Dangerous Things
Custom gadgetry for the discerning hacker

The Store is now open! Check out the gadgetry »
Like what you're reading?
Share It.

Really Microsoft? Turning your products into annoy-a-trons?

So I’m up late, coding away… and my default browser (Chrome) comes to the top and loads a new tab for voicefive.com asking me to take a survey. Immediately I hit my malware scanner, but it turns up nothing. I close the tab, review other tabs I have open that might have initiated the pop-up, and go back to work. In the span of 5 minutes, I had this annoying pop-up splash over my coding work a total of 9 times. By this time I’m furious… I crank up Process Explorer, adjust the highlight settings to maximum delay (so I can catch the culprit) and sit there staring daggers at my screen. It only took a couple seconds to see that it was msnmsgr.exe launching the offending process. Really? Microsoft Live Messenger?

In a mixture of shock and disbelief, I killed msnmsgr.exe and waited… nothing. No pop-ups. Feeling I was being harassed and outright abused by Microsoft Messenger, I filed an abuse report. I wonder if I’ll get a response.

This entry was posted on Sunday, February 5th, 2012 at 2:11 am and is filed under Life in general. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Really Microsoft? Turning your products into annoy-a-trons?”

  1. David Taylor says:
    February 14, 2012 at 8:32 pm

    It is highly unlikely that Microsoft has allowed this do be done intentionally. More likely, someone is exploiting Messenger Interesting to note: blocking access to voicefive.com from my router causes this to no longer appear my wife’s affected system. Of course, the CPU cycles, how few they are, are still likely consumed. I’ll have to take a jab at collecting data on this issue and passing it on to on of my past co-workers at Microsoft.

  2. Amal says:
    February 15, 2012 at 2:36 am

    Hmm, but how? Though the MSN protocol? Is it possible to instantiate a call through the protocol to shell a process that opens a URL? I guess a more serious buffer exploit could exist, but then why use something as powerful as that to launch a voicefive survey? Also, if it is a protocol exploit and not a serious buffer exploit, then why not try to open a more nefarious URL… one with browser/java exploits built in?

    The VoiceFive URL being launched is shown below. You will notice references to pcworld.com and other domains. They seem like pretty legit targets for a partner/sponsor… but who knows. After a couple days I re-launched Windows Live Messenger and no more pop-ups… so I dunno.

    [h][t][t][p]://ar.voicefive.com/bmx3/projects/p134866554/invite/invite_inv_3.htm?&recruitFrequency=1&pid=p134866554&prad=3718814&ar_c=7603482&methodology=3&inv=pop_up_inv_3&grp=1&location=http%3A%2F%2Fwww.pcworld.com%2Feyeblaster%2FaddineyeV2.html%3FstrBanner%3DgEbServerData%253D%25271%253A%253A3718814%253A%253A7603482%253A%253ASite-4111%2FType-11%2F7603482_6bd4381b-746f-4767-9b3a-563fab6c2624.js%253A%253AExpBanner%253A%253A0%253A%253A%253A%253A%253A%253A0%253A%253A%253A%253A%253A%253A%253A%253A%253A%253A1%253A%253A191518%253A%253A0%253A%253A0%253A%253A%253A%253A%253A%253A%253A%253A%253A%253A%253A%253ASite-1253%2FType-20%2F7735495%2F23c75e85-d321-449a-ad5f-d38d91a9e66c%2F%253A%253A208773%253A%253A%25255B%25257Burl%25253A%252522http%25253A%2F%2Far.voicefive.com%2Fbmx3%2Fbroker.pli%25253Fpid%25253Dp134866554%252526PRAd%25253D3718814%252526AR_C%25253D7603482%252522%25252C%252520typeId%25253A5%25257D%25255D%253A%253A%25255B%25255D%253A%253A7531%2527%253BgEbBannerData%253D%25276438579624518752%253A%253A1%253A%253A728%253A%253A90%253A%253A%253A%253A%253A%253A1%253A%253A0%253A%253A30%253A%253A%253A%253A%253A%253A%253A%253A0%253A%253A0%253A%253A%253A%253A%253A%253Afalse%253A%253A%253A%253Ahttp%253A%2F%2Fad.doubleclick.net%2Fclick%253Bh%253Dv8%2F3c1b%2F3%2F0%2F*%2Fa%253B250330050%253B0-0%253B0%253B28203067%253B3454-728%2F90%253B45847120%2F45864418%2F1%253B%253B%257Eaopt%253D2%2F1%2F8f%2F0%253B%257Esscs%253D%253F%2527%253BebBigS%253D%2527http%25253A%2F%2Fds.serving-sys.com%2FBurstingCachedScripts%2F%2527%253BebBigSF%253D%2527ebExpBanner_2_4_26.js%2527%253BebResourcePath%253D%2527http%25253A%2F%2Fds.serving-sys.com%2FBurstingRes%2F%2F%2527%253BebO%253Dnew%2520Object%2528%2529%253BebO.sms%253D%2527ds.serving-sys.com%2FBurstingScript%2F%2527%253BebO.bs%253D%2527bs.serving-sys.com%2527%253BebO.fvp%253D%2527Res%2F%2527%253BebO.rpv%253D%2527_2_4_22%2527%253BebO.pv%253D%2527_4_5_0%2527%253BebO.pi%253D0%253BebO.wv%253D%2527_3_0_1%2527%253BebPtcl%253D%2527http%253A%2F%2F%2527%253BebO.bt%253D5%253BebO.bv%253D16%253BebO.plt%253D9%253BgEbDbgLvl%253D0%253BgnEbLowBWLimit%253D120%253BgEbURLTokens%2520%3D%2520’tp_PlacementID%253D3718814%2524%2524tp_AdID%253D7603482%2524%2524’%3B&referrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.bc%2Fnetworking%2Fnetwork_management%2Farticle%3Bpg%3Darticle%3Baid%3D212867%3Bc%3D1758%3Bc%3D1730%3Bc%3D1760%3Bc%3D1752%3Bc%3D1759%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D6065564954187721%3F&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=switch&version=3.1&stid=&cid=&sz=&clid=&as=&delay=10000&dom=27&inv_type=3&1329178385606

Leave a Reply

Get Adobe Flash player