Anti-virus company Sophos has warned that its Australian technical support have been receiving reports from people who receive an e-mail inviting them to visit a Web site -- run by Avenue Media NV, based on Curacao in the Caribbean -- containing free comic video clips, including on of Bill Gates copping a pie in the face.
Users who visit the site and view a video clip begin sending the e-mail invitation to their friends. The site achieves this because the video clip is not downloaded directly, but instead an ActiveX control is launched which not only displays the video, but also downloads and additional software component named "Internet Optimizer" onto the computer, which sends the e-mails.
The operation is legal because Internet Optimizer presents an End User License Agreement (EULA), which includes provisions that allow Avenue Media to send e-mails and instant messages to the users contacts, automatically update or add software to the computer and even update the EULA itself by publishing a new version at a specified URL.
"What tricks a lot of people is that the ActiveX control which kicks the process off is digitally signed," said Paul Ducklin, Sophos's Sydney-based Head of Technology, Asia Pacific. "Many users assume that a program which has been signed in this way is automatically both trustworthy and desirable. Ironically, even though Internet Explorer presents a 'security warning', many people treat this as some kind of a 'security approval' and are more inclined to go ahead."
Apart from reading the fine print of any contract or agreement that you sign, Sophos advises users to avoid this and similar attacks by:
- Updating your anti-virus software to one which detects and deletes components of the tool, including the ActiveX control (detected as App/CrmRest-A) and the "Internet Optimizer" application (App/Optimiz-A).
- Tighten the security of their browser by setting "Download signed ActiveX controls" to "Disable" instead of the more common "Prompt", and ensuring that "Download unsigned ActiveX controls" is also set at "Disable".
- blocking access to the domains "movies-etc.com" and "internet-optimizer.com" if you're running a Web proxy.
Mozilla, Opera, and most other browsers are not affected by this because they do not support Microsoft's proprietary (and insecure) ActiveX technology. And arguably, these browsers are far superior to Internet Explorer, both in having security issues like these (they don't have anywhere near as many) and in technological advancement (supporting the latest browser specifications, where IE is always lagging behind; open standards; cross-platform; tabbed browsing; etc.).
If you have administrative privelidges on your computer and are not confined to IE, I strongly suggest you download and check out one of these browsers, or any other independent browsing platform, particularly ones that do not use IE's technology:
Mozilla: http://www.mozilla.org/
Opera: http://www.opera.com/