spyware

NebuAd is a highly controversial behavioral targeted advertising system implemented by many leading ISP's, the sophisticated deep-packet inspection appliance based system at your ISP level analyzes customer's websurfing habits delivering micro-targeted advertising to them, the overall approach used to intercept, analyze and alter the visited webpage's html makes it no less then a Spyware and is raising substantial privacy questions.

In a new investigatory report, the author Robert M. Topolski found that NebuAd uses TCP/IP packet monitoring that “monitors, intercepts and modifies the contents of Internet packets” as consumers surf online, the report also provide details how NebuAd is intercepting web-traffic and inserting javascript codes into webpages:

"Upon reviewing the record of TCP packets from Google’s server, it is observable that that an extra packet appears in the data stream before the data stream closes. The contents of
this added packet are added to the code underlying Google’s Web page. The added packet
contains JavaScript code that causes a Web browser to visit another site. Evidence (see
below) indicates that this packet is a forgery and did not come from Google, but from
some other point within the network."

A new threat named "Warezov Trojan horse" has hit the leading VOIP service provider Skype, the target Skype user receives a message stating "Check up this" and a link to the infected file "file_01.exe" with the Trojan payload, once a user is fooled into downloading this malicious file more files are downloaded automatically and installed. The infected computer now acts as the propagator and all their contacts are sent the same message to spread the Trojan.

Recently Torrent sites are getting spammed by malicious torrent uploads disguised as new movie releases, torrent users are reporting that they have downloaded various videos mostly claiming to be new movie releases or TV shows only to be confronted with a short video which advises them to download a new media player called 3wPlayer to view the rest of file. The few second clip show the Url to download this malware media player 3wPlayer.

The player installs a form of CIDHELP malware which is very hard to get rid of, The only solution to this problem is to make the user aware of this kind of tactic and reporting any such torrent to the torrent website for removal.

UPDATE:

Download & use this 3wplayer and similar video malware Auto-Fixer for windows to decode files (Special Direct Rapidshare Premium Link ~ 590 KB) >>

USAGE: decoder.exe 3wPlayerencodedfilename.avi outputfilename.avi

To decrypt the underlying video data you can the following perl script.