Sponsored by..

Showing posts sorted by relevance for query blinkx. Sort by date Show all posts
Showing posts sorted by relevance for query blinkx. Sort by date Show all posts

Friday, 9 March 2012

Will visiting Blinkx.com infect your computer?

I've coved Blinkx before in connection with unwanted software installations. They recently came to my attention again.. and not in a good way.

Let's start with the Google Safe Browsing Diagnostics for blinkx.com:

Safe Browsing

Diagnostic page for blinkx.com

What is the current listing status for blinkx.com?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Of the 1007 pages we tested on the site over the past 90 days, 92 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-03-09, and the last time suspicious content was found on this site was on 2012-03-08.Malicious software includes 6 trojan(s), 1 exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.
Malicious software is hosted on 6 domain(s), including miopardenton.bee.pl/, inturpo.com/, ighlandhorn.jesais.fr/.
5 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including inturpo.com/, adv-adserver.com/, adversalservers.com/.
This site was hosted on 32 network(s) including AS209 (QWEST), AS14743 (INTERNAP), AS1299 (TELIANET).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, blinkx.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
Next steps:


Not listed as suspicious? But 92 out of 1007 pages attempt to install malware! That's 9.1% of all pages on the site that Google checked! But people who visit Blinkx don't just visit one page. According to Alexa, the average visitor views 3.88 pages on the site. It also notes that blinkx.com is the 1994th most popular site worldwide.


We can work out the probability of infection using the data, it's is (1-(1-(92/1007))^3.88)) which equates to a 31% possibility that the average blinkx.com visitor will be exposed to malware. OK, that's assuming that the data is accurate, and since I know for a fact there are more than 1007 pages on Blinkx and that Alexa data has its critics.. well, take that figure as being indicative rather than 100% accurate.

Compete.com reports that over 5 million US visitors look at the site per month. There are doubtless millions more visiting this site. So exactly how many people have been infected while visiting blinkx.com?

My suggestions? If you are an IT administrator, I think you want to seriously consider if allowing your users to visit blinkx.com is in line with your corporate governance strategy..

Tuesday, 20 November 2012

BLNX.L shares takes a dump

I've covered Blinkx (BLNX.L) before, and you can say that I'm not a fan of the company, the way it does business or its ethical stance.

So it's quite amusing to see Blinx shares take a dump and drop 10% today. Why? Because of their associate with Michael Richard Lynch, a director of Blinkx and also former CEO of Autonomy Corporation, who finds himself in the centre of a massive row with new owners HP. HP have written off 87% of the value of their acquisition over alleged false accounting practices.

Presumably BLNX.L shareholders are worried that some of the toxic effects of this meltdown will also impact them. If these as-yet unproven allegations prove true, then who knows..

Wednesday, 11 May 2011

Pinball Corporation RIP?

Pinball Corporation is a company that bought the remnants of Zango, a company that had a reputation for pushing slimeware. Last year I pointed out a case where Pinball Corp were clearly not keeping an eye on the actions of their affiliates, and other people have been critical of them too.

Well, there's potentially some good news.. because according to the Washington State Corporations Division, Pinball Corp became inactive on the 2nd May 2011.

PINBALL CORP.
UBI Number602918125
CategoryREG
Profit/NonprofitProfit
Active/InactiveInactive
State Of IncorporationDE
WA Filing Date09/02/2010
Expiration Date09/30/2011
Inactive Date05/02/2011
Registered Agent Information
Agent NameBUSINESS FILINGS INCORPORATED
Address1801 WEST BAY DR NW STE 206
CityOLYMPIA
StateWA
ZIP98502
Special Address Information
Address
City
State
Zip

Governing Persons
TitleNameAddress
President,TreasurerScott, JoelOne Market Plaza
Spear Tower Fl 19
SAN FRANCISCO, CA
SecretarySiefer, SerenaOne Market Plaza
Spear Tower Fl 19
SAN FRANCISCO, CA
DirectorChandratillake, Suranga3600 136th Pl SE
BELLEVUE, WA
DirectorService, Matthew3600 136th Pl SE
BELLEVUE, WA


Of note is that although the corporation appears to be inactive, the website at pinballcorp.com is still running and with no notice about the change of company status. Where Pinball Corp's affiliates stand is unknown, but given the deceptive business practices of a number of them, then I don't think too many people will be shedding a tear.

But why has the company apparently become inactive? It turns out that Pinball Corp is a wholly owned subsiduary of a UK firm called Blinkx plc, and the "inactive" date coincides almost exactly with Burst Media (for $30m). Perhaps Blinkx decided that Pinball Corp was no longer something that they wanted to have in their expanded portfolio?

Wednesday, 21 July 2010

Hotbar.com deceptive installation.. again.

Hotbar.com probably needs no introduction as an unpleasant piece of Slimeware, picked up from the ruins of Zango by a Washington State company calling itself Pinball Corporation. Traditionally, companies like Zango and Pinball work on a pay-per-install basis for their software, and recruit affiliates to get the software installed on end user's machines. Anyone who deals with affiliate marketing knows that the actions of your affiliates reflect on the company itself.. you don't want dodgy affiliates tarnishing your reputation.

This particular affiliate of Pinball Corporation does seem to be pretty deceptive though, targeting naive users who don't check what they are downloading properly.

Here is an example, coming up on a search for Google Earth:

The first result reads:
G.Earth Free Download
EarthI0-3D.com/GEarth-Download      New G.Earth. A True 3D Digital. Fly Anywhere On Earth. For Free!
Is earthi0-3d.com Google? Of course not! But it relies on users not to check before they click through..

Google's logo is displayed prominently on the landing page, the whole page really does look like it is from Google, but scrolling down reveals the truth.. in pale grey text on a white background to make it difficult to spot:



This website has no partnership whatsoever with the owner or manufacturer of this software program, and provides ONLY a link to the program.
New computer users should find our services valuable, and a time saver. If you are an advanced computer user, you probably don't need our services. 
Well, it doesn't just provide a link to download the program.. clicking "Free Download" reveals the payload of a mixture of HotBar, ShopperReports, Blinkx and QuestDNS adware.

..but you have the read the small(ish) print. The Google Earth logo is still prominently displayed, along with a great big "Start" button. Now, to be fair it is all spelled out in black and white with links to the EULA, but displayed in a much smaller and less prominent manner than the Google logo.

The download is pretty widely detected as adware by many AV programs. Some of the components are particularly insidious, including QuestDNS that installs all sorts of operating system hooks.

It's not just Google Earth that is targeted in this way, the server that hosts earthi0-3d.com, 174.121.90.107 [ThePlanet.com], also hosts a shedload of other domains that masquerade as well-known applications. (Sorry, it's a long list.. but there's more after it).


0perai0.com
7zip2010.com
Adaware10-uk.com
Adaware10-us.com
Adawarepro10.com
Adobereader10-pro.com
Adobereader2010.com
Adobe-readeruk.com
Adobe-reader-uk.com
Adobe-readerus.com
Adobe-reader-us.com
Ares10.com
Ar-proversion.com
Audacityi0.com
Babelfish10-uk.com
Babelfish10-us.com
Bearshare10-prodownloads.com
Bearsharefast.com
Bit10-cometpro.com
Bitcometfast.com
Bitcometi0.com
Bitcometpro.com
Biti0-latest-comet.com
Bitlordfast.com
Bitlordi0.com
Bitnewcomet.com
Bit-new-comet.com
Bitnewlord.com
Bit-new-lord.com
Century21games.com
C-new-cleaneri0.com
Convertxtodvdpro.com
Corelpaint2010.com
Descarga-activex.com
Divx10-uk.com
Divx10-us.com
Div-xi0.com
Downsoftloads.com
Earth-20i0.com
Earthi0-3d.com
Emulenouveau-fr.com
Eplig.com
Fastnewlime.com
F-frostwirei0-pro.com
Flash-playerdownloads.com
Flashplayernew2010.com
Flashplayernew-uk.com
Flashplayerpro10.com
Flashplayeruk.com
Flashplayer-us.com
Freezonlinetvpro.com
F-reviewfrostwirei0.com
Frost10-prowire.com
Frost10-wire.com
Frostfreewire.com
Frost-profrostwire.com
Frostpro-wire.com
Frost-pro-wire10.com
Frost-prowire-2010.com
Frost-review.com
Frost-us-prowire.com
Frost-us-wire.com
Frostwire10-frostdownloads.com
Frost-wire10-pro.com
Frost-wirei0-frostpro.com
Gamescentury.com
G-earthi0.com
Getactivex.com
Getdirectx.com
Getnetframework.com
Girlstar-fun.com
Googleearth10.com
Internetdownmanagerpro.com
Irfanviewpro.com
Itunespro10.com
Jetaudiopro.com
Justfree-screensavers.com
Kidstoys-fun.com
Latestopenoffice.com
Limewireeasy.com
Live-messenger-windows.com
Live-msn10-messenger.com
Live-newmessenger-promsn.com
Liveprodownloads.com
Liveprotube.com
Live-torrents.com
Livetube-pro.com
Livetvnowpro.com
Messenger10-livepro-newmsn.com
Messenger-msni0-live.com
Messenger-msn-live.com
Messengerplus-live-msn10.com
Messengerpro-live-msn2010.com
Monfirefoxonline.com
Msn10-live-messenger.com
Msn-live10-messenger.com
Msn-messenger-new.com
Msn-messenger-windows.com
Myfrostwire10.com
Myfrost-wire10-pro.com
Mylimewire10.com
Mylimewirepro10.com
Mylivelimewire10.com
Mymariobrosfree.com
Mymessenger-live-promsn.com
Mymsn-live-newmessenger10.com
Myworldlime.com
Ner0-burni0.com
Newadobe-proreader.com
Newadobe-readerpro.com
Newadreaderpro.com
Newbit-comet-2010.com
Newbitcometi0.com
Newbittornado10.com
Newbit-torrent10.com
Newcoreldraw2010.com
Newdivxpro10.com
Newfastlime10.com
Newflash-playepro.com
Newflash-proplayer.com
Newlimefast.com
Newlimefree.com
Newlimeworld.com
Newmessenger-live-promsn.com
Newoffice10.com
Newopenoffice2010.com
Newopen-proofficeuk.com
Newopen-proofficeus.com
Newovernet10.com
Newphotoscape2010.com
Newpicasapro.com
Newshareaza10.com
Newsoulseek10.com
Newutorrent-free.com
Of-suite3-officei0.com
Openi0-latest-office.com
Openoffice10-officedownloads.com
Openofficenew2010.com
Openofficenewuk.com
Openofficenew-uk.com
Openofficenewus.com
Openofficenew-us.com
Playlegends.com
Play-mario-free.com
Play-mario-now.com
Proadobe10.com
Proadobereader10.com
Proadvancedsystemcare.com
Proaudacity10.com
Probitcomet.com
Probitcomet10.com
Probitlord10.com
Procamfrog10.com
Proccleaner10.com
Proflvplayer.com
Progommediaplayer.com
Proicq2010.com
Pro-lime-wire.com
Prolivetvnow.com
Promirc2010.com
Promocion-aba.com
Pro-nero-10.com
Pro-newutorrent.com
Proopenoffice10.com
Proorbit10.com
Propowerdvd.com
Proquicktime10.com
Prosopcast10.com
Prospybot2010.com
Pro-utorrent10.com
Pro-web-solutions.com
Prowinrar10.com
Prowinzip2010.com
Proytdownloader.com
Quicknewtime.com
Quicktime10-uk.com
Quicktime10-us.com
Rankdriven.com
Schnellfirefox10.com
Seo-sem-worldwide.com
Skype10.com
Smartdefragpro.com
Speedylime10.com
Suite3-office.com
Suite-office3.com
Suite-office3.net
Suiteprooffice-2010.com
Superlime10.com
Teamviewerpro2010.com
Trilliani0.com
Ufreetorrent.com
Uklimefree.com
Uprotorrent-2010.com
U-reviewbitcomet.com
U-reviewfrostwire.com
U-reviewsuiteoffice3.com
U-reviewtorrent.com
U-review-torrent.com
Uslimewire10.com
Utorrent10-udownloads.com
Utorrent-free.com
Utorrenti0.com
Vafdrivers.com
Vafscanner.com
Vaftv.com
Virtualdjpro-uk.com
Virtualdjpro-us.com
Virtualnewdj.com
Virtual-new-dj.com
Virtualnewdj.info
Virtual-newdj-2010.com
Virtuals-dj2010.com
Vlcmediaplayerpro.com
Vlcpro-vdownloads.com
Vlc-videolan-fr.com
V-virtual-prodj.com
Winamp10-uk.com
Winamp10-us.com
Winmediaplayer-fr.com
Winmoviemaker.com
Winrar10-uk.com
Winrar10-us.com
Winzip10-uk.com
Winzip10-us.com
W-media-player.com
Wmedia-playerdownloads.com
W-media-playerpro.com
Worldlime10.com
Youfreetube-loader.com
Youlive-tube.com
You-pro-tube.com
Ytdownloader-uk.com
Ytdownloader-us.com


Most domains have some sort of anonymous registration, but not all.. and one points the finger at a company in the Canary Islands:

Company: Payments interactive S.L.U
Name: fuentes martins de souza vicente alan
Address: camino de la fallera 1
City: santa cruz de tenerife
Country: CANARY ISLANDS
Postal Code: 38789
Phone: +34669061555
Fax:
Email: daniel.hylander@paymentsint.com
We can track down paymentsint.com to a server at 67.19.106.170 [ThePlanet.com] and there are a whole load of other domains you might want to avoid too.. (another long list, sorry)

Apuestadeporte.es
Audiobooks21.com
Bestfarmvilleapp.com
Bestfarmvilletoolbar.com
Bestfarmvilletricks.com
Bestwebhostingtop.com
Casinosypoker.es
Conocer-gente.es
Debelleza.es
Deseguros.es
Easyfarmvilleapp.com
Easyfarmvilletips.com
Easyfarmvilletoolbar.com
Easyfarmvilletricks.com
Economiayfinanzas.es
Emule10-italy.com
Emule10.com
Emule2010site.com
Emulenow.com
Evonynow.com
Farmappextreme.com
Farmtipsrextreme.com
Farmtoolbarextreme.com
Farmtricksrextreme.com
Fastestbrowsers.com
Fastfirefox10.com
Firefox-us.com
Flashgames2010.com
Flashplayernew.com
Flaviocoiro.com
Freenewares.com
Freenewutorrent.com
Freeopenoffice10.com
Freewinrar10.com
Fungamesgirls.com
Generar-ingresos-extra.com
Getfarmville.com
Haiti-foundation.org
Idolnew.com
Isoftware.es
Lastopenoffice.com
Latestnewinternetexplorer.com
Megauploadpro.com
Melollevo.net
Melosllevo.com
Melosllevo.es
Mininovaonline.com
Morpheusnow.com
Msnmessenger-fr.com
Mybitcomet10.com
Mybitlord10.com
Myedonkey10.com
Myexploreronline.com
Myfirefox10.com
Myfirefoxfast.com
Myfirefoxworld.com
Myfrostwirepro.com
Mygnutella10.com
Mymorpheus10.com
Napsternow.com
Neuenfirefoxonline.com
Newadobepro.com
Newadobereader.com
Newadobereaderpro.com
Newares10.com
Newbabelfish.com
Newbearsharepro.com
Newbitcomet.com
Newbitlord.com
Newbittorrent.com
Newedonkeypro.com
Newfarmville.com
Newfarmvilleapp.com
Newfarmvilletips.com
Newfarmvilletoolbar.com
Newfarmvilletricks.com
Newfirefoxpro.com
Newfirefoxworld.com
Newgnutellapro.com
Newgoogleearth10.com
Newrapidsharepro.com
Newreaderpro.com
Newskype2010.com
Newtvidol.com
Newutorrent10.com
Newvcdplayer.com
Newvirtualdj.com
Newwindowsmediaplayerpro.com
Ofertaturismo.es
Outlet-foto.com
Outlet-sport.com
Paymentsint.com
Photofiltrenew.com
Proadobeflashplayer.com
Proadobereader.com
Prolimewirenow.com
Prowirelime.com
Qualityblogs.es
Quecompras.es
Registryscanner-pc.com
Reviews21.com
Revistatv.es
Solococina.es
Solosalud.es
Speedyfirefox10.com
Theluckyhoroscope.com
Thunderbirdnow.com
Todoinfantil.es
Topconsolas.es
Topillsreviews.com
Tuguu.com
Tvtopchannel.com
Uklimefast.com
Usfirefoxbrowser.com
Utorrentfast.com
Vafdriver.com
Virtualdjnow.com
Virtualgirlfree.com
Web-uk-hosting.com
Web-us-hosting.com
Wmediaplayernow.com

You can probably safely block these IPs and all of these sites, there doesn't seem to be anything of value here.

This is definitely a somewhat deceptive approach to installation, but it does rely on a fair degree of user stupidity too. However, any IT person will probably tell you that there are a hard core of users who really are daft enough to fall for something like this, and really the best thing that you can do it pre-emptively block the whole lot.

There is a very questionable use of trademarks here, and perhaps some of those trademark owners might like to take some action of their own...