Oh, all right, Dr. Seuss I ain’t

Anyway, last night I decided to show my dad the trailer for the new Batman movie; my boss had showed me at work, and I’d written down the URL so I could find it again later. Unfortunately, I wrote it down wrong. It wasn’t ATasteOfTheTheatrical.com, it was www.ATasteFORTheTheatrical.com, which is much more entertaining and less frustrating.

Note I didn’t link the first. That’s because when I visited the site (and in confusion clicked the Batman trailer link), my system slowed down. I admit, I’m not sure whether the slowdown started before or after I clicked, but I suspect that just going to the site loaded everything. Nothing was moving smoothly, so I checked the task manager. Only the programs I’d started were showing, but the performance tab showed 100% CPU usage.

Yeah. Spyware.

AdAware didn’t find anything; whatever they did broke it completely; it couldn’t connect to the update server and couldn’t find anything wrong with my computer. I do have another program, Peer Guardian, that blocks unsavory IP addresses, but unfortunately, it tends to also block commercial media sites. That’s largely because the commercial media sites fill their pages with ads, and because they tend to be anti-P2P. So, I’d deactivated the http blocking while I tried to get to the Batman trailer. Wanting to know what I’d gotten into, I reactivated PG and went back to the site to see what it said. PG did activate blocking on something, and labeled it Direct Information FZC.

So I searched it, and found some interesting results. Like this direct scam, and this odd site-theft-money-laundering scam, and this analysis of their less-than-savory ad practices, and this magically disappearing and reappearing blog [Google cache] entry on domain name front-running (squatters registering domain names because someone searched availability on them the day before). That last I’ve encountered myself; I had a name all thought out for that fandom-related thing I’ve mentioned in passing on occasion, and when I finally decided to go ahead and register the domain, it was registered to someone who’d parked it on an ad page. Registered shortly after I’d searched on it. Unfortunately, I have no way to prove that. Fortunately, I was able to come up with another name I like even better, and I’m in the process of developing the logo and backend.

Anyway, back to the scammers; this page has a comment warning about the organization’s tendency for browser hijacking and points out the irony that the site also claims to want to sell you security software. I can no longer find the link to the message board that claimed Direct Information FZC is/was connected to the Russian crime syndicate that recently dropped out of sight.

Thank heaven for Spybot. I downloaded, installed, and ran it.

That *(&^)*&%$)*@#&%$@*&^$@)*&^ website disabled my firewalls and my antivirus, broke AdAware, put a link in my browser, and installed about twenty various instances of spyware, some of which were marked as a possible risk of password theft. I’d known there was something, but finding proof was both vindicating and infuriating. The violation made me a bit paranoid; after Spybot fixed my firewalls and antivirus and removed the junk, I ran a full virus scan, and logged onto one of my other computers (the one with Linux on it) so I could go change all my passwords. It took hours to clean up everything. I hate scammers.