Virtus Designs Malware
Here is one definition of Malware. It is, as of this writing, the first paragraph in an article entitled 'Malware' at Wikipedia:
"Malware, short for malicious software, is software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. "
The invasive junk attempting to insinuate itself deeper into my system from Virtus Designs is, by any reasonable definition of the term, Malware. Certainly, for my purposes it is and since I have been a paid computer professional since 1982, I feel qualified to make that statement. There is no question in my mind that it is Malware with a capital 'M'. There is no ambiguity here, no gray area. The fact that the perpetrator of this deed lacks a moral compass and a sense of shame for his misdeeds does not make it any better. In fact, it makes it worse. It means that, unless he is stopped, he will do it again. As far as I know, he *is* doing it still, even as you read this. Worse still, since he feels he is firmly in the camp with the good guys, and has strayed this far for money, chances are very good he will stray even further afield until finally, he is forcibly removed from cyberspace.
I had the misfortune to install a Firefox Theme called 'Aero Fox'. It was probably last year, I don't recall. I did it, as I do from time to time, just to take a look at the theme. Seeing how it is a Theme, not even the active one, came directly from Mozilla and did nothing in particular beyond dress up the Browser when the active theme, I had no reason to expect it was not benign. I have, until now, typically left such things installed in case I wish to refer back to them. A theme has no legitimate reason to do anything at all if it is not the active theme. If it is the active theme, it has the right to (temporarily!) replace icons and backgrounds and stuff like that within the browser.
Yesterday, I started Firefox to take a look at something and as happens now just about every single time I start Firefox, it stopped loading so it could install a pile of updates. It is a story for another day, but the constant updating of Windows, Java, Firefox and the like is getting so irritating I am shifting some stuff to Linux, do nothing with Java unless forced and have taken to using Google's Chrome browser most of the time.
To my horror, one of the things, while 'updating itself', began to veer off course and installed another plug-in -- malware that threatened to and I quote:
'...offer you an opportunity to try out Bing by setting it as your default search."
The window is still open now as I figure out how to determine precisely the extent of the invasion, the particular vector(s) that got it this far and how to eradicate it and its criminal buddies from my system.
Should you get here as a result of a search, be assured that you are not alone in your surprise and yes, indeed, it is an untoward invasion of your machine by someone who has put the needs of the few (themselves) ahead of the needs of the many (you and I). It is wrongful behavior and nothing will put a good face on that.
I will let you judge for yourself what the perpetrators of this offense have to say for themselves. Here they are 'clarifying' for your edification why this outrageous breach of trust is just dandy and you can expect them to carry on doing that and (if this is an indication) more until somebody stops them:
http://www.virtusdesigns.com/?p=1816&cpage=1
Archived copy: [http://web.archive.org/web/20100822055538/http://www.virtusdesigns.com/?p=1816]
Later in my (long) piece here is the harsh comment that I submitted to that page. A part of my ire is because this came at a bad time and interrupted the flow of my work while I investigated the extent to which this Malware had compromised my system. However, a part of my ire is simply disgust at a shameful practice and the fact that the people doing it are not only unrepentant; they are still doing it. They will continue to do so until they are stopped.
If my comment appears on their page in the next few days, I will update this to express that. At least it will lend some credence to the idea that they are honest enough to disclose that some people disagree with them. My suspicion is that they won't allow my comment to remain there. If you do not see a correction here to say they have posted the comment it means they did not. In the fullness of time, this blog entry will be indexed by Google; they will see it and may make a post-facto alteration to include the comment. However, it will be suspect since they did not post it until they were apprised of the fact that it existed on the Internet already.
If my comment does not appear at that site, consider this: Some of the comments are negative and the moderator of that comment area (and, it seems, one of the 'perps' in this shameful affair) alludes to comments elsewhere that are more negative. If you do not see my comment, what it means is that they don't show you all the negative comments. Therefore, whatever they *do* show you is a dishonest reflection of the true feedback they are getting and you should not trust what they say at all. Certainly, you can be forgiven for not trusting them. If you are reading this, chances are good they have already violated your trust at least once as far as you know.
Before I put my comment text in here, I would like to address the entirely self-serving and patently dishonest commentary that one of the perps has put at the beginning of that page.
Bear in mind, what that page *should* be is an ABJECT AND GROVELLING APOLOGY and instructions for minimizing the injury they have done to your system and the time they have wasted. Instead, what you get is gems like this:
"There seems to be a misunderstanding out there due to the purposeful spreading of misinformation by people who want to do nothing other than cause problems and attack AMO developers." -- Posted by 'Brett' at VirtusDesigns.com
I can assure you (better, you can just look for me elsewhere around the net and assure yourself) that I had no particular axe to grind against 'AMO developers'. I don't even know *what* an AMO developer is, let alone who. I sure do not have an ongoing relationship with them and as soon as I am done this and have cleaned their malware off of my systems I hope never to hear from them again.
Our man 'Brett' goes on to say:
"One of the common things I read by people who leave negative reviews is that I hijack people's browsers by forcing them to install an Ask.com toolbar. Every bit of that accusation is false."
Contrary to what Brett would have you believe, most of that accusation is true and arguably, at least in spirit, every bit of it is true. Brett can say what he will. His assertion that those people are wrong does not make it so. He is the one who is wrong and dramatically so.
Brett then proceeds to systematically pile one whopper on top of another by way of demonstrating how each of the accusations is false.
He says:
"1. Nothing is hijacked. There is no adware or malware installed on a user's system. The only thing that the bundled Ask extension does is add a custom search plugin in the search window of the browser toolbar. "
I am not sure if I have to rebut that point since it appears to rebut itself. It starts out saying that their software does NOTHING and then proceeds to 'prove' it by telling you what it DOES. Something is most assuredly hijacked or you would not be reading either this posting or his. His post would have no reason to exist since its entire purpose is to address the aftermath of his HIJACKING people's browsers. He tells you that it installs NOTHING and proves his point by telling you that all it DOES 'add' is a custom search plug-in in the [...blah blah blah]. It is a fine and effectively irrelevant distinction between 'adding' and installing in this case and it is also quite misleading and dishonest because it attempts to do more than just *ADD* their search engine plug-in, it attempts to REPLACE your default search engine with theirs. You can rest assured that my inconvenience by having to deal with a wrecked default search is the expense I PAY so that THEY can get advertising dollars (which are swiped from Google and, I suppose, split with Bing). It is entirely beside the point what the precise arrangement is. Somebody gains at the expense of me and my legitimate search provider. They take something FROM me and they give it TO someone else without my knowledge or permission. Yeah Brett, something *IS* most assuredly hijacked and since you presumably had your arms in this up to your elbows you *know* it was.
He then offers:
"2. Nothing is forced on a user. When installing the theme on AMO, a user must accept the EULA by clicking on the accept button. When installation begins, a popup window displays asking the user if they would like to proceed with the addition of the Ask.com search plug-in. Nobody is required to use the search and you can switch back anytime. On my website, you must accept the EULA but there is no opt-in popup so the user has total control of what is being installed on their system."
Good lord. I can assure you that the very existence of this software on my system was accomplished by what is effectively force. I at no point ever agreed in any way to such an invasion and I would never knowingly do such a thing. The fact that I am not the only one to complain is proof enough they did this without permission. Beyond what threshold against someone's will do we start calling it force. No means no. Failing to say no when you are not even asked is not equivalent in any way to saying 'yes'. Like the first point he made, this one essentially negates itself. After saying 'nothing is forced...' he then goes on to say "a user MUST ACCEPT THE EULA..." (emphasis mine). I invite the reader to pause for a moment and familiarize themselves with the notion of a 'contract of adhesion'. If you think there ought to be a law, there is. A contract such as the EULA in question is not enforceable. It is not a meaningful (or even real) agreement between two equal parties. I will bet if you asked a thousand people to tell you what was in the contract they had clicked through, not even a single one would be able to tell you what was in that contract. When somebody shoves a boiler-plate agreement drafted by them to their advantage in your face en-passant all that you agree to is something vaguely 'reasonable'. Any other provision is meaningless. Installing unrelated software a year hence under the guise of an upgrade is NOT reasonable. It is not even close.
With respect to 'total control', it is to laugh. I would NEVER, not in a million years, have ever voluntarily put such an invasive thing on my computer. I had no control at all. Our friend Brett and his co-conspirators added a chunk of malware post-facto to my machine and even as I write this the pop up inviting me to screw-up my browser is sitting front and center on my screen. This is not control at all, let alone 'total control' and they know it.
Brett continues with his third point:
"3. There is no toolbar installed. All that is added is the simple plugin making Ask.com a search option. Ask is set as the default search instead of Google. This is my main source of revenue to support the continued development of my current themes and the many more I have planned."
Here we get to the crux of the matter. Whilst attempting unconvincingly to misdirect attention away from his invasion of your machine to a discussion of the *style* of the invasion, he slips in the fact that he is ripping off Google by stealing, against both Google's wishes and my wishes traffic from Google to create revenue for someone else who gives him a cut of the stolen revenue.
I do not even want Ask.com as an *option*, let alone have it hijack my main search provider. If who you used for search was not important, Google would not be worth $200 Billion Dollars. Ask.com, by the way, is not even really in the search business anymore. Despite the conversation about hijacking for Ask.com, the current hijacking is on behalf of Bing now. If either Ask.com or Bing were preferable to anyone they would not have to rely on Malware to get on to our machines.
Finally, Brett closes with this:
"Fortunately, I have great users overall and the vast majority of you are supportive, kind, and very encouraging and I appreciate that tremendously. Unfortunately, however, there is a tiny, yet very loud, minority out there that feels it is their purpose in life to attack, smear, and call names for no other reason than to cause problems. I thank you for your continued support. If you do not want install the extension, you can simply add the search plugin by clicking here."
That last sentence gives me pause. I think he closed this shameless attempt at rationalization by trying again to fool me into screwing up my browser. Mercifully, the link appears to be incorrect.
I doubt those allegedly supportive users would be nearly so kind if they knew what Brett was doing to them. The 'tiny, yet very loud minority' includes people like me whose opinion in these matters has been formed over decades in cyberspace. Yes -- I started using computers in 1976 and I registered my first '.com' name in 1988. The 'minority' opinion of his users happens to represent the *majority* opinion of people who know anything about this stuff. This stuff, as it manifests on my machine is malware and malware is entirely a bad thing. Likely most people have been under attack by malware and to the extent that they know what is happening to them, they are not only against it, they are vehemently against it. What Brett has done on my machine is borderline illegal and the penalties are severe if he is charged. If I see he has attempted to worm his way back on to my workstation, I will pursue sanctions. So should you.
With respect to his notion that people like me feel we have a "purpose in life to attack, smear, and call names for no other reason than to cause problems." That is some sort of sick joke. I want him to stop stealthily worming his way on to people's machines and hijacking their browsers and search providers. You can bet I want to cause problems with this guy. I want to shut down his quasi-criminal enterprise. In my opinion, the net effect of shutting this guy down REMOVES problems. Specifically, if I get my way, his Malware will stop infecting my machine and the machines of others.
Here, in all its gory glory is the comment they appear to be too afraid to display:
-------
I got here by doing a search for ‘virtus’ and ‘malware’.
I am the only one who ever uses this particular workstation and my default answer to anything that wants to install itself is ‘NO’. Anything that got as close as this did to altering the configuration of my system did so entirely without my permission and against my wishes.
There is no way that anything like this should ever, ever, EVER, EVER, EVER be popping up on my machine.
You may be of the opinion that it is OK to start installing software on someone’s machine as long as you interrupt their work by popping up and asking them if it is OK to install the software. That is fine for you, and you are welcome to deal in this junk as you wish. It is NOT OK AT ALL to start installing your software on MY WORKSTATION. I had to do a double-take while writing this to confirm that you are attempting the highly disruptive move of replacing my default search provider. I am still puzzling over this. It is shockingly unethical behavior on your part.
This is just Malware, plain and simple. I did not ask for it to come on to my machine and it is attempting to sneak its way deeper into my system by pretending to ask my permission. You have no valid reason to expect you have permission to even install something capable of asking the question, let alone trying to fool me into doing it. By what appears to be your reasoning as long as you can fool somebody into installing your software on their machine, their time, attention and resources are fair game and you may take them as you see fit. Wrong. My time, attention and computing resources are MINE and mine alone, not yours. You have not even a whisper of permission to do anything of the sort, let alone stealth your way into my machine with a ’sleeper’ Trojan in the guise of a browser plug-in that nobody would be expecting to start installing unrelated software whilst pretending to update itself.
Whatever I did with respect to your stuff, I did in a good faith belief that it did what it said it did and did not include any other unexpected (and thereby noxious) behavior. What you have done is in extremely bad faith. That you have trouble seeing it, even when it is pointed out to you shows that you can be expected to be even worse in the future.
I am going to attempt to track down and gut whatever the heck it is you have installed on my machine and hope that I have seen the end of it.
The next time you EVER have to dismiss an annoying pop-up or look carefully to catch some crap like this trying to dig itself into YOUR system, think back on this note and try to imagine all the misery you have created with this obnoxious breach of trust.
Rather than your mealy-mouthed attempt to rationalize and defend behavior that is well over the line and beyond defense, you owe me and anyone else who has had the misfortune to have your malware visited upon them a BIG FAT APOLOGY. You also owe everyone a promise that you will cease and desist and do whatever you can to repair the damage already done. Naturally, you have already written a cheque you cannot honor. You do not have the resources to return to me and everyone else the time, attention and peace of mind you have misappropriated.
Anyone who sees this and wishes to take more aggressive action may feel free to track me down. I have used my real name and I’m easy to find. If this person is still perpetrating this nonsense on people, I will be happy to support you if you pursue this in the courts.
If you can’t use software development tools responsibly, then don’t use them at all.