARE MAY BE USED BY MADOOGALI LLC, AND/OR THE MANUFACTURER OF THE PRODUCT, AS WELL AS SHARED, RENTED, LEASED, SOLD, OR OTHERWISE MADE AVAILABLE TO THIRD-PARTIES AT THE SOLE DISCRETION OF MADOOGALI LLC, IN ACCORDANCE WITH MADOOGALI LLC PRIVACY POLICY STATEMENT. YOU ALSO ACKNOWLEDGE AND AGREE THAT THE LICENSED SOFTWARE MAY ALSO GENERATE POP-UP DIALOGUE BOXES REQUESTING YOU TO VOLUNTARILY PROVIDE CERTAIN PERSONALLY IDENTIFIABLE INFORMATION, AND REQUIRING YOU TO PROVIDE CERTAIN DEMOGRAPHIC INFORMATION DURING REGISTRATION OF THE PRODUCT, AND/OR FROM TIME TO TIME THEREAFTER, WHILE THE PRODUCT IS ACTIVE. YOU FURTHER ACKNOWLEDGE AND AGREE THAT THE LICENSED SOFTWARE SHALL RESIDE ON YOUR LOCAL SYSTEM AND MAY OPERATE UNOBTRUSIVELY IN THE BACKGROUND, PERFORMING A LIVE UPDATE, DELIVERING ADDITIONAL REQUESTED SOFTWARE, COLLECTING AND TRANSMITTING INFORMATION RELATED TO THE DISPLAY AND TRACKING OF ADVERTISING AND ANY VOLUNTEERED DEMOGRAPHIC AND/OR VOLUNTEERED PERSONALLY IDENTIFIABLE INFORMATION ABOUT YOU TO MADOOGALI LLC, WHENEVER YOUR WEB BROWSER IS ACTIVE, WHETHER THE SOFTWARE IS ACTIVE OR NOT. YOU ALSO AGREE TO ACCEPT A MADOOGALI MENU ITEM ON YOUR START BAR. THIS MENU ITEM WILL ALLOW YOU TO UNINSTALL THE MADOOGALI TECHNOLOGY, AND MODIFY YOUR PROFILE.
SalisburyID=268
[NewtonKnows]
Company=Virtumondo, Inc.
Threat=Spyware
EditDate=20030127
CompanyURL=http://www.virtumundo.com/
CompanyProductURL=http://www.newtonknows.com
Functionality=Search add-on for IE
Privacy=The Company collects information from individuals when an individual provides information to a third party%0D%0A[...]%0D%0ASuch purchased information may include, but is not limited to, an individual's name, email address, street address, zip code, telephone numbers (including cell phone numbers and carriers), birth date, gender, salary range, education and marital status, occupation, industry of employment, personal and online interests, and such other information as the individual may have provided%0D%0A[...]%0D%0ATHE COMPANY MAY USE INDIVIDUAL INFORMATION FOR ANY LEGALLY PERMISSIBLE PURPOSE IN COMPANY'S SOLE DISCRETION.
Description=It could as well be called "Newton knows and sells anything about you."
SalisburyID=288
[MySearch]
Threat=BHO/Possible spyware
Company=My search
Functionality=IE search toolbar
Description=The small privacy policy seems to be not quite right. For using Google or Altavista as a search engine, this toolbar still routes the searches over their own site. and why does every file that the page requests need to set a cookie that includes the users IP address?
EditDate=20030127
CompanyURL=
CompanyProductURL=http://www.mysearch.com/
Privacy=The My Search site and your My Search Bar protect your privacy. My Search does not track your searches or where you go on the Web. The My Search Bar does not contain any type of ad software to present you with ads while you are on the Internet. Simply put, the My Search site and your My Search Bar provide you with the best search resources on the Web, with no strings attached.
SalisburyID=289
[Alexa Related]
Threat=Possible Spyware
Description=The "Show related links" function of Internet Explorer opens a Microsoft search page that redirects to Alexa. Alexa is known for the Alexa toolbar. As the Alexa toolbar is classified as spyware, the Alexa search page may collect too much user information as well.%0D%0AIf other products still detect Alexa after you have cleaned it with Spybot-S&D, it is a false alarm. Spybot-S&D does replace the file responsible for connecting to Alexa with one using the Google related function instead, instead of deleting the whole "Show related links" function.
SalisburyID=290
[SearchSquire]
Threat=Adware
EditDate=20030205
Description=please see http://www.doxdesk.com/parasite/SearchSquire.html
SalisburyID=291
[Showbar]
Threat=Unstable BHO
EditDate=20030220
Description=Verified to crash Internet Explorer very often. The exact function is unknown; if you do intentionally installed this browser helper and it doesn't crash your machine, you can ignore it.
SalisburyID=292
[Wishbone]
Threat=Possibly spyware
EditDate=20030321
Functionality=IE search bar with popup blocker
Description=Nice toolbar, the popup blocker is even working. Too bad it transmits a unique ID on each search and silently connects to an ad server itself (maybe blocking other ads to display its own?). Also, no privacy policy explains what this GUID is for. Possibly it even has capabilities to secretly download other apps.
CompanyURL=http://www.wishbone.com/
CompanyProductURL=http://toolbar.wishbone.com/
Privacy=None available for software
SalisburyID=293
[ClientMan]
EditDate=20030321
Functionality=Unknown
Threat=Malware/Possibly spyware
Description=Unknown how it gets onto a computer, or what the exact damage it does is, but it is surely bad, as it automatically forces ZoneAlarm to accept it's connect, without giving the user a choice.
SalisburyID=294
[FreeScratchCards]
EditDate=20030324
Threat=Spyware/Hijacker/Malware.
Functionality=
Description=Changes start- & search page, and tracks your Internet usage. Auto-installs updates and possible other software (according to license with user consent, but in our test it installed C2.lop without asking for confirmation).
Privacy=To insure you always have the latest version and for your convenience this software will automatically update itself from time to time once installed. Also we will download other companies programs to your computer which you will have the choice to install or not install once downloaded.%0D%0A[...]%0D%0A
- To prevent your browser from becoming cluttered when our toolbar is installed, any other toolbars you currently have visible will be deactivated. They can be restored manually through the Internet Explorer "View" menu.%0D%0A- Once installed if you decide to change your start or search page this information will be sent back to our server. Also information in regards to your browsing will be sent to our servers, such as how long you surf for, and your surfing habits.
SalisburyID=295
[Inet Delivery]
EditDate=20030324
Threat=Unknown, possibly adware
Functionality=Unknown, installs and runs in background.
Description=From their own description: "Our technology keeps your business continuously connected to employees and customers even when they're not on your Web site." as well as "Features include: [...]Tracking and Reporting".%0D%0AWhether your installation of this toolbar is a threat or not depends mostly on the AtHoc customer that provides your toolbar variant. The toolbar allows the customer tracking, and user information may be shared with associates for advertisement purposes. Our recommendation: keep the toolbar if you've installed it intentionally, otherwise remove it.
Threat=Tracking/Spyware (depending on implementation)
Privacy=AtHoc uses this information primarily to personalize your experience on the Web, improve service to you, monitor Website traffic generated by your use of this service, and determine appropriate fees to charge your Toolbar providers (ôAtHoc Clientsö) and Websites you visit as a result of placement on your Toolbar (ôAtHoc Affiliatesö). AtHoc may combine information it collects from you with information from other sources. AtHoc may also use the information collected to provide you with targeted marketing or promotional information, which you can choose not to receive.%0D%0AData collected by AtHoc may be provided by or distributed to the specific AtHoc Toolbar Partner who is providing the AtHoc Toolbar service for your use. Please see their privacy policies to understand their practices in handling the information collected.[...]%0D%0AAtHoc, AtHoc Clients, and AtHoc Affiliates may send you marketing or promotional offers[...]
SalisburyID=297
[Ahead Nero Burning Rom]
Company=Ahead Software AG
Product=Ahead Nero Burning Rom
Threat=Usage tracks
CompanyURL=http://www.ahead.de/
CompanyProductURL=http://www.ahead.de/
CompanyPrivacyURL=
Functionality=CD burning software.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of files and some directories you recently used.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The list of recently typed URLs and the directory last used for saving HTML files, and of course cookies and the Temporary Internet Files (cache).
EditDate=20021020
SalisburyID=300
[LogoManager]
Company=
Product=LogoManager
Threat=Usage tracks
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Program to transfer logos and ring tones to cell phones.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of files and one directory you recently used.
EditDate=20021020
SalisburyID=301
[Log]
Company=
Product=
Threat=Usage tracks
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Logs allow you to look up information about installation / setup processes.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=Logs won't be deleted, just moved to a folder inside the Spybot-S&D directory to make it more difficult for spies to automatically detect them.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files and URLs and the last open directory.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Functionality=The part of Windows responsible for remote access by dialing.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The list of recently dialed phonebook entries.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files.
EditDate=20021020
SalisburyID=307
[Netscape Navigator]
Company=Netscape/AOL
Product=
Threat=
CompanyURL=http://www.netscape.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Internet browser.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The internet files cache and list of recently visited URLs.
EditDate=20021020
SalisburyID=308
[Opera]
Company=Opera Software
Product=
Threat=Usage tracks
CompanyURL=http://www.opera.com/
CompanyProductURL=http://www.opera.com/
CompanyPrivacyURL=http://www.opera.com/privacy/
Functionality=Internet browser.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files and some directories, as well as the internet cache.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files and some directories.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files and some directories.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The directory last used and a list of recently used files.
EditDate=20021020
SalisburyID=313
[SpruceUp]
Company=
Product=SpruceUp
Threat=Usage tracks
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=DVD authoring software.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files.
EditDate=20021020
SalisburyID=314
[Virtual Dub]
Company=Avery Lee
Product=Virtual Dub
Threat=Usage tracks
CompanyURL=http://www.virtualdub.org/index
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Video editing software.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Functionality=Your Windows computer main storage browser.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The computer and document search history as well as the network map history.
EditDate=20021020
SalisburyID=316
[WinRAR]
Company=
Product=WinRAR
Threat=Usage tracks
CompanyURL=http://www.rarlab.com/
CompanyProductURL=http://www.rarlab.com/
CompanyPrivacyURL=
Functionality=File compression utility.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=Some lists of directories and recently used files.
EditDate=20021020
SalisburyID=317
[WinZip]
Company=WinZip Computing, Inc.
Product=WinZip
Threat=Usage tracks
CompanyURL=http://www.winzip.com/
CompanyProductURL=http://www.winzip.com/
CompanyPrivacyURL=
Functionality=File compression utility.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=Some lists of directories and recently used files.
Functionality=A tool for easier upload of photos to Yahoo groups.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The list of your recent search terms using Google Toolbar.
EditDate=20021020
SalisburyID=320
[FAR Manager]
Company=
Product=FAR Manager
Threat=Usage tracks
CompanyURL=http://www.rarlab.com/
CompanyProductURL=http://www.rarlab.com/
CompanyPrivacyURL=
Functionality=File manager.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=List of recent text, file and ftp operations.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=According to Symtantec: http://securityresponse.symantec.com/avcenter/venc/data/trojan.netbuie.a.html it is a trojan horse disguised as an XBox emulator.
EditDate=20021020
SalisburyID=19
[Benjamin]
Company=
Product=Benjamin aka W32.Benjamain
Threat=Worm
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=A worm working with the P2P network KaZaA. Cloaks itself with filenames of popular downloads. If downloaded, creates a new folder in your System directory, shares it, and makes multiple copies of itself in it.
Functionality=Gets installed by opening an infected email. Once installed, it sends itself to all contacts it can gather from your address book, even email addresses found in the web site cache. Subject and contents of these mails change.
Privacy=
Description=Symantec information: http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html %0D%0ASophos information: http://www.sophos.com/virusinfo/analyses/w32klezh.html %0D%0AMcAfee Information: http://vil.mcafee.com/dispVirus.asp?virus_k=99455 %0D%0ADetection finds only main files. If you find one or both Klez entries, make sure you update your antivirus software and use it to remove the worm.%0D%0AAlso, if you've got We-Blocker installed, this may be a false positive, so check with your AV first before removing it!
Functionality=Infects Win9x machines over open network shares of drive C.
Description=To make sure this is no false positive, see if 4 entries for the problem are detected. You should also use your AV to verify removal is complete.%0D%0Ahttp://www.f-secure.com/v-descs/opasoft.shtml
