Over at ZDNet, I’ve posted an account of my attempts (so far in vain) to get busted by Windows Genuine Advantage for installing a bootleg version of Windows XP. (See Another WGA failure for the details.)
In my quest for an illegal Windows product key, I visited a lot of very unsavory sites before I finally found one that actually contained the information I was looking for. It was a case study in how shady searches lead to personal tragedy. During the process, I was presented with multiple opportunities to install spyware and even a Trojan horse program.
- One site offered to install an ActiveX control that identified itself as an “Internet Explorer add-on” from Inter Technologies. It turned out to be a toolbar from Dollar Revenue, which McAfee classifies as a Trojan for its “deceptive practices.” According to my ZDNet colleague Suzi Turner, it downloads “a bucketful of other adware.”
- Another site offered to install that same set of scumware plus another ActiveX control that was identified only as “Click here to agree” from E.C.S. International. That turned out to be Dollar Revenue again.
- One site that claimed to offer cracks and product keys for every imaginable software product had a clever gimmick. Following any of the links generated an executable program with the name of the program you were looking for, ostensibly containing key codes. In reality, every download was the same: a copy of a Trojan that Windows Live OneCare identified as Agent.LM.
Now, the fact that I was running Windows XP with Service Pack 2 or Windows Vista means that I didn’t get any “in your face” prompts for these downloads. I actually would have had to go out of my way to install any of this malware. But the fact that I ran into so many examples of truly awful security threats underscores the problems you’re likely to face when you go looking for underground stuff.
As Bob Dylan once sang, “To live outside the law, you must be honest.” You’d better be careful, too.