Over at ZDNet, I’ve posted an account of my attempts (so far in vain) to get busted by Windows Genuine Advantage for installing a bootleg version of Windows XP. (See Another WGA failure for the details.)
In my quest for an illegal Windows product key, I visited a lot of very unsavory sites before I finally found one that actually contained the information I was looking for. It was a case study in how shady searches lead to personal tragedy. During the process, I was presented with multiple opportunities to install spyware and even a Trojan horse program.
- One site offered to install an ActiveX control that identified itself as an “Internet Explorer add-on” from Inter Technologies. It turned out to be a toolbar from Dollar Revenue, which McAfee classifies as a Trojan for its “deceptive practices.” According to my ZDNet colleague Suzi Turner, it downloads “a bucketful of other adware.”
- Another site offered to install that same set of scumware plus another ActiveX control that was identified only as “Click here to agree” from E.C.S. International. That turned out to be Dollar Revenue again.
- One site that claimed to offer cracks and product keys for every imaginable software product had a clever gimmick. Following any of the links generated an executable program with the name of the program you were looking for, ostensibly containing key codes. In reality, every download was the same: a copy of a Trojan that Windows Live OneCare identified as Agent.LM.
Now, the fact that I was running Windows XP with Service Pack 2 or Windows Vista means that I didn’t get any “in your face” prompts for these downloads. I actually would have had to go out of my way to install any of this malware. But the fact that I ran into so many examples of truly awful security threats underscores the problems you’re likely to face when you go looking for underground stuff.
As Bob Dylan once sang, “To live outside the law, you must be honest.” You’d better be careful, too.
Ed Bott 
Ed – what browser were you using to visit these sites? I’d consider it a security problem if you visited using IE7 and were still getting these prompts.
Would you have even been prompted if you used Firefox? My intention isn’t to troll. I’m genuinely interested in whether or not IE7 is better in terms of number of malware prompts a user receives.
Carl, the first two items in my list were with IE, which should be obvious if you think about it. That’s the only browser that supports ActiveX. Please note these prompts were only in the Info bar, which made it very easy to ignore them. In fact, to install them requires at least four clicks, five in Windows Vista.
In IE6, the page includes popup code that displays “helpful” advice pointing to the Info bar and showing me how to install the toolbar. IE7 ignored the popup code, so in that respect it was much safer and less prone to social engineering.
Firefox doesn’t respond to ActiveX code so it just displays the basic page.
The final item on the bulleted list works with any browser because it’s a download of an executable. In many ways it’s the worst on the list.
To: Ed Bott,
Can you send me your FAX number to my email address? I have some information about Microsoft’s (CALL HOME) feature called WGA. I kept this info since 2001. The information is 2 pages long and I prefer to FAX this info to you, so you can evaluate it. It talks about Microsoft’s ANTI-PIRACY feature and how to disable it. Quit simple really.
Pat, the WGA feature first debuted in 2004. If you’ve been holding on to this information since 2001, I suspect it’s about Windows Product Activation. If so, I have studied it inside out (that’s a little joke) and I would assume I already know what’s on that sheet. Can you give me a hint, so we can both avoid wasting each other’s time?