default-homepage-network.com And Their Notorious Marketing Practices
This is my findings on my research of http://default-homepage-network.com, the marketing company that is used by companies such as MailWiper, Inc.and SpyKiller Pro. You may read the contents of their site by clicking the above link or reading a copy of it which I have supplied below. Their site readily admits to browser hijacking for their clients, denies doing any damage, and swears to assist anyone who wishes to be rid of them if the user will contact them in a friendly manner by using the handy email contacts at the bottom of the page. Oh wait.....they forgot to include those email contacts at the bottom....go figure. They do offer a simple solution for getting rid of their browser hijacks......they recommend purchasing SpyWiper......don't laugh, I'm serious. They also claim that their "service" is distributed through banner advertising on "adware-supported software" like Kazaa "in accordance to the terms of service agreed upon when the software was installed". Yet my browser was hijacked by them without having installed any new programs or updates in over a year, and I do not have Kazaa or any other file sharing program on my computer. They also claim that they do not attempt to cause damage or harm in any way to the user's computer. But after installing the firewall Sygate and changing my security settings, I decided to test it's durability by intentionally loading their first hijacking URL, http://default-hompage-network.com/index2.html, into my browser. It loaded complete with pop-ups but was unable to open the CD rom drive door. Instead I got this error message after the page loaded:
A Whois search of the company only returns a "you are not authorized" note but thanks to my firewall, Sygate, I was able to backtrack and search their company information, which is:
OrgName: Excalibur Internet
OrgID: EXCALI-24
Address: PO Box 607
City: Berlin
StateProv: NJ
PostalCode: 08009
Country: US
NetRange: 69.36.128.0 - 69.36.143.255
CIDR: 69.36.128.0/20
NetName: EXCALIBUR-INTERNET
NetHandle: NET-69-36-128-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: ARTHUR.EXCALIBUR-INTERNET.COM
NameServer: PENDRAGON.EXCALIBUR-INTERNET.COM
Comment:
RegDate: 2003-04-04
Updated: 2003-12-03
OrgAbuseHandle: AR700-ARIN
OrgAbuseName: Reynolds, Arthur
OrgAbusePhone:
OrgAbuseEmail: arthur@excalibur-internet.net
OrgTechHandle: AR700-ARIN
OrgTechName: Reynolds, Arthur
OrgTechPhone:
OrgTechEmail: arthur@excalibur-internet.net
# ARIN WHOIS database, last
updated 2003-12-13 19:15
# Enter ? for additional hints on searching ARIN's WHOIS
database.}
Excalibur-Internet is a company that hosts websites so I believe default-homepage-network.com is hosted by them. I've emailed Arthur with my concerns. I'll update this site if I receive an answer from him.
But according to this excellent site I found http://www.greenfieldgerbil.com/~matt979/archives/002253.html his research shows the site is owned by:
Seismic Entertainment Productions,
Inc. (MPPTIHLLQD)
11 Farmington Road
Rochester, NH 03867
US
Domain Name: DEFAULT-HOMEPAGE-NETWORK.COM
Administrative Contact:
Cayer, Mike (35890037P) eaglessuck2000@hotmail.com
Recently updated Whois information places them here:
Registrant:
Seismic Entertainment Productions, Inc.
ATTN: DEFAULT-HOMEPAGE-NETWORK.COM
c/o Network Solutions
P.O. Box 447
Herndon, VA. 20172-0447
Domain Name: DEFAULT-HOMEPAGE-NETWORK.COM
Administrative Contact, Technical Contact:
Cayer, Mike bz8t855h84j@networksolutionsprivateregistration.com (this is an undeliverable address)
Seismic Entertainment Productions,
Inc.
ATTN: DEFAULT-HOMEPAGE-NETWORK.COM
c/o Network Solutions
P.O. Box 447
Herndon, VA 20172-0447
570-708-8780
Record expires on 16-Sep-2006.
Record created on 16-Sep-2003.
Database last updated on 18-Dec-2003 22:24:30 EST.
Domain servers in listed order:
NS1.DEFAULT-HOMEPAGE-NETWORK.COM 205.236.189.50
NS2.DEFAULT-HOMEPAGE-NETWORK.COM 69.36.129.34
But now has been changed to:
Domain Name:
DEFAULT-HOMEPAGE-NETWORK.COM
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS1.DEFAULT-HOMEPAGE-NETWORK.COM
Name Server: NS2.DEFAULT-HOMEPAGE-NETWORK.COM
Status: REGISTRAR-LOCK
Updated Date: 15-dec-2003
Creation Date: 16-sep-2003
Expiration Date: 16-sep-2006
Last update of whois database: Sat, 20 Dec 2003 06:39:53 EST
According to SpyKiller Pro, they advertise through www.passthison.com even though my hijacked browser showed their ad through default-homepage-network.com. Default-homepage-network.com and passiton.com both have the same site content, which leads me to assume they're owned by one and the same person or by mutual agreement between two persons. Passthison.com actually has a contact email address (passthison_contact@hotmail.com) but it comes back as undeliverable.
CONTENTS OF DEFAULT-HOMEPAGE-NETWORK.COM'S SITE:
"Welcome to www.Default-Homepage-Network.com
This network was designed to help consumers benefit from the use of valuable software without paying any fees.
People who have installed programs like Kazaa and other adware-supported software have received default-homepage-network.com sponsored banners (which are distributed via software-application advertising agencies in accordance to the terms of service agreed upon when software was installed or updated.) These ads, rather than a credit card, pay for the software, keeping it free.
Unfortunately some adware programs bundle with extremely aggressive, often malicious, applications. However default-homepage-network.com is NOT responsible for these activities - though some people mistakingly assuming default-homepage-network.com is somehow connected to such activities.
We strongly recommend that people install an adware/spyware removal program to delete these applications if found bothersome or damaging in any way.
Rest assured that default-homepage-network.com does NOT nor will it EVER download ANY FORM of software on your computer without your EXPLICIT permission. The ONLY setting that default-homepage-network.com configures is default homepage (which it does NOT lock up) and it does so in accordance with the full disclosure of the terms of service displayed below. Default-homepage-network.com also uses banners on other participating networks in accordance to their own and default-homepage-network.com's terms of service.
If you wish to be removed from this network, please read below and if you still have trouble removing your default homepage or any (unrelated) spyware programs you may have, we would be very willing to help any polite requests for assistance. If you have any complaints or concerns, we are more than happy to address them with you. One of our available representative's email address is listed in the instructions below.
We feel it is very necessary to include all this information on our main page because it has come to our attention that some people feel default-homepage-network.com distributes viruses and spyware. And that is the furthest thing from the truth. Default-homepage-network.com NEVER downloads ANYTHING onto ANYONE's computer. It only runs a widely distributed default-homepage advertising network that can be changed with a simple one-click change to your default homepage setting in Internet Explorer (see removal information below).
Default-homepage-network.com Terms of Service / Privacy notes:
Default-homepage-network.com offers free content and services to consumers. This property is owned by default-homepage-network.com, including content, methods, technologies and hardware. If consumers choose to utilize and benefit from this property instead of paying for installed software, they must agree to the terms of service and privacy policies described herein. Default-homepage-network.com features content that may not be suitable for minors under the age of 18. Parents should monitor their children's use of adware supported software and this network to determine if the content is acceptable for unsupervised access.
Default-homepage-network.com derives most of its revenues by monetizing third-party advertisements via immediate and time-delayed exit consoles (and chromeless borderless pops with close-window links included) that rely on an active Internet connection. Default-homepage-network.com uses cookies to authenticate users' identity to prevent forgeries, abusive form submissions, email address verifications, banner ad/ pop-up rotation, pre-populated third-party registration forms and age verification.
Default-homepage-network.com prompts and changes consumers' browser behaviors to offer a free ad-supported software experience and a more targeted advertiser-to-consumer communication system. For example, default-homepage-network.com.com includes "flash" pages that will prompt a verisign alert box to install Macromedia flash player software into the end-user's browser and default-homepage-network.com utilizes several technical and business methods to change users' default homepage to one that default-homepage-network.com controls (see section below for more information and removal instructions). Some users do not wish to see pop-ups on their web browsers. We recommend "Spy Wiper" which will help remove unwanted pop-ups.
Default-homepage-network.com NEVER downloads or alters ANYTHING on users' computer EXCEPT default home page settings in accordance to these terms of service. Default-homepage-network.com also partners with other sites and ad agencies who agree to disclose similar terms of service, to bring more visitors into default-homepage-network.com's default homepage network. Default-homepage-network.com does not attempt to cause any damage or harm in any way. It will, however, use NON-DESTRUCTIVE vulnerability demonstrations to stress the importance that users' secure their computers from malicious hackers, default-homepage-network.com partners with companies that sell products designed to secure users' computers.
Removal Instructions:
As part of the terms of service noted above, your homepage may have been switched to one that default-homepage-network.com controls.
You can easily switch that back by simply changing your default homepage to whatever site you wish... (In Internet Explorer, simply go to tools -> internet options -> change home page -> OK) And then simply restart all open browsers or restart your computer (this will guarantee a delayed popup will not reset your setting.) You can escape any hidden console by selecting it and then click alt-F4. Default-homepage-network.com does not "lock" your homepage setting.
Default-homepage-network.com never downloads any spyware, adware, trojans or viruses to your computer. The ONLY change default-homepage-network.com ever makes to any setting on your computer is the default homepage in accordance with our terms of service.
We are in the process of setting up an effective consumer contact form and email system. If you wish to send a message to our attention, this feature will be available shortly."
UPDATE: I just discovered that http://mail11.smartbotpro.net/ is the same site as www.passthison.com ...Also I discovered that they own http://www.bookhugs.com/sbp.html which custom makes children's books (nice ploy, using children) and claims to be endorsed by CNET (they're not, in fact CNET gives them a very bad review here http://news.com.com/2009-1023-251960.html?legacy=cnet&tag=tp_pr)....and they also own http://www.smartbotpro.net/ Smartbotpro and passthison were last known to be owned by Sanford Wallace. Another interesting discovery is that http://www.zendmedia.com will redirect you to the default-homepage-network.com site.
UPDATE: This is definately worth reading: http://www.symantec.com/avcenter/venc/data/vbs.passon.html
UPDATE: Even more info on passthison.com, apparently they're up to tricks I wasn't even aware of: http://www.wizardscc.com/passthison_warning.asp This site offers a great solution for getting rid of them.
IMPORTANT UPDATE: According to Symantec Security, it looks like default-homepage-network.com is part of the trojan, Trojan.Digits or Download,Trojan. They show up in the removal intructions. http://www.symantec.com/avcenter/venc/data/trojan.digits.html
UPDATE: Here's an interesting link but DON'T GO HERE! http://object.passthison.com/r1/r1_frame2.html I clicked on this just to see what it would do and was treated with a deluge of pop-ups advertising everything under the sun including MailWiper, SpyWiper, and SpyKiller Pro and they're running the same unsafe AxtiveX scripts as shown above. The pop-ups continually change in a cycle so you never see the same thing whenever the site is accessed. I did find out that http://www.enigmasoftwaregroup.com which developed and markets the program SpyHunter is using them for advertising.
UPDATE: An extensive list of adware/malware addresses: http://www.mvps.org/winhelp2002/hosts.txt They list default-homepage-network.com as "Bundled Parasites" owned by ClientMan. ClientMan is a parasite program owned by Walt Rines. Another informative list can be found at http://wizbangblog.com/mtblacklist/mtbl2.txt
According to this article http://www.adinfo.businessweek.com/technology/content/0009/el0901.htm and many others like it, passthison.com was owned by Sanford Wallce of Cyber Promotions, the notorious Spam King. If Sanford Wallace was the declared owner of passthison.com, does this also mean he may be the owner of default-homepage-network.com?
According to recent statements, Wallace has thrown in the towel and stopped his spamming practices. I can find articles stating that he claimed he wanted to give up spamming and become a nightclub owner, but his sites are still active. I can't find any documentation showing that he sold the sites or transferred ownership.
UPDATE: Somewhere
in June 2004, both default-homepage-network and passthison posted
this statement on their websites:
"Due to new laws
being enacted and controversy surrounding our business model, we
have voluntarily decided to implement the cease of all current
business practices by the end of June 2004."
However, they're still actively hijacking browsers as of July
2004 with their new project: spywarehelp.net (See http://tired-of-spam.home.comcast.net/spywarehelp.html for more info).
For more informative research and
information on this company, please visit
http://www.webhelper4u.com/CWS/defaulthomepagenetwork/passthisonftpexploit.html
and the accompanying links at the bottom of the page.
IMPORTANT UPDATE: Great news!! It seems all our hard work has paid off! The FTC has brought a case against Seismic Entertainment. Hopefully this will be the downfall of these notorious companies and an example to those currently practicing unethical internet marketing. Read the case here: http://yro.slashdot.org/comments.pl?sid=124892&threshold=3&commentsort=0&tid=123&mode=nested&cid=10471703
News articles and public opinion
can be found here:
http://netrn.net/spywareblog/index.php
http://story.news.yahoo.com/news?tmpl=story2&u=/nm/tech_spyware_dc
http://www.theunionleader.com/articles_showfast.html?article=45220
http://www.sacbee.com/24hour/technology/story/1719298p-9530248c.html
http://news.com.com/FTC+takes+aim+at+alleged+spyware+distributor/2100-7350_3-5403438.html?tag=cd.top
http://www.seacoastonline.com/news/10_8special2.htm
http://www.thewmurchannel.com/news/3794373/detail.html
PDF versions of the case can be found here: http://www.cdt.org/privacy/spyware/spywiper/
For all those who have been victimized by these companies, this is the day we've been waiting for. Let's keep our fingers crossed that justice will be done.
This website will be updated regularly with any new developments. Anyone wishing to contact me for inquiries or to relate their experiences with default-hompage-network.com may do so at nomorespyware@yahoo.com.