Adware client tags you as its pitchman

by


Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

20090520_btb_promoimgOver the past week, someone has been spamming the file sharing site ThePirateBay.org with comments advertising a new “product” called BittorrentBooster. According to the site’s administrators, the spammer used a large number of fraudulently registered accounts to post the messages as feedback, attached to hundreds, possibly thousands, of downloadable .torrent files, which file-sharers use to initiate a peer-to-peer download session.

I decided to take a closer look, because the product’s claims — to be able to give file-sharers a massive speed boost during the “leeching” (or, downloading) phase of their torrent session — sounded pretty implausible. Impossible is more like it: The spammed ads for the product state, in characteristically broken English, it can help users “get your torrents download in 10 times faster!!”

The simple fact is, the amount of bandwidth available to you, network congestion, the number of people sharing a file, their bandwidth capabilities, and many other factors out of any individual PC’s control determine the download speed for a given torrent. No program can deliver a download performance increase of the scale promised by this product.

So, assuming the claims were snake oil, I took a closer look at what else the program was capable of. As it turns out, it’s a very capable delivery mechanism for advertising—in places I didn’t expect.

The service requires you to create a user account before you install the software; you simply pick an email address and password. The system requirements spelled out on the site seem reasonable: “You nee Windows 2000 XP or vista to run bitorrentBooster.”

When you first launch the program, the BittorrentBooster client asks you to enter this information into a form. It then sends the username and password, in plain text, as a query string to the program’s website.

The program’s main window has a few menu “buttons” along the top edge, as well as three large buttons in the middle, labeled “Silver membership,” “Gold membership,” and “Diamond membership.” What relationship these names have to the images that accompany them, I leave to you to discern as a mental exercise.

20090520_btb_program

The default, Rainbow Brite setting, is supposed to provide some small performance increase as a demonstration. The other two modes require you to have subscribed to the service: Gold level costs $3 per month, Diamond (also referred to in various locations as “DIANMOND” and “Dimond”) costs $5 a month.

The text of the license agreement actually spells out what the product can do. In part, it says:

“The Software may add to all Computers’ outgoing and incoming emails, to forums and social networks posting, regardless of local or online service, One to Two text lines which carry advertisement information and a link to the advertiser” (Emphasis mine)

20090520_btb_eula-ads

Wow, really? You get the benefit of injecting your ads into my email, and all I have to pay you is, at most, $60 a year for the privilege? Yes, as it turns out.

With the help of another researcher here, we installed the software on a test system, then logged into a Gmail account we use for testing and sent a brief message from the test system.

Taking a closer look at the program itself, it appears to load a DLL as a Browser Helper Object. This BHO contains interesting strings that give a good indication as to what services the program targets:

20090520_btb_webmailstrings

And what the text of the one-to-two line advertisement looks like:

20090520_btb_webmail-code

So the test message, which simply consisted of the text “Testing message for BitTorrentBooster!” looked like this when we received the message from Gmail.

20090520_btb_webmail-sig

Recall that the EULA says they can add these text ads to incoming email as well. I’m at a loss to understand exactly how injecting ads for their own product into the email messages coming to the user who already has the program installed benefits the company.

We also saw references to MySpace in the same strings, and, in fact, the program does attempt to interact with the MySpace “Add Comment” feature. Fortunately, all it does is break MySpace’s Add Comment dialog box in Internet Explorer, in such a way that users cannot post comments to other MySpace users’ pages at all, using that browser. You may actually consider this an upside.

The EULA goes on to say that the program will also display popup ads in the browser, and that “The choice of Signature Ads and Advertisements may be based on the Computer’s user of online search engine keywords.” As for the ad content itself, users are told that the ads “may include commercial, adult, personal ads, classified ads or any other type of content the Bitorrentbooster may choose to publish.”

This is sounding better all the time! But that’s not all: “The Software may change the Internet browser’s default search engine at any time” — yippee.

Well, thanks but no thanks. I think we’d rather give the BittorrentBooster the big Webroot boot-ster.

wordpress blog stats

Trackbacks

  1. [...] stated in the application’s EULA, every user agrees to receive all kinds of pop-up ads in their web [...]

  2. [...] stated in the application’s EULA, every user agrees to receive all kinds of pop-up ads in their web [...]

  3. [...] stated in the application’s EULA, every user agrees to receive all kinds of pop-up ads in their web [...]

  4. [...] stated in the application’s EULA, every user agrees to receive all kinds of pop-up ads in their web [...]

  5. [...] stated in the application’s EULA, every user agrees to receive all kinds of pop-up ads in their web [...]

  6. [...] stated in the application’s EULA, every user agrees to receive all kinds of pop-up ads in their web [...]

  7. [...] stated in the application’s EULA, every user agrees to receive all kinds of pop-up ads in their web [...]

  8. [...] stated in the application’s EULA, every user agrees to receive all kinds of pop-up ads in their web [...]