View Full Version : Popup spam

08-27-2001, 09:35 AM
Just received this email allert from Zdnet developer
that you may want to check out.

I didn't have it on my system, but I have been getting spam email with popups in them lately.

< z d n e t d e v e l o p e r >

// News Edition
// Thursday, August 09, 2001
// Purge Pop-Ups

Before you get into the news articles this week, I wanted to
let you know what I've learned about a company called
Blackstone.com. It seems that they, with the help of Mindset
Interactive (.com), have been finding ways to place a file
called IEHELPER.DLL onto Windows machines without the user's

If you've been experiencing pop-up advertisments every 5-10
pages you visit, there's a chance that it is because these
companies have been able to get the file onto your machine.
Run a FIND now and if you find this file, note its location
and move it to your desktop. You should be able to trash it
and enjoy surfing with fewer pop-ups, but restart and test your
browser just to be safe.

I hope this helps some of you who have been wondering where
all of these pop-ups were coming from. Needless to say, I
nearly hit the roof when these ads started popping up over
my own personal Web site!

--Troy Brophy troy_brophy@zdnet.com
Senior Editor, ZDNet's Developer

08-27-2001, 09:47 AM
If this is true, I think that this company can be suid.
Hacking into my computer and installing a root kit or installing DLL's that are not supposed to be there.......
The same to me.

08-28-2001, 01:50 PM
I had these once and hear complaints about them all the time. How did you come by that info? I'd love to find these companies :evil: .

08-29-2001, 09:01 AM
Here is a follow up to that original email I recieved today.
I get this from a Zdnet developer newsletter.

< z d n e t d e v e l o p e r >

// Update Edition
// Thursday, August 28, 2001
// Purge Pop-Ups Part II

In the last newsletter I told you about the IEHELPER.DLL file
that plays a role in pop-up advertising during your browser
sessions. Thanks to feedback from a number of you I'd like to
clarify my findings:

1. I mistakenly referred to "Blackstone.com" (which is the Web
site of the Blackstone Group). I intended to point to Blackstone
Data Corporation's Web site (blackstonedata.com). I apologize
for the confusion.

2. It seems that Lotus also installs a file called IEHELPER.DLL.
This file is benign and is a part of some Lotus software. It
lives in a Lotus subdirectory.

3. The IEHELPER.DLL file, which plays a role in pop-up
advertising, is around 104KB in size. When opened in a text
editor (such as Wordpad.exe) you will find some legible text
mixed in with the mistranslated code. Here is a sample from the
file I found:

... sputnik.blackstonedata.net CEndPointHost
SEndPoint MotsThreshold R O U T I N E _ C H E C K I N
LastAdTime 0 LastAdCode HighestListIndex ...

Which makes me think that it is sending information about the
computer/user back to a server called

4. There are plenty of "legitimate" ad pop-ups out there. They
are sent to your browser by the Web site you are visiting. Many
of them are "pop-under" ads that load and linger beneath your
current browser window. While these may be annoying, they are
a part of the Web site.

The ads that IEHELPER.DLL causes to appear are not related to
the Web sites you visit. They are triggered in some way, and
pop up over whatever site you happen to be viewing.

5. Please be careful when trying to delete this file. Check it
in a text editor to see if it has references to
"blackstonedata.net." Never trash a file until you are certain
that your system can live without it. If you are having trouble
accessing or moving the IEHELPER.DLL file, try closing all
programs, or restarting your computer and then accessing it
before running any software.

Please continue to send feedback and I will pass
along what I learn.


--Troy Brophy troy_brophy@zdnet.com
Senior Editor, ZDNet's Developer

Click Here!