Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

One Clik Toolbar

0 views
Skip to first unread message

Ron Lopshire

unread,
Jun 8, 2006, 10:36:55 AM6/8/06
to
Anyone familiar with this outfit? It is being promoted in the Moz NGs
as a viable Firefox extension. It is not in the MVPs HOSTS file
(yet?), but the web site looks suspicious.

oneclik toolbar
(hxxp://oneclik.communitytoolbars.com/)

I munged the URL, but I looked at the site with a locked-down browser
(no Javascript). Some of the Javascript redirects are to adware sites.

communitytoolbars dot com ends up here
(hxxp://www.platformaonline.com/)

Copy of this post sent to
(http://www.mvps.org/winhelp2002/hosts.htm)

Ron :)

Adam Piggott

unread,
Jun 8, 2006, 3:03:11 PM6/8/06
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.pingzine.com/press_details.php?id=335
(February 22, 2005)
"A component called ?EffectiveResults? facilitates the integration of
sponsored ads embedded within the toolbar. The free download creates the
opportunity for webmasters to earn revenue through specific, sponsored
content categories and can increase retention rates by providing site
visitors with another resource."

http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FIMENEXT%2EA
ADW_IMENEXT.A
"This adware opens the Web site http://www.ucmore.com. If the user accesses
this Web site, the browser is then redirected to the following Web sites:"
(various effictivebrand.com URLs)

Google is your friend:
http://www.google.co.uk/search?q=%22effectivebrand.com%22&hl=en&lr=&start=10&sa=N

platformaonline.com and effictivebrand.com are both on my web filtering
service's block list (direct domain name match) so I'd definitely avoid it,
giving the other evidence.

HTH

Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEiHRv7uRVdtPsXDkRAqfBAKCPzy3kima9YnfJeX36p12v8Ty7jQCfUUCD
0JolheyVn5bPPNJPr1GkG0Q=
=t/L4
-----END PGP SIGNATURE-----

Ron Lopshire

unread,
Jun 9, 2006, 9:53:39 AM6/9/06
to
Adam Piggott wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ron Lopshire wrote:
>
>>Anyone familiar with this outfit? It is being promoted in the Moz NGs as
>>a viable Firefox extension. It is not in the MVPs HOSTS file (yet?), but
>>the web site looks suspicious.
>>
>>oneclik toolbar
>> (hxxp://oneclik.communitytoolbars.com/)
>>

>>communitytoolbars dot com ends up here
>> (hxxp://www.platformaonline.com/)
>

> http://www.pingzine.com/press_details.php?id=335
> (February 22, 2005)
> "A component called ?EffectiveResults? facilitates the integration of
> sponsored ads embedded within the toolbar. The free download creates the
> opportunity for webmasters to earn revenue through specific, sponsored
> content categories and can increase retention rates by providing site
> visitors with another resource."
>
> http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FIMENEXT%2EA
> ADW_IMENEXT.A
> "This adware opens the Web site http://www.ucmore.com. If the user accesses
> this Web site, the browser is then redirected to the following Web sites:"
> (various effictivebrand.com URLs)
>
> Google is your friend:
> http://www.google.co.uk/search?q=%22effectivebrand.com%22&hl=en&lr=&start=10&sa=N
>
> platformaonline.com and effictivebrand.com are both on my web filtering
> service's block list (direct domain name match) so I'd definitely avoid it,
> giving the other evidence.

From Mike Burgess, Microsoft MVP - Internet Security

communitytoolbars.com = effectivebrand.com
http://whois.domaintools.com/communitytoolbars.com

> From my HOSTS file:

# [Effective-i][Ronen Shilo][Platforma Online Ltd]
127.0.0.1 users.effectivebrand.com #[SunBelt.IEMenuExtension Toolbar]
127.0.0.1 www.effectivebrand.com #[ADW_IMENEXT.A][Adware.IEMenuExt]
127.0.0.1 www.thesearchaccelerator.com
#[Ewido.Spyware.EffectiveBrandToolbar]
127.0.0.1 www.similarplus.com
127.0.0.1 download.ucmore.com #[Adware.UCMore]
127.0.0.1 users.ucmore.com #[Adware-UCMore.dr][F-Secure.UCmore]
127.0.0.1 sponsor2.ucmore.com #[IEMenuExtension Toolbar]
127.0.0.1 www.ucmore.com #[ADW_IMENEXT.A][Sophos.UCMore]
127.0.0.1 www.ucmore.net
127.0.0.1 www.ucmoreinfo.com

Note: communitytoolbars.com redirects to effectivebrand.com ... so
users of my HOSTS file are safe and access is blocked.

The "oneclik." is a sub-domain that CommunityToolbars let's users
create a downloadable Toolbar ... there are many many sub-domains:
http://www.google.com/search?hl=en&lr=&safe=off&sa=G&q=%22communitytoolbars.com%22

Effectivebrand also runs several other portals that promote creating
Toolbars for users to distribute ... yes they call home
(users.effectivebrand.com)
http://www.domaintools.com/reverse-ip/?hostname=communitytoolbars.com

As I (Ron) said, keeping Javascript disabled solves a lot of problems.

Ron :)

0 new messages