Some åsshølë took over my computer last night.
To be more specific, some åsshølë wrote some software and published it on the object.passthison.com subdomain — which then took over my computer. While Googling for some information for some fellow notaries public, I came across a notary website that displayed the ad that the åsshølë created. Despite the tight firewall, up-to-date antivirus definitions, anti-popup addons, and current anti-spyware software, my machine started freaking out.
The first sign was that everything on my computer screen went blank except for an instruction to “press the enter key.” Well, of course, that wasn’t going to be the first thing I tried — like I’m going to blindly follow some åsshølë’s instructions! Needless to say, after trying many other things, pressing enter was the only viable option. An ad then popped up, saying that I had spyware on my machine and that if I didn’t want it, then I had to buy a particular package of anti-spyware.
Blackmail! Extortion! Ãsshølës! Oh, my!
This morning I opened up Internet Explorer and my screen went black. Seconds later, my Empire Earth CD was ejected from my D: drive, accompanied by a message that said if my CD drives opened, then I had spyware on my machine. As before, if I didn’t want the spyware, then I had to buy a particular package of anti-spyware software.
Right. Like I’m going to send that guy ANY money!
Who is PassThisOn?
Passthison.com is registered to SmartBot.NET, Inc. at 3 Cobblestone Court, Richboro, PA 18954, phone: 215-953-7291, fax: 215-942-4338, with the name server as smartbotpro.net. Whois for smartbotpro.net also lists the phone number 603-817-0902. Through other sources, I get the name Stanford (although his real name is “Sanford”) Adam Wallace, phone: 215-628-9780. There’s also default-homepage-network.com, registered to a Mike Cayer at Seismic Entertainment Productions, Inc., a known spamming friend of Sanford’s. Their ISPs are ServInt Internet Services (passthison.com), Excalibur Internet (default-homepage-network.com) and Service Telematique Service Internet de Montreal (smartbotpro.net). More info on the åsshølë from AnnOnline and a cornucopia of knowledge about Sanford Wallace at Tired of Spam.
I found that most people (including an official representative from PassThisOn) blame the peer-to-peer file sharing system, Kazaa. PassThisOn also states in a quoted email that they “[use] banners on other participating networks in accordance to their own and PassThisOn.com’s terms of service.”
Yeah, that’s fair. If it’s OK with us, and OK with the websites on which we advertise, it’s OK for us to mess with your computer. Not! I somehow doubt that the notary whose website I visited would condone PassThisOn’s actions. (Of note, I don’t have Kazaa installed on my computer.)
According to the åsshølës themselves, “PassThisOn.com prompts and changes consumers’ browser behaviors to offer a better user experience and a more targeted advertiser-to-consumer communication system… PassThisOn.com utilizes several technical and business methods to change users’ default homepage to one that PassThisOn.com controls… Some users do not wish to see pop-ups on their web browsers. It is easy to install ‘pop blockers’ which will dissallow that feature. PassThisOn.com does not attempt to cause any damage or harm in any way. It will, however, use NON-DESTRUCTIVE ‘scare tactics’… to demonstrate the importance that users secure their computers from malicious hackers, and then PassThisOn.com attempts to sell products designed to secure users’ computers. PassThisOn.com enforces a zero-tolerance anti-spam policy.”
Sanford’s definition of a “better user experience” is far different than mine — thanks, but I think I am the most qualified person to decide how I want my own browser to behave.
Well, if you’ve read this far, it’s probably because you want to know how to get rid of this annoyance. So far, their latest version is really easy to disable since it doesn’t install anything in the StartUp directory like it used to. Previous versions installed files called reg.vbs, reg.hta, or reg2.hta in your StartUp folder, but PassItOn (same group as PassThisOn) claims to have stopped doing that.
I’m just glad the åsshølës at PassThisOn didn’t do anything worse this time.