Sophos technical support has received a number of reports from
customers concerned about an email which invites users to visit a
website to view comedy video clips, such as one of Bill Gates being
hit with a custard pie by Belgian anarchists.
If users follow the link in the email, they are invited to
install an application called "Internet Optimizer" (IO) onto their
computer from a website run by Avenue Media NV, based in the
Caribbean island of Curacao.
An end-user license agreement (EULA) for IO is displayed,
stating that by viewing the movie the user is giving permission to
send an invitation to view video clips to all addresses found in
the user's Outlook address book and via instant messaging
systems.
"In consideration for viewing of video content,
Avenue Media may send email to your Microsoft Outlook contacts
and/or send instant messages to your IM contacts offering the video
to them on your behalf. By viewing the video content, you expressly
consent to said activity."
Worryingly, the EULA for "Internet Optimizer" continues:
"For your convenience, [IO] automatically
updates itself and any other [IO]-installed software to the latest
available versions at periodic intervals. In consideration for this
feature, you grant Avenue Media access to your machine to
automatically update [IO], add new features and other benefits, and
periodically install and uninstall optional software
packages."
Sophos is concerned that many computer users will not read the
EULA with enough attention and simply grant permission for the
application to be installed, without realising that emails and
instant messages will be sent to all their contacts. Although this
not a virus or a worm, these viral marketing campaigns have the
potential to clog up a large amount of a company's email bandwidth
like a mass-mailing worm.
"The makers of this email nuisance appear to have been inspired
by the Friends
Greeting incident of October last year which affected thousands
of internet users," said Graham Cluley, senior technology
consultant for Sophos Anti-Virus. "Just like then the people behind
this are taking advantage of the public's reluctance to read
legalese and small print."
Sophos recommends companies consider blocking access to
non-work-related websites, and educate users to check with their IT
department before installing unauthorised code onto their
computers.
"The agreement to allow Avenue Media access to your computer to
update and install code as they see fit is particularly
disturbing," continued Cluley. "The decision about whether to grant
such permission should only be made by an IT department fully aware
of the consequences, not a user frantically clicking 'next' on a
license agreement in their hurry to see a movie of Bill Gates being
splattered with custard."
As well as advising users to read the small print, Sophos
advises users to avoid this attack by:
- Tightening the security of their browsers by setting "Download
signed ActiveX controls" to "Disable" instead of the more common
"Prompt", and ensuring that "Download unsigned ActiveX controls" is
also set at "Disable".
- Blocking access to the domains "movies-etc.com" and
"internet-optimizer.com" if they are running a web proxy.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.