quote:
Originally posted by Spunky
It sounds like the users of that forum know a fair bit about what they're doing
I don't entirly agree though! At least not those guys in those latest posts in that thread who linked all this to Messenger Plus!, at least in the way they linked it to Plus!.
If you read that thread a bit better, you'll notice that they very quickly jump to the conclusion it is Messenger Plus!, but mostly based on assumptions like:
- "Plus! installs spyware, and ...."
- "The popup's close button is the same as the close button used on a Plus! toast."
- The other guy said so
But those assumptions are seriously wrong and mostly fueled by other/old heresay about Plus! and its sponsor and not at all based upon actual facts. eg: A same close button (which is actually just a standard image) doesn't say a thing, not in the slightest way, about the relationship between the two. A lot of programs use that close button image because it is a standard image. And many programs use such kind of popups/toasts too.
On NeoWin, the guy who claims it is a Plus! toast because "the close button matches up", even says the close button is actually NOT exactly the same. So...
But people do not read all the posts in detail and only see what they want to see. As a result, everybody now seems to jump on the bandwagon of Plus! "having a big secuity hole", "the setup has a bug in it" and it is "Plus!'s sponsor fault" (all quotes from those threads) and all the old heresay comes boiling up again. While
the popup certainly does not come from the Messenger Plus! addon itself or its old depricted sponsor.
The
claim by ji_hyun_junthat it is useless to have a screenshot of the popup is not correct either. For stuff like this, having a screenshot of the popup can help a great deal to help identify the culprint. Especially if it can not be reproduced on demand.
Not to mention that he finds it "mysterious" that "scans didn't showed up anything" and that they are all "quite security aware" seriously raises my eyebrows. No offense though, but if they are "quite security aware" and "know what they are talking about" they should know that scans quite often do not show up stuff (an quite often give false positives too). Especially when it comes down to such popups, as they can not be distinguished from normal programs. People way too often rely on such scans and popup killers and swear by them. And that is quite the opposite of being "quite security aware" , but that is imho.
-----------------
What might have happened, related to Messenger Plus!, is that all those people downloaded and installed some malicious Messenger Plus!
script from somewhere by visiting some malicious url, as mentioned before (which in a way tells something about them being "quite security aware" and "knowing what they do" to come back to ji_hyun_junthat's quote). And if that is the unfortunate case, they should check out their scripts and uninstall that script (after sending it to Patchou so steps can maybe be taken).
But it certainly is worth noting that it seems that it is mostly people on the RedFlagDeals forum who have experienced this (except for SonicSam (EDIT: and roflmao456
), but we all know what dodgy sites he visits in his spare time
).
But again, its not Messenger Plus! itself or its sponsor which is responsible for the popup though!!!
-----------------
A way to realy see what the culprint is, is to use a program like
Spy++ and
Process Explorer to check out the process which creates that popup window. And then try to link that process with an installed program or whatever. Although it is also possible that this popup is actually created by a website.
Anyways, I hope the real culprint is found soonish before more people slander Messenger Plus! for it.
Related threads:
http://www.redflagdeals.com/forums/merged-ihatero...ndom-pop-up-821977
http://www.neowin.net/forum/index.php?showtopic=852260
http://www.basilmarket.com/forum/1307360/1/ihaterogersca_popup.html
http://www.hondaprelude.to/forums/showthread.php?p=1486745
/ 
