Protecting your website and your customers is paramount. You should know
that Internet security is a major factor if you plan to establish an
online presence. The threats from adware, malware, viruses, intrusive
marketing infections, tracking cookies and spam are more prevalent than
ever. The people who code malicious viruses, shady marketers and thieves
are always willing to compromise your computer, site and unsuspecting
customers just to make a buck! Your hosting company should provide you
with adequate base-level security and backup options as well as the
ability to upgrade your security if needed. In the end, being aware is the best defense!
A Different Type of Internet Threat! Are Marketing monsters like Text-Enhance and others Ethical?
Sometimes it’s not a virus threat at all! Right now there is a threat that is
affecting thousands if not millions of websites, web developers and
end-users on the Internet. It is called “Text-Enhance” (Similar to
“Coupon Connection” and other intrusive ad-ware infections that put
intrusive ads on your web pages. These ads are attached to random text
in your page creating hyperlinks to products and services. You may think
this is normal but it is not. Unlike the professional services Google offers for developers to implement such as "AdSense" and "AdSense Custom Google Search" where a developer is well aware what he or she is doing and can opt-out or close their account, these marketing scams are like Ramora's attaching themselves to a users computer and browser most often unknowingly to present ad's and hopefully suck money from the infected user.
It is far more annoying than getting tons of junk mail, flyer's on
your porch and Spam in your mailbox. If you are experiencing this
phenomenon it can be very difficult to get rid of! These cookies, bots and spiders change names and come with aliases and are able to evade detection and removal through normal uninstall or Opt-Out functions. Chances are that you
might have unknowingly installed it along with another program that you
did want like Adobe’s Flash Player (one of the vehicles through-which
this ActiveX style infection invades your system.)
This so-called opt-in program (infection)
has what appears to be a fake website and a fake “Help Desk” site that
sends out automated emails telling the person who is infected to enable
third party cookies in order to opt-out?? This is very dangerous to your
system and could make things worse by allowing other third party
intrusions to further invade your system. What intelligent, professional Internet company would give that kind of advice in a world where personal information and protecting identity are at the forefront of World Wide Web Integrity? That alone should raise suspicion! Text-Enhance is being implemented on
sites like Adobe’s plugin download site and the CNET Download site where
millions of unsuspecting people go to download free, common software
and plugins.
At CNET, the opt-in information is present for some of these types of malware/adware but you
have to really pay attention in their “new” download interface which
has 3-4 pages or more of offers before you get to your download installer so
just be aware. With Adobe it is quite different. Millions of
unsuspecting people TRUST and download the Flash plugin because Flash is
predominant on the web when it comes to playing movies, games and
animation files on the web. Most computers (PC) have the Flash ActiveX
plugin pre-installed already. The problem is that Flash ActiveX is vulnerable to certain exploits, please see the list of links below to read up on Flash vulnerabilities.
It runs through cookies and ActiveX add-ons that hijack your browser(s), track your movements and
habits on the Internet, sells or passes on your personal information and places "geo-aware-hyperlinks" on your pages text
for you to click and buy products. I made up that grammatically incorrect term because the ad’s
appear to know your geographical location and offer ad’s that are in
your area as well as on the Internet, serious technology when you think about it.
For developers, it is a nightmare! There
are thousands on the Internet discussing this issue and trying to
resolve it. The term Opt-In implies you have been given a clear
understanding of what you are opting in for without deceptive, hidden, cleverly designed or
confusing information.
Embarrassing as it may be, I have had my
personal computers infected by this infection and have made a video
explaining how it works. I show how the infection piggy-backs on to the
Adobe Flash player active-x and can be difficult to stop or get rid of
if you don’t know what to look for. It is quite ingenious how they have
bypassed virus protection and detection to market products. Which leads
me to believe that these companies where the infection is downloaded
from are either unknowingly or knowingly in on it as well as the
companies sponsored in the ads. Why? The main reason is that
pay-per-click-revenue is a big business. Companies battle over Internet
traffic which in turn generates more and more potential for profit for
them and the advertisers. Sadly isn’t it always about money over ethics?
As an emerging developer, AdSense user and Google member, I am so glad that Google does not use these tactics and better, sets a benchmark for other companies to follow!
Now I ran (3) test downloading and
installing the plugin directly from the Adobe site, each time my system
was infected with one or more of these intrusive infections
(Text-Enhance or Coupon Connection) so I have completely uninstalled the
latest Flash plugin from all of my computers and now use Firefox as my
default browser with the Greasemonkey plugin for Firefox and running the
“ViewTube Script” inside Greasemonkey. I have no problems viewing
YouTube videos now without the Flash Plugin and can download the videos
in different formats including MP4 and WebM.
As a backup
to view more Flash content, I installed an archived version of Flash
(version 10.3-67.3mb 3-5-2012) and have had no issues with text-enhance
showing up on my pages. This tells me that the problem started in a
version more recent but as of yet I have not taken the time to
experiment with each version to determine which plugin (month/year)
became vulnerable.
I also installed DivX to cover other
different and emerging video formats and to become familiar with the
DivX technology since it has the Flash plugin in it’s sights with the
intent of taking it out of the equation. Flash is proprietary and a user
MUST have the Flash plugin to view current content. This is not in the
best interest of creating an open source format that everyone can view,
which is the direction the web is going back to. I also disabled all third party
cookies and increased my awareness so I examine everything I download
very, very carefully and choose the cookies I want on my computer and
from which site.
Remember your virus software won’t detect marketing scams because they are not viruses. Sometimes you can actually find the weird program in your program list under Add/Remove Programs but you still need to uninstall the nefarious plugin for your browser too (all browsers you have installed.) From what I a have been reading though, it always seems to find a way back in to your system?
Remember your virus software won’t detect marketing scams because they are not viruses. Sometimes you can actually find the weird program in your program list under Add/Remove Programs but you still need to uninstall the nefarious plugin for your browser too (all browsers you have installed.) From what I a have been reading though, it always seems to find a way back in to your system?
We can attack them back or at least their wallets by making a list of the companies who advertise with Text-Enhance and spread the word for people NOT to shop with them. Also contact these companies and tell them you are displeased with their choices in marketing their products through Text-Enhance and other intrusive marketing companies and that you won’t shop with them until they change their methods!
View the simulation video below
where I demonstrate how Adobe’s latest Flash Player Plugin allows the
infection to function and when disabled the infection goes away.
Additional information on Text-Enhance:
Additional information about Flash ActiveX vulnerabilities:
- http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html
- http://www.pcworld.com/article/2027916/researchers-surveillance-malware-distributed-via-flash-player-exploit.html
- http://www.dhses.ny.gov/ocs/advisories/2013/2013-016.cfm
- http://www.zdnet.com/au/flash-player-vulnerable-again-a-week-after-patching-7000002965/
- http://www.zdnet.com/blog/bott/how-secure-is-flash-heres-what-adobe-wont-tell-you/2152
- http://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-6761/Adobe-Flash-Player.html
- http://blog.whitehatsec.com/vulnerabilities-in-a-flash/
- http://www.infoworld.com/d/security/adobe-patches-28-critical-vulnerabilities-in-flash-player-reader-and-acrobat-210443
- http://www.tomshardware.com/news/microsoft-security-intelligence-report-v11-h1-2011-vulnerability-exploit,13676.html
- http://www.us-cert.gov/cas/techalerts/TA13-043A.html
Peace and Blessings!
Written by Allan Whitney
Owner/Administrator
MindVisionMedia.net
Really worth to read all info,thanks allot .I already bookmarked this great website.
ReplyDeleteMedical Website Marketing Strategies