Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware Company Suspect In Major Scam


  • Please log in to reply
8 replies to this topic

#1 TeMerc

TeMerc

    Countermeasures Team Leader


  • Malware Response Team
  • 215 posts
  • OFFLINE
  •  
  • Location:PHX., AZ.
  • Local time:12:19 AM

Posted 29 August 2005 - 03:23 PM

From ReveNews:

After reviewing the evidence in the books I urged the sender, David Eastbrook of Huricane Digital Media to spirit this information to the proper authorities including the FBI, FTC and the New York Attorney General's Office since there seems to be a tie-in with Direct Revenue. A company, I might add, that recently experienced a massive round of lay offs perhaps related to their less than stellar disclosure practices..

I choose a basic interview format to lay the ground work for questions. David's answers follow my questions. I urge readers to ask David questions as he will be monitoring this thread to give feedback. This is a very complex case with many twists and turns and a blog entry simply cannot do it justice.


Full Read @ ReveNews

This is actually a 'live' interview, with questions being posted by readers and answered as they are recieved. Check it out.
Posted Image
Calendar of Updates
Malware Advisor Blog
HijackThis! Trusted Advisor
Ultimate Countermeasures Page
TeMerc Internet Countermeasures
Remember, you can NEVER be OVERPROTECTED!!!
Proud Member of the Alliance of Security Analysis Professionals
Posted Image

BC AdBot (Login to Remove)

 


#2 TeMerc

TeMerc

    Countermeasures Team Leader

  • Topic Starter

  • Malware Response Team
  • 215 posts
  • OFFLINE
  •  
  • Location:PHX., AZ.
  • Local time:12:19 AM

Posted 29 August 2005 - 06:19 PM

A little bit more of Direct-Revenues woes:

Direct Revenue: Out of the Pan, Into the Adware Fire
August 29, 2005 /New Media Report/--Direct Revenue’s CEO J.P. Maheu has answers for those who’ve reported that the doors are closing at DR. During a conversation with the NewMedia Report last Thursday, Maheu implied that the recent changes at Direct Revenue are simply the result of a new strategic vision for the company, and claimed that DR is now working with likes of the CDT’s Ari Schwartz to fix the subversive adware issues that have damaged the company’s rep in the past. However, the future might not be as sunny as Maheu would like it to seem. Former DR employees and insiders tell us that the company is now the subject of an investigation by New York Attorney General’s Office.

Over email, Wayne Porter told the NewMedia Report staff that more evidence will soon be made public that implies that Direct Revenue was aware of a scheme involving drive-by installs from banners; according to Porter, this evidence has already been turned over to the NYS Attorney General as part of an ongoing investigation.


New Media Report

For a little bit more backround on Direct-Revenue and IM installs you can read this archive of articles
Posted Image
Calendar of Updates
Malware Advisor Blog
HijackThis! Trusted Advisor
Ultimate Countermeasures Page
TeMerc Internet Countermeasures
Remember, you can NEVER be OVERPROTECTED!!!
Proud Member of the Alliance of Security Analysis Professionals
Posted Image

#3 micaman

micaman

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Location:U.S.A.
  • Local time:02:19 AM

Posted 30 August 2005 - 12:22 AM

:thumbsup:

We should all have a party over this news! This company has infected way too many machines. They just keep on fighting to de-classify their products as safe, while installing their mess on millions of machines worldwide.

Thanks for the good news!


Are they still in talks with Microsoft?



:flowers:

#4 TeMerc

TeMerc

    Countermeasures Team Leader

  • Topic Starter

  • Malware Response Team
  • 215 posts
  • OFFLINE
  •  
  • Location:PHX., AZ.
  • Local time:12:19 AM

Posted 31 August 2005 - 01:48 AM

Tomes of Grey Part II: Eastbrook Begins & EULA Madness
David EastBrook:


In my phone conversations with one Mia Simondson of Direct Revenue she told me they were working with Orian Holtby as adserving.us. She also "claimed" that Orion Holtby failed to pay his invoices to Direct Revenue just as they failed to pay our bill.

Of more interest is an application called Tinkopal. The TinkoPal EULA
has/had the ABetterInternet privacy policy embedded in it proving they were working with this individual prior to their deals with adserving.us. TinkoPal is owned by Ncontext Media which is registered to none other than Orion Holtby.

Porter's Note: I have also analyzed the TinkoPal EULA and there are direct references to ABetterInternet aka Direct Revenue and their privacy policy in the EULA.

For the EULA collectors out there here are some TinkoPal EULA metrics:

Number of Characters: 34791
Number of Words: 5653
Number of Sentences: 145
Avg Words per Sentence: 38.99
Flesch Score: 4.71
Flesch Grade: 22 = Beyond Twelfth Grade Reading Level

There are also some great clauses in the EULA too- it is a lovely work of art if you are into legal self flagellation. Here are a few reasons people detest adware. This agreement (which requires the equivalent of a master's degree to truly understand) is so ridiculous and dangerous (the ability to upload arbitrary code) that I wouldn't wish it on my own enemies.

Full Read @ ReveNews

There are some amazing 'requirements' contained on the linked page. If all lawyers wrote contracts with as many holes in it, biased to the vendors side, like this, no one would be able to stay in business.


Posted Image
Calendar of Updates
Malware Advisor Blog
HijackThis! Trusted Advisor
Ultimate Countermeasures Page
TeMerc Internet Countermeasures
Remember, you can NEVER be OVERPROTECTED!!!
Proud Member of the Alliance of Security Analysis Professionals
Posted Image

#5 igonuts2

igonuts2

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:11:19 PM

Posted 31 August 2005 - 01:55 AM

sorry, spacebar!

Edited by igonuts2, 31 August 2005 - 02:31 AM.

Why work when you can play!

#6 TeMerc

TeMerc

    Countermeasures Team Leader

  • Topic Starter

  • Malware Response Team
  • 215 posts
  • OFFLINE
  •  
  • Location:PHX., AZ.
  • Local time:12:19 AM

Posted 03 September 2005 - 02:51 AM

Some details are beginning to trickle out about Orion Holtby and his scam on Hurricane Digital Media........no, check that, they are streaming out.

This saga will be also taking place over at Wayne Porter's ReveNews. Watch as the story unfolds, as we get a direct peek into the mind of a scam artist, and witness as he is taken down, by David Eastbrook, Wayne, and PG, no holds barred, no rules, cagematch style, its gonna get ugly before it gets pretty. And I already placed my bets on the winners.

Full Read Here
Posted Image
Calendar of Updates
Malware Advisor Blog
HijackThis! Trusted Advisor
Ultimate Countermeasures Page
TeMerc Internet Countermeasures
Remember, you can NEVER be OVERPROTECTED!!!
Proud Member of the Alliance of Security Analysis Professionals
Posted Image

#7 TeMerc

TeMerc

    Countermeasures Team Leader

  • Topic Starter

  • Malware Response Team
  • 215 posts
  • OFFLINE
  •  
  • Location:PHX., AZ.
  • Local time:12:19 AM

Posted 08 September 2005 - 01:25 AM

Tomes of grey hit the news, and so do we...

Two stories for you today - it's that exciting. I'll post the second story later, but for now we're going to revisit an old friend...

From what I've seen, the ballad of Orion grows apace, and probably with some guy in green tights in a forest singing about adBUMb, online advertising news-type site.

Imagine my surprise when they blasted the ballad of Orion out of a lute which was clearly turned up to eleven.


Full Read @ VitalSecurity.org
Posted Image
Calendar of Updates
Malware Advisor Blog
HijackThis! Trusted Advisor
Ultimate Countermeasures Page
TeMerc Internet Countermeasures
Remember, you can NEVER be OVERPROTECTED!!!
Proud Member of the Alliance of Security Analysis Professionals
Posted Image

#8 TeMerc

TeMerc

    Countermeasures Team Leader

  • Topic Starter

  • Malware Response Team
  • 215 posts
  • OFFLINE
  •  
  • Location:PHX., AZ.
  • Local time:12:19 AM

Posted 24 September 2005 - 02:05 AM

After a long stretch of silence, David has fired up the blog once more about our good friend Orion Holtby.

It’s been a while since my last post, so I decided today is a good day to ruin someone’s weekend. Lord knows he’s ruined plenty for other people.

Orion Holtby has a partner.

His name is Hamed Vaghayenegar. Orion reportedly bought Hamed’s company, Creatrix Media Inc. ( www.creatrixads.com ) earlier this year. Hamed has been acting as the “front man” for the combined operation, which has used a variety of names. They include nContextMedia, Publishercash, Adacuity, nContextSearch, and many, many others.


Full Read w\pix, & PDF of flyer @ Hurricane Digital MEdia
Posted Image
Calendar of Updates
Malware Advisor Blog
HijackThis! Trusted Advisor
Ultimate Countermeasures Page
TeMerc Internet Countermeasures
Remember, you can NEVER be OVERPROTECTED!!!
Proud Member of the Alliance of Security Analysis Professionals
Posted Image

#9 TeMerc

TeMerc

    Countermeasures Team Leader

  • Topic Starter

  • Malware Response Team
  • 215 posts
  • OFFLINE
  •  
  • Location:PHX., AZ.
  • Local time:12:19 AM

Posted 19 October 2005 - 11:42 AM

The picture I posted a while back of Holtby brandishing a handgun has generated a great deal of reaction. I felt I should address the subject to explain our position and perspective.

We’ve been asked if we’re worried or scared or something because we’re dealing with armed thugs.

No, not particularly.

We will never make the mistake of bringing a knife to a gunfight.


Full Read @ Hurricane Digital Media
Posted Image
Calendar of Updates
Malware Advisor Blog
HijackThis! Trusted Advisor
Ultimate Countermeasures Page
TeMerc Internet Countermeasures
Remember, you can NEVER be OVERPROTECTED!!!
Proud Member of the Alliance of Security Analysis Professionals
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users