Sophos technical support has received a number of reports from customers concerned about an email which invites users to visit a website to view comedy video clips, such as one of Bill Gates being hit with a custard pie by Belgian anarchists.
If users follow the link in the email, they are invited to install an application called "Internet Optimizer" (IO) onto their computer from a website run by Avenue Media NV, based in the Caribbean island of Curacao.
An end-user license agreement (EULA) for IO is displayed, stating that by viewing the movie the user is giving permission to send an invitation to view video clips to all addresses found in the user's Outlook address book and via instant messaging systems.
"In consideration for viewing of video content, Avenue Media may send email to your Microsoft Outlook contacts and/or send instant messages to your IM contacts offering the video to them on your behalf. By viewing the video content, you expressly consent to said activity."
Worryingly, the EULA for "Internet Optimizer" continues:
"For your convenience, [IO] automatically updates itself and any other [IO]-installed software to the latest available versions at periodic intervals. In consideration for this feature, you grant Avenue Media access to your machine to automatically update [IO], add new features and other benefits, and periodically install and uninstall optional software packages."
Sophos is concerned that many computer users will not read the EULA with enough attention and simply grant permission for the application to be installed, without realising that emails and instant messages will be sent to all their contacts. Although this not a virus or a worm, these viral marketing campaigns have the potential to clog up a large amount of a company's email bandwidth like a mass-mailing worm.
"The makers of this email nuisance appear to have been inspired by the Friends Greeting incident of October last year which affected thousands of internet users," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Just like then the people behind this are taking advantage of the public's reluctance to read legalese and small print."
Sophos recommends companies consider blocking access to non-work-related websites, and educate users to check with their IT department before installing unauthorised code onto their computers.
"The agreement to allow Avenue Media access to your computer to update and install code as they see fit is particularly disturbing," continued Cluley. "The decision about whether to grant such permission should only be made by an IT department fully aware of the consequences, not a user frantically clicking 'next' on a license agreement in their hurry to see a movie of Bill Gates being splattered with custard."
As well as advising users to read the small print, Sophos advises users to avoid this attack by:
- Tightening the security of their browsers by setting "Download signed ActiveX controls" to "Disable" instead of the more common "Prompt", and ensuring that "Download unsigned ActiveX controls" is also set at "Disable".
- Blocking access to the domains "movies-etc.com" and "internet-optimizer.com" if they are running a web proxy.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.