href="" rel="tag directory">what's on my mind today.

Sunday, May 14, 2006


Beware of Freeware

Save to RawSugar

You hear or read about hackers taking over your PC and doing something illegal or just cruel, and you get angry. But when a legitamate company does it, it is much much worse. This really disturbs me and I had to write about it promptly. You shoud hit while the iron's hot.
Listen to this story that happened to a friend of mine.

A Korean company, who shall not remain nameless,, offers all types of maritime software to companies. They have one free product that calculates distances between ports, called Netpas Distance.
They publicize it as a "smart solution for fast business".

And SMART it is!
Today my friend recieved some strange phone calls from people asking him, why did you send me this link? Or can you help me install the software?
My friend answers naively "What are you talking about? what the do you want from me?"

As it turns out, this particular software had a back door!. They took over his machine, and literally went through his email's sent items (and not the address book, since his address book is almost empty) and sent a recommendation email about the software on his behalf.
This is the format it appeared as:

"Dear SO and SO.

Good Day.
I would like to recommend you a nice tool for ports distances.
Netpas Distance covers more than 10000 world ports and 50 million ports distances.
It shows port positions and routes in its world map.
Furthermore, it is free of charge.

Please try it.
Download :

Best Regards,

They used my friends name. All the emails that were sent to all the people were in the sent items as if he went one by one and sent them.

My friend sent email to their support guys in Korea and asked them, how dare they send emails on his behalf signed by him.
Their support person answers the most stupid answer I have ever heard:

"Dear SO and SO,
We are surprised with your mail.
In the recommendation screen, there is enough explanation and only with your clicking OK, it can send recommendation.
It took more than 5 years to build up this huge database and took almost 1 million USD until now.
We have provided this service for more than 1 and half year and this is very small reward we can expect from our free users.
Anyway, several users have made this kind of complain and we decided to commercialize Netpas distance.
If you purchase your license, you do not need to see this recommendation screen any more.
Best Regards,
Netpas Support"

This is definately a theft of identity. How dare they send email signed with his name.
The problem is also that the emails were sent to all the people around the world that he contacts for business purposes, including CEO's and General Managers that he corresponds with (even his own company's CEO).

Another thing, they were able to bypass all security, anti-viruses, firewalls and any protection you may the computer and in the network. They could have read all his emails and documents

Just be ware.

Can legal actions be taken against them?
How would a company go about doing something against them?


Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?