Are browser hijackers becoming another Internet epidemic? The newest, also an Internet Explorer exploit, is a toolbar known as I-Lookup, said to work fast to plant unwanted software that changes homepages and creates porn popups on computers.
Though it seemed at first to be just another piece of spyware, according to Lockergnome.com, the tech forum site said a Dutch researcher who heard about it in an e-mail poked around and discovered it uses a previously-unknown IE exploit.
Microsoft is said to have called I-Lookup a criminal act and notified the FBI, according to Lockergnome.com writer Steve Hartley.
"We consider that any use of an exploit to run a program is a criminal use," Microsoft security spokesman Stephen Toulouse told a reporter. "We are going to work aggressively with law enforcement to prosecute individuals or companies that do so."
The IE flaw in question was first spotted earlier in June, with CNET saying it might be a two-part flaw. "One flaw lets an attacker run a program on a victim's machine, while the other enables malicious code to 'cross zones,' or run with privileges higher than normal," the tech news site said. "Together, the two issues allow for the creation of a Web site that, when visited by victims, can upload and install programs to the victim's computer, according to two analyses of the security holes."
I-Lookup.com is said to be a Costa Rica-registered search engine tied to aggressive adware, according to Symantec, the makers of Norton Antivirus. Ironically, I-Lookup's own statistical reporting showed two of the top three searches at the site tie to removing that kind of adware.
In other Microsoft news, the Redmond, Washington-based software giant has agreed to provide up to $34 million in vouchers to settle a Massachusetts class action claim that the company broke state laws on unfair competition and consumer protection. The class action centered around accusations of overcharging for Microsoft products bought between 1996 and 2002. The settlement was similar to deals Microsoft struck in California and elsewhere.
Meanwhile, Microsoft's popular Upgrade Advantage licensing program ended June 30. Customers can continue using the software they bought under the program but won't qualify for further upgrades, Microsoft said. The program was worth around $1 billion in sales to Microsoft.
Now, however, customers have to buy full versions of Windows or other applications or join a new subscription-like program known as Software Assurance, first introduced in May 2001, under which a Microsoft customer pays an annual fee. But the program drew early complaints that it would actually raise software costs, with an estimated 50 percent of medium-size businesses signing up for the program showing increases in what they paid Microsoft, according to a published report.
