BadPhorm - When good ISPs go bad! :: Forums :: Tips & Breaking News :: Tips
 
<< Previous thread | Next thread >>
Antiphorm - this looks interesting.
Go to page       >>  
Moderators: Jim Murray, narcosis, felixcatuk, Sammy, revrob
Author Post
AsteriskTheGaul
Thu May 15 2008, 02:23PM
Registered Member #400
Joined: Thu May 15 2008, 01:34PM
Posts: 5
Hi all, I'm new to the forum, although I've been popping in regularly over the last month to see what's happening as we get closer to Phorm going live. I'd just like to offer my congratulations to the Badphorm team for putting together such a cool site so quickly and creating an entire community in no time at all. Inspirational!

Naturally I'm incensed that these people can get away with this stuff, let alone that my own ISP is about to foist this rubbish on me.

Anyway, I'm rambling. I apologise in advance if somebody has already posted this, although I can't find any mention of it here - please delete if it's a duplicate thread.

I've been checking this site antiphorm.com every few days, it's been inactive until last night or this morning, I'm not sure exactly which. (There's also the other site at antiphorm.co.uk which has been around for a while but I don't think they're related - far as I can tell.)

What's new is that Antiphorm are giving away a software app for masking all the browsing information Phorm will be sucking from us when they 'roll out'. Even better there's some really cool anti phorm artwork on there as well. I've downloaded the software and it seems quite nifty.

I have some issues with it, it's a bit annoying when you run it in browser mode, it goes surfing on it's own but keeps opening up loads of tabs inside the browser instead of opening each new site in the same tab. The really interesting thing is that it can browse the net without a browser and it still sets cookies, I've checked. If you watch it for a while it just meanders about, a pretty realistic imitation of web browsing. You can tell it what to look for in search engines and add in your own URL's to visit, sending Phorms advertisers off on the wrong track. I really like it.

I'm going to be testing it over the next few days, I'll keep you up to date with how it performs. Ideally, Phorm will get canned if we make enough noise but at least this is something which might just screw up their plans.

Once again, I apologise if I've leapt in and made a duplicate thread!
Back to top
Frank Rizzo
Thu May 15 2008, 04:03PM
Registered Member #75
Joined: Sun Mar 02 2008, 06:49PM
Posts: 199
I think you need to need to earn a bit of trust here.

1. You join today
2. You promote a site which was created three weeks ago and is not in google's cache (so how did you find it?)
3. The domain is registered in Canada using a privacy protection service
4. The site is hosted by Bluehost in the US
5. The site has an .exe for 'masking all the browsing information Phorm will be sucking'

Please excuse me for being a bit suspicious but you are not a regular here, you 'found a site', the site has an .exe for download...

If the site is yours just come clean now mate. You will earn more trust that way.

And please give the source code for the .exe.

[ Edited Fri May 16 2008, 10:08AM ]
Back to top
phormwatch
Thu May 15 2008, 04:15PM

Registered Member #297
Joined: Sun Apr 06 2008, 02:57AM
Posts: 212
Right on, Frank.
Back to top
BadPhormula
Thu May 15 2008, 04:33PM
BadPhormula

Registered Member #188
Joined: Sun Mar 16 2008, 05:00PM
Posts: 547
Frank Rizzo wrote ...

I think you need to need to earn a bit of trust here.

1. You join today
2. You promote a site which was created three weeks ago and is not in google's cache (so how did you find it?)
3. The domain is registered in the US using a privacy protection service
4. The site is hosted by Bluehost in the US
5. The site has an .exe for 'masking all the browsing information Phorm will be sucking'

Please excuse me for being a bit suspicious but you are not a regular here, you 'found a site', the site has an .exe for download...

If the site is yours just come clean now mate. You will earn more trust that way.

And please give the source code for the .exe.


ROFL!

Phase ii of the Phormscum attack anti-phorm movement. Profile all the anti-phormers and try and lure them onto bear traps. Oh look, a free lunch!!! Yum yum #!&$!!
Back to top
AsteriskTheGaul
Thu May 15 2008, 05:13PM
Registered Member #400
Joined: Thu May 15 2008, 01:34PM
Posts: 5
Frank Rizzo wrote ...

I think you need to need to earn a bit of trust here.


: )

Sorry mate, I wish I did have the source code.

Sure, your worries are well founded but I honestly can't imagine Phorm putting out dodgy .exe's considering the trouble they're already in.

Actually, now you've got me worried. Initially I ran the file through a couple of adware virus checkers and came up clean.

Is there some way I can be sure it hasn't done something to my PC?

I use Spybot, Avast, F-Secure Blacklight and Ad-Aware. I've scanned my PC with all four and they haven't found anything worrying so far.

Oops!
Back to top
Frank Rizzo
Thu May 15 2008, 05:54PM
Registered Member #75
Joined: Sun Mar 02 2008, 06:49PM
Posts: 199
I'm not implying that phorm are behind the site. I'm not implying the site is upto anything dodgy. It just seens really suspicious.

There are a lot of scamsters out there who would try to make a quick buck on "volcano insurance". That's what that site looks to me, and the way it is promoted looks fishy too.

[ Edited Thu May 15 2008, 07:07PM ]
Back to top
BadPhormula
Thu May 15 2008, 06:16PM
BadPhormula

Registered Member #188
Joined: Sun Mar 16 2008, 05:00PM
Posts: 547
AsteriskTheGaul wrote ...

Frank Rizzo wrote ...
I think you need to need to earn a bit of trust here.


: )

Sorry mate, I wish I did have the source code.

Sure, your worries are well founded but I honestly can't imagine Phorm putting out dodgy .exe's considering the trouble they're already in.

Actually, now you've got me worried. Initially I ran the file through a couple of adware virus checkers and came up clean.

Is there some way I can be sure it hasn't done something to my PC?

I use Spybot, Avast, F-Secure Blacklight and Ad-Aware. I've scanned my PC with all four and they haven't found anything worrying so far.

Oops!


Wow, quick save mate! You think we don't know a 0-day when we see one. ;-)
Back to top
madslug
Thu May 15 2008, 06:16PM

Registered Member #266
Joined: Tue Apr 01 2008, 01:11PM
Posts: 800
Rule of thumb - if there is no physical address and phone number on the site, and the site address is not the same as the whois data, it is not a real site.
Back to top
Frank Rizzo
Thu May 15 2008, 07:09PM
Registered Member #75
Joined: Sun Mar 02 2008, 06:49PM
Posts: 199
The app is not even an antiphorm app. It looks like a generator to fire off random browse requests to fool the profiler.

Back to top
Paul Delaney
Thu May 15 2008, 09:27PM
Registered Member #401
Joined: Thu May 15 2008, 09:08PM
Posts: 6
AsteriskTheGaul wrote ...

Actually, now you've got me worried. Initially I ran the file through a couple of adware virus checkers and came up clean.

Is there some way I can be sure it hasn't done something to my PC?

I use Spybot, Avast, F-Secure Blacklight and Ad-Aware. I've scanned my PC with all four and they haven't found anything worrying so far.

Oops!


If you're still worried you can do this:

download this: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Physically disconnect your Internet connection (pull RJ45 from socket)
Disable any Anti-Virus software
Stop background programs via task manager
Run Combofix.exe
Do not mouse click inside the command window whilst the program is running.
Allow program to completely finish.

You might be surprised what this finds / kills


Sorry brothers I can't let the poor bloke suffer! I kill computer parasites for a living...
I'm from cableforum btw, I'm a frequent lurker here though (been known to post comments @ El Reg too - especially Phorm articles)
Hi everyone
:D
Back to top
Go to page       >>   

Jump:     Back to top

Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System