Spyware and the GAIN "network"

NOTICE: The following information only applies to you if you have visited Sol's Corner of the Web using the URL "http://southbayhe.cjb.net" prior to 27-Aug-2004. If you did not receive our website's address by calling our answering machine prior to 27-Aug-2004, the information below will be of only academic interest to you (but feel free to read it anyway - you may find it interesting!)

Recently, I discovered that the URL above, which I had been giving out via our answering machine message, causes pop-up advertising to appear when you visit our site via that URL. This is the result of what is often called "domain redirection". What this means is that some company (in this case, "cjb.net") offers us a free service - we can select any name we want (in our case, "southbayhe"), and tack ".cjb.net" onto the end. As a result, the combined address "southbayhe.cjb.net" becomes a sort of alias or shortcut to the original site.

Here's how it works: when a user (like you) visits the site "http://<anysite>.cjb.net", your browser first contacts the web server at cjb.net, which forwards or "redirects" the request to <anysite>'s actual URL, which is probably much longer and uglier (as in our case). Since it's much easier to remember a shorter URL such as "http://southbayhe.cjb.net", and the two should be functionally equivalent, we prefer to distribute the shorter URLs, in order to make life easier for you, our favorite users!

The problem is that somebody pulled a dirty little trick on us. When you visit "http://<anysite>.cjb.net", the servers at cjb.net get first crack at your browser's request before they pass it along to our host's servers. In this case, they chose to make some money by inserting some code to bring up pop-up advertising on your system. They do this by linking to yet another server somewhere else on the internet, probably owned by yet another company (called an "advertising provider") who buys advertising space from cjb.net, and then can send their advertising banners, images, and even scripting code of their own through cjb.net's ad window.

Among various advertising images which appeared in the pop-up ad windows which appeared while I was confirming this problem, one contained code that attempted to install a program called "Precision Time" on my system. The software called "Precision Time" is, in reality, a stealthy front for a notorious piece of "ad-delivery" software called GAIN (formerly Gator).

There are many resources on the Internet about "spyware" - an informal, loosely-defined term for a category of software which for purely legal reasons I am not claiming that GAIN falls into (make your own judgement after following the links below). Simply perform a search on the word "spyware" in your favorite search engine (we like Google, but you may have other preferences). One site that has a pretty good definition of spyware in general is here.

For more information about GAIN, the problems associated with it, and how to get rid of it, here is a short list of sites that discuss GAIN (there are MANY more out there):

• This site offers a very good overview with more information than I can provide here (no sense in my re-inventing the wheel when someone else has already done the work!) Visit all the links in their "Gator Info Center" box to really get a feel for the magnitude of GAIN's chutzpah.
• Another site with a different (but equally negative) spin on GAIN. (7-Jan-2005: link dead)
• An update to the previous site?.
• A fourth site discussing GAIN and Gator.

I highly recommend that you click one or more of these links and read this information even if you have not been affected by GAIN, just to understand the lengths some people will go to to make money from you against your will (and usually even without your knowledge).

I should add that not all ad windows put up by cjb.net will contain the script code that attempts to install GAIN onto your system. It is possible that the people at cjb.net do not even realize that GAIN is being foisted off onto your machine through their ad windows. (But, as they say in the legal biz, ignorance is no excuse.)

The bottom line is this: while we understand and sympathize with cjb.net's desire to make money from their service, we here at Sol's Corner of the Web strongly feel that this is the wrong way to go about it. We do NOT include any spyware or any other "fly-by" or "stealth" installers on our website, and we strongly object to them. Our current redirection service, r8.org (aka NE1.net), uses no such advertising windows so far as I can determine and therefore should be perfectly safe. Our website itself is absolutely safe and contains no spyware whatsoever. The only way you could have been affected when visiting our site is if you had done so via the cjb.net redirection, and then allowed GAIN to proceed with its installation (probably without realizing it).

If you have bookmarked (added to Favorites) our site address from cjb.net, please delete that bookmark and replace it with either the r8.org version (http://southbayhe.r8.org) or, if you need the typing practice, our true website URL (http://www.outdoorsunlimited.net/~magnum338/index.php).

(The character after the third slash, before the first 'm' in 'magnum' is a tilde, which you may have seen over the letter 'n' if you read any Spanish, or over various vowels in other languages like Portuguese. On a standard American keyboard, it is probably the shifted key in the top left corner, just below the Esc key, and next to the number '1'.)

We apologize for any inconvenience that may have been caused by our use of this particular redirection service. Judging by the number of hits our site has received, it appears that very few if any of you were affected. Rest assured that that URL is being discontinued and we will monitor any redirection service we use more closely.

Thanks for your understanding,

-- Jeff
-- Webmaster, Sol's Corner of the Web
-- 27-Aug-2004