Paltalk sponsors malware, and gets away with it.

[kplpsy]

Paltalk knowingly sponsors malware sites that contain WinFixer or a WinFixer varient (such as Drive Cleaner).  These malware ads display anywhere it has html ads such as the "view profile" link. If you loop thru these ads by clicking the view profile link you will eventually come across the WinFixer ad.  I was able to receive these ads repeatedly early yesterday morning, but having trouble accessing the ad since then. My guess is that the ad is showing at certain times, maybe during the early AM hours and perhaps only for the free version of the software.  I will continue to try and reproduce these ads, and provide screenshots each time it occurs.   WinFixer is particularly nasty in that it will attempt to exploit your IE or Java. Simply clicking cancel doesn't close it. Instead it will take you to a page where it initiates a fake scan on your computer alerting of you various problems in attempts to scare you into buying this rogue software. Of course, if it can exploit you during this process. It will. The next IE or Java exploit will surely infect thousands of unsuspecting Paltalk users thru these types of ads that Paltalk's very own red coats admit to sponsoring.

I confronted Paltalk's support regarding this issue, and they acknowledged it, and simply said to click cancel and it will go away. When I pointed out that it was malware and exploiting unpatched Windows, they said that it "isn't Paltalk but an advert". I fail to understand why the security community refuses to hold Paltalk accountable for channeling malware through it's software. Ads or not, It is through use of Paltalk that people are infected, and Paltalk continues to sponsor such malware sites.  It's interesting the community accepts this. That's like saying. I didn't kill that person! My hitman did it!  Try giving that excuse to a judge in a court of law.

I'll tell you this though, You will not find trusted sites such as yahoo displaying WinFixer ads on their pages or IM software. And if WinFixer  was to find itself into one, then it would be removed as soon as it is reported.   

The main players in the community are too influenced by politics and money, and in my opinion, fail utterly at what is supposed to be their mission: to combat all forms of malware, the programs, and organizations that knowlingly sponsor and profit from it.   But popular software such as Paltalk is allowed to get away with this. Little bit of money, and political influence and all the AV software and Anti spyware software turn a blind eye.

Just go and do a google search for hijackthis and Paltalk. You'll find loads of hijackthis logs from infected Paltalk users and you'll find neutral security minded people that recommend against use of Paltalk for the very reasons I stated above. 

Why don't you guys at AVAST throw up a banner for WinFixer so that when someone accesses your main page  all of those people get those scarey messageboxes and then immediately directed to WinFixer's scare page. and then Explain to them that It isn't AVAST that is doing it! It's our Advertisement!     Gee what would happen then?

[Lisandro]

Isn't this just spam?

[Maxx_original]

man, i don't know what do you bring to us with this study of Paltalk cooperaton with ad/spyware sites... should we say "fee-faw-fum" to Paltalk or what? if you're disappointed with their practics, then just keep away from them.. this is not the actual subject for us, i think..

[kplpsy]

I am disappointed to see this kind of response in a security software forum.  AVAST is security software, correct? and isn't it AVAST's job to inform it's users of spyware, and programs that sponsor such spyware?  If the answer is no, then I would quickly run away from AVAST software.

Fortunately others have taken my alert to consideration. And here is one example:


Thanks for reporting this.

We will check Paltalk and collect evidence.
If Paltalk shows malware advertising, they will have no choice to either remove that advertising or get detected by *** themselves.
While companies can make mistakes in choosing business partners, they should take adequate measures if it is clear that the business partner is criminal.
In case of Winfixer it is very clear: criminal.

[DavidR]

Why don't you guys at AVAST throw up a banner for WinFixer so that when someone accesses your main page  all of those people get those scarey messageboxes and then immediately directed to WinFixer's scare page. and then Explain to them that It isn't AVAST that is doing it! It's our Advertisement!     Gee what would happen then?

Sorry, whilst I just a lowly avast user, I see no reason for avast! to do what you suggest a banner about winfixer on the index page of avast.com, what about all the other malware, scum/scamwear and exploits etc. out there.

You only have to take a look at http://www.malwarebytes.org/rogueremover.php to see that there are many such scams.

A sample of the targets
Ads Alert, Adware Bazooka, Adware Filter, Adware Punisher, AdwareDelete, AdwarePatrol, AdwareRemover, AdwareSheriff, AdwareSpy, AlertSpy, AlfaCleaner, Anti Virus Pro, AntiSpyware Soldier, AntiVermins, AntiVirus Golden, BraveSentry, CleanX, Doctor Adware, Doctor Adware Pro, Easy Spyware Killer, ETD Security Scanner, HitVirus, KillAndClean, KillSpy, PAL Spyware Remover, PestBot, PestCapture, PestTrap, RazeSpyware, RebrandSoft AdwareSpyware Remover, Remedy AntiSpy, Spy Defence, Spy iBlock, Spy-Kill, SpyAxe, SpyCut, SpyDeface, SpyDestroy Pro, SpyFalcon, SpyHeal, Spyinator, SpyLax, SpyNoMore, SpySheriff, SpyTrooper, Spyware Disinfector, Spyware Quake, Spyware Remover (SpyAdvanced), Spyware Stormer, SpywareBot, SpywareCleaner, SpywareStrike, SpywareThis, SystemDoctor 2006, The Spy Guard, TitanShield AntiSpyware, Ultimate Defender, VirusBlast, VirusBurst, WinAntiSpyware 2006, WinAntiVirus 2006 

For a full list of those which RogueRemover can deal with, http://www.malwarebytes.org/database.php Winfixer is just one of many in this list.

[kplpsy]

Why don't you guys at AVAST throw up a banner for WinFixer so that when someone accesses your main page  all of those people get those scarey messageboxes and then immediately directed to WinFixer's scare page. and then Explain to them that It isn't AVAST that is doing it! It's our Advertisement!     Gee what would happen then?

Sorry, whilst I just a lowly avast user, I see no reason for avast! to do what you suggest a banner about winfixer on the index page of avast.com, what about all the other malware, scum/scamwear and exploits etc. out there.

My point was to illustrate that the visitors going to AVAST's site or any other website (with malware ads such as WinFixer) will hold AVAST or x website responsible for channeling it and force AVAST to remove it or face a red flag from a site like stopbadware.org.   True or False?

Paltalk's standpoint is that it isn't Paltalk, but it's an advertisement, so they arn't to be held accountable.
If Paltalk knows that criminal malware is being channeled through their software, they must have it removed or be held accountable by association. While it's patched users can't be exploited now (except for being scared into downloading it), it's only a matter of time before the next java or IE exploit comes out.
 

[RejZoR]

More and more i'm reading your post, the less i understand what's your point is... or even how is this connected to avast! at all.
If you have any samples that aren't detected by avast!, send them to avast!'s virus lab. Expecting anything else from avast! team is not really realistic.

[DavidR]

I haven't got a clue what you are talking about here you haven't illustrated your point at all in relation to avast's involvement. avast! doesn't have any malware ads about winfixer or any other malware. So I can't see your point about avast being included in stopbadware.org, it doesn't have any advert for winfixer.

avast! is an antivirus tool not an ad blocker or are you going to include firefox, IE, Opera, et al because they don't block ads that might lead to winfixer.

Google has its sponsored ads and it has recently been made aware that a lot of these sponsored ads also lead to malware sites.

You obviously can't see my point either as you can't see what would happen if avast put one banner up about winfixer not being avast then there is a potential for tens of banners just about these rogueware applications. There would be no room for important information about avast, it would be a total cluttered mess.

I have said my piece as an avast user and I'm done.

[CharleyO]

***

 kplpsy -

It is unreasonable to expect avast/awil to place banners on their website about this and/or any of the thousands of other malware available now or in the future. It would also be unresonable to expect this from any other security website.

Why don't you guys at AVAST throw up a banner for WinFixer so that when someone accesses your main page  all of those people get those scarey messageboxes and then immediately directed to WinFixer's scare page. and then Explain to them that It isn't AVAST that is doing it! It's our Advertisement!     Gee what would happen then?

It is not the correct thing for a security site to place banners directing visitors to go to bad sites. What would happen is that people would loose faith in the best anti-virus program available. Why would you or avast/awil want that to happen???     Doing this kind of irresponsible banner placing would most likely get avast or any other security site added to the list at stopbadware.org ... is that what you want???      I surely hope not!!!   

Your initial post on this forum is welcomed & appreciated because it informs those who visit this forum of the bad business practices of PalTalk. If you or anyone else does not like what PalTalk does, then do not use the program and inform others why. You have done this by posting information on this forum. You might also want to do the same on other forums to which you might be a member. But do not expect them to add banner links to malicious websites.

By the way, welcome to the forums!   


***

[kplpsy]

avast! doesn't have any malware ads about winfixer or any other malware. So I can't see your point about avast being included in stopbadware.org, it doesn't have any advert for winfixer.

Of course AVAST doesn't have malware ads. It should be clear to you that I was creating a hypothetical situation to illustrate that AVAST would be held accountable if they knowingly and willingly served such ads. Paltalk seems that they don't believe they should be.

Any site or program that transmits such ads are acting as a conduit to criminal software.  Most of the time these sites, or programs don't know that this is occurring, and when this activity is reported they find the offending ad and remove it. So I don't agree with your assertions that since you can find malware ads at other sites, that makes it ok. 

By not removing such ads they are aiding a criminal enterprise and will face consequences.  One of those consequences is being flagged by anti spyware software.

AVAST is involved because it also detects spyware and other forms of malware. It not only detects, but PREVENTS. 
If it is found that Paltalk has partnered with WinFixer or any other malware then it is the job of security programs such as AVAST to flag Paltalk's software.

*IF* it is found. It is up to the detectives of such software to find out what's going on, whether Paltalk is allowing this, or whether they're being used as a pawn. It is probably the latter, but given that Paltalk's own support personnel acknowledged it, I believe it warrants investigation, and I am not the only one that thinks so. 

[kplpsy]

 BTW

 I believe Paltalk or adbrite has removed the WinFixer ad because I can't reproduce it, atleast for now. Although it may be running during the early AM hours which I didn't check last night.  I've seen this ad many times throughout this past year. They've also had a history with reports of spyware/malware so I'm almost certain I'll see it again. I believe these things need to be documented so that other internet users can be informed.  It would be a nice feature for AVAST to have to include documentation of past security histories for various popular programs. 

[DavidR]

Well in that case it has absolutely nothing to do with avast, take your action up with someone that isn't hypothetically involved.

This is absolutely futile, if paltalk's software doesn't physically contain malware any AntiVirus/Spyware application that flagged it as such could be sued and this isn't hypothetical. It has happened in the past where people suggested a piece of software was adware/spyware and was flagged as such, they were forced to climb down and remove the software from its lists.

You keep banging on about 'IF' when what is needed are facts, avast may detect winfixer if it has the signatures that indicate it is malware but you can't expect them to block other software that puts up adverts for it. Sorry that is madness and I really am done now this is totally futile and not something that has any relevance to the viruses and worms forum.

[Lisandro]

I am disappointed to see this kind of response in a security software forum.

I hope this does not come in your mind just because of my answer.
It was your first post. I haven't see that much relation to avast (as RejZor & David neither) and the worst, I was very tired at night when I post that. Sorry, no offense.

[kplpsy]

DavidR:   I never said Paltalk must be flagged as spyware, that is what "potentially unwanted" is for.

Also, please take a look:

http://www.privsecblog.com/archives/viruses-malware-spyware-priceline-travelocity-and-cingular-held-responsible-for-advertising-vendors-deceptive-installation-of-adware-and-spyware.html

Priceline, Travelocity and Cingular Held Responsible for Advertising Vendor's Deceptive Installation of Adware and Spyware

Posted by Anne Shelby

Priceline.com, Inc., Travelocity.com LP and Cingular Wireless LLC recently entered into settlement agreements with the New York State Attorney General in an investigation of online advertisements placed by DirectRevenue.com, an adware agency the three companies had used. The companies did not admit guilt but agreed to pay fines totaling $105,000 and to comply with practices designed to reduce the spread of adware.

The settlements are significant because this is the first time advertisers have been held responsible for advertisements placed by adware, according to Attorney General Andrew Cuomo. Equally notable, the parties in this instance did not install the adware themselves. Rather, DirectRevenue installed adware and spyware on unsuspecting consumer’s computers. In the January 29, 2007 announcement, Attorney General Cuomo stated that placing ads through intermediaries does not absolve an organization from responsibility to ensure that adware is installed with full notice and consent.

[CharleyO]

***

Winfix, in it's various versions, is considered malware. Avast does detect some malware but it is primarily an anti-virus program, and as such, concentrates mainly on virii and malware that acts like a virus. It does not normally detect other malware. There are anti-malware programs that detect Winfix and it's variants. One of these is Spybot-Search & Destroy. Another one is Spyware Terminator.

Please click the picture below to see the listings in Spybot-S&D and click the link below to visit ST's site list showing the entries for Winfix.

http://www.spywareterminator.com/filter/charW.html?page=2


***