Steve Bass's Home Office: More Sleazy Web Sites

There are lots of Web sites run by folks who yearn to do damage to your PC. Some rely on the chance you might mistype a legitimate URL while others use pop-up windows enticing you to visit porn sites. Last week I mentioned a few articles that talk about the sites and how to protect yourself. This week I have more details, some that I think will alarm you.

Rod Calls It Malware

I've mentioned Rod Ream in the past. He's a computer consultant and my personal troubleshooter, a guy who relishes a computing challenge. He doggedly pursued the porn site scam I described last week.

You'll know you've hit a site like this when your home page mysteriously links to one you'd prefer the kids never see. Or you might get a search page that finds only ads or hits you with so many pop-ups you have to shut your system off to escape them.

The latest twist? Web sites that do more than just change your Home and Search pages without asking: They may stealthily add viruses to your PC, or install what appears to be a signed (therefore safe) ActiveX component called "Connect2Party" or "The Dialer." These sites can also add items to Run, Load, RunOnce, and RunServices Registry entries, while sticking apps in the Startup folders, both in HKLocalMachine and HKCurrentUser.

This miserable combination of Web and software attacks doesn't have a name. It's not entirely a virus, nor is it a Trojan horse. It's not exactly spyware, either. And it's not easily removable. Rod's named it malware.

The Dirt on Connect2Party

Connect2Party uses a convoluted method of disconnecting your modem and then reconnecting it to call an international long-distance number. The phone rates are high enough that they'd make up a significant part of a third-world country's GNP. The Federal Trade Commission has a consumer alert about this scam. Better, if you want to see the FTC in action, take a gander at the legal steps it's taken against Ty Anderson Enterprises.

A porn industry gossip site is just delighted with Connect2Party. Here's a quote (and no, I'm not going to reveal the URL): "We've started a little experiment with no credit card needed. Historically, it's like a 900-number in the old days. A surfer downloads a piece of software which is a dialer. And the dialer basically dials an international phone number. They're charged in the U.S. $3.99 per minute and their Internet browser brings them into the site. All legal FCC requirements pop up on the screen and they have to check them off before they can enter."

Quick tip: Use Zone Alarm, a free firewall, to block Connect2Party from making an outgoing call.

What makes Connect2Party particularly insidious is that in addition to adding itself to the various Run and Load Registry entries, it also conveniently creates entries in Control Panel's Add/Remove programs applet (thoughtful, eh?). Worse, the removal tool only appears to remove Connect2Party--it then adds it back into the Run lines of the Registry, so that it's reinstalled on reboot.

Time for a Break

Okay, you need a break, don't you? Stand up, have a smoke if you've got 'em, then take a look at a few amusing Web pages.

Dig this: I'm just intrigued by the amazing things Web programmers have accomplished. Just watch what this little guy can do to your browser window. (Oddly enough, my wife just shrugged when I showed it to her. Maybe it's a guy thing.)

But wait, I'm not done. Put together some stop-action photography and Macromedia Flash, and you get something really cool.

Finally, and I think my favorite, is this doggie construction game. And no, those things aren't tails or ears. Act like an engineer and you'll catch on. (Hint: If you get the right piece in the right place, you'll get a confirming bark.)

BTW, these are all from the Lebonze site (with thanks to JohnK).

Next week? More ways to protect yourself from malware.

Sign up to have Steve Bass's Home Office Newsletter e-mailed to you each week.