Don’t PassThisOn…
Some áššhølë took over my computer last night.
To be more specific, some áššhølë wrote some software and published it on the object.passthison.com subdomain which then took over my computer. While Googling for some information for some fellow notaries public, I ran across a notary website that displayed the ad that the bûtthëád created. Despite the tight firewall, up-to-date antivirus definitions, anti-popup addons, and current anti-spyware software, my machine started freaking out.
The first sign was that everything on my computer screen went blank except for an instruction to “press the enter key.” Well, of course, that wasn’t going to be the first thing I tried — like I’m going to blindly follow some áššhølë’s instructions! Needless to say, after trying many other things, pressing enter was the only viable option. An ad then popped up, saying that I had spyware on my machine and that if I didn’t want it, then I had to buy a particular package of anti-spyware.
Blackmail! Extortion! Úšhølëš! Arrrgh!
This morning I opened up Internet Explorer and my screen went black. Seconds later, my Empire Earth CD was ejected from my D: drive, accompanied by a message that said if my CD drives opened, then I had spyware on my machine. As before, if I didn’t want the spyware, then I had to buy a particular package of anti-spyware software.
Right. Like I’m going to send that guy ANY money!
Passthison.com is registered to SmartBot.NET, Inc. at 3 Cobblestone Court, Richboro, PA 18954, phone: 215-953-7291, fax: 215-942-4338, with the name server as smartbotpro.net. Whois for smartbotpro.net also lists the phone number 603-817-0902. Through other sources, I get the name Stanford (although his real name is “Sanford”) Adam Wallace, phone: 215-628-9780. There’s also default-homepage-network.com, registered to a Mike Cayer at Seismic Entertainment Productions, Inc., a known spamming friend of Sanford’s. Their ISPs are ServInt Internet Services (passthison.com), Excalibur Internet (default-homepage-network.com) and Service Telematique Service Internet de Montreal (smartbotpro.net). More info on the áššhølë from AnnOnline and a cornucopia of knowledge about Sanford Wallace at Tired of Spam.
After searching the ‘net, I found that most people (including an official representative from PassThisOn) blame the peer-to-peer file sharing system, Kazaa. PassThisOn also states in a quoted email that they “[use] banners on other participating networks in accordance to their own and PassThisOn.com’s terms of service.” Yeah, that’s fair. If it’s OK with us, and OK with the websites on which we advertise, it’s OK for us to mess with your computer. Not! I somehow doubt that the notary whose website I was trying to read would condone PassThisOn’s actions.
Of note, I don’t have Kazaa installed on my computer.
“PassThisOn.com prompts and changes consumers’ browser behaviors to offer a better user experience and a more targeted advertiser-to-consumer communication system… PassThisOn.com utilizes several technical and business methods to change users’ default homepage to one that PassThisOn.com controls… Some users do not wish to see pop-ups on their web browsers. It is easy to install ‘pop blockers’ which will dissallow that feature. PassThisOn.com does not attempt to cause any damage or harm in any way. It will, however, use NON-DESTRUCTIVE ’scare tactics’… to demonstrate the importance that users’ secure their computers from malicious hackers, and then PassThisOn.com attempts to sell products designed to secure users’ computers. PassThisOn.com enforces a zero-tolerance anti-spam policy.”
Thanks, but I think I am the most qualified person to decide how I want my own browser to behave. Sanford’s definition of a “better user experience” is far different than mine.
Well, if you’ve read this far, it’s probably because you want to know how to get rid of this annoyance. So far, I’ve found that their latest version is really easy to bypass since it doesn’t install anything in the StartUp directory like it used to. Previous versions installed files called reg.vbs, reg.hta, or reg2.hta in your StartUp folder, but PassItOn (same group as PassThisOn) claims to have stopped doing that.
Reset your home page in Internet Explorer using Tools -> Internet Options…
I’m just glad the idiots at PassThisOn didn’t do anything worse.
Thanks to you for the heads-up. Of course, in my case, it’s too late but I appreciate the help just the same. I agree with the all the angry messages here. Bravo for your forum.
Here’s an oddity. The splash screen at passthison.com asserts that the site has ceased operations. Yet, on July 22, some wánkër from that domain attempted to penetrate my website. Ineffectual script-kiddie work, but a criminal act nonetheless. At the risk of fanning flames, I have to point out that passthison and a gazillion other pests _flourish_ in the IT monoculture that has been created by individuals and corporations who fail to see technology as an ecosystem. Computers: 4 (2 Mac, 1 Linux, 1 Windows); Microsoft, Linux, & Cisco Certified; viruses: none; spyware: none; paranoia level: very, very high. Cheers, Bob
computers: 10 (6 Windows, 4 Linux)
viruses: none
spyware: none
paranoia level: just as high as yours
knowing that people read my ramblings and learn something from them: priceless.
I got a chain letter from my friends. It said to click on this site and i did. I got this please press enter thing and i couldn’t get rid of it so i pressed enter. My cd and dvd drives popped open and it sed if my cd drive had opened it meant i had spyware. i desperately tried to close the window but it wouldn’t so i rebooted the computer. everything seemed normal but when i went on the net, my homepage said this thing about if you’re net had been slower or you’d been getting more popups, which i had, you had spyware. it had this download spyware deleter thing as well. suddenly the page changed and i was downloading the spy deleter. i was panicking cos the net window wouldn’t close. finally the window closed and my antivirus program alerted me of about 5 trojan horses cause by the ####### site. so the spy deleter was a trojan horse. i fell like killing the ########.
I have been forwarded this passthison email over and over, but they use a different URL this time: www . passthison . com / fortune-cookie / (DO NOT VISIT THIS URL!!!) The main URL has been shutdown, but they still keep this one open and active.
this dosnt work i set it to 17 people and it would’ntlet meclick on this link. so I had to go to http://www.askjeeves.com and typed this email address.
Use Firefox and all these problems will go away…
ppl like that should die and burn in hëll. they do not deserve to have a computer. the bìtçhëš can die for all i care