Spyware, Rootkit Maker Stops Distribution

By Ryan Naraine  |  Posted 2006-05-10 Email Print this article Print
 
 
 
 
 
 
 

ContextPlus, a so-called "one-to-one desktop marketing" company implicated in a number of stealth rootkit infections, has stopped distributing the software, citing problems with distribution partners.

ContextPlus, an adware company implicated in a large number of stealth rootkit infections, has stopped distributing its software, citing concerns over the practices of some distribution partners.

In a brief note posted on its home page, ContextPlus said it is "no longer able to ensure the highest standards of quality and customer care" and will stop further distribution of the "one-to-one desktop marketing" software.

The ContextPlus shutdown comes on the heels of several major lawsuits against adware vendors and a class-action lawsuit that accuses Yahoo of partnering with spyware purveyors to perpetrate syndication fraud against online advertisers.

Even as ContextPlus is placing the blame for the shutdown on software distribution partners, a law enforcement source following the company's operations said there are several high-level investigations into the use of rootkits to hide the existence of spyware programs on infected machines.

"This is one of the most notorious companies out there. They're doing all kinds of nasty things on [hijacked] machines," said the source, who requested anonymity because on the ongoing nature of the investigations.

Ziff Davis Media eSeminars invite: Join us on May 11 at 2 p.m. ET to learn critical best practices for e-mail and instant messaging applications, including tips on "hygiene" from Gartner.

Not much is publicly known about the operations. Several domains associated with ContextPlus are registered anonymously or by registrants in France and Poland, and several attempts by eWEEK to contact the company has been unsuccessful.

What is well known, according to Finnish anti-virus vendor F-Secure, is that ContextPlus is the company behind the high rate of Windows rootkit infections.

Two programs distributed by ContextPlus—Apropos and PeopleOnPage—employ what are described as "very advanced rootkit technologies" to evade anti-virus and anti-spyware scanners.

Apropos is a spyware program that collects users' browsing habits and system information and reports back to the ContextPlus servers.

Like the typical spyware application, Apropos uses the data to serve targeted pop-up advertisements while the user is surfing the Web.

Read the full story on eWEEK.com: Spyware, Rootkit Maker Stops Distribution



 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters