OC Forums Spyware Challenge

Add Your Comments

They came, they saw, they got infected…

The OC Forums “Spyware Challenge” has come and gone, but shadows of its passing still linger in the minds of those who experienced it. Some may call it reckless, others might even refer to it as irresponsible… The Overclockers though, they called it a Challenge.

The Ground Rules

The goal of the Spyware Challenge was simple – “Get as many spyware infections as possible”. For ease of comparison, components counted by Adaware were counted as valid and an entry was made official if a screenshot and log file were submitted.

Participation was clearly voluntary, and not necessarily even encouraged:

“All participation, though your success will be a directly proportional indication of the measure of your manhood, and besides the fact that opting out will forever echo your name in the infinite halls of ultimate sissydom, is COMPLETELY VOLUNTARY. I.M.O.G., his relatives, pets, third-cousins from West Virginia, as well as OCForums take no responsibility for any results of this challenge. Bottom line, if you can’t fix it, or won’t be happy when your system melts down… Just remain a sissy, nerd peasant.”

Highlights of the Carnage

A few pages into the challenge thread, it became painfully obvious that some were taking this terrible idea and running with it.

The first serious contender posted his 3.5 MB log file as plain text in a post, and brought browsers to their knees.

Next a participant claimed his machine lost its smoke as a result of trying to compete – far fetched, perhaps too far in my opinion – but nonetheless, it was claimed.

Other members contracted an unhealthy amount of added Internet Explorer “functionality”:

Screenshot

Screenshot

Screenshot

The forum member Gustav was the first to really get things moving, and posted an impressive infection which lead to even bigger things later on:

Screenshot

Gustav posted up with 14,000+ objects recognized from 19 separate infections. By far, the most important find of his was Netsky which accounted for 13,028 objects in the scan. Investigating his log file it was clear that he had stumbled upon Netsky honestly, and those 13,000 infections occurred naturally across his windows installation – contracting Netsky could produce this sort of an infection for any user who gets it. It travels through SMTP and Peer-to-Peer networks replicating itself on a host machine into any directory address which contains “shar”.

The highest object count and most impressive screenshot in the entire contest was produced by Fraug:

Screenshot

Fraug pulled in with 152,636 objects. While respectable, as that had to require some serious file operations just to create that number of files… 141,991 of those were Netsky. He also edited out the directory listings in his log file which were an important part of what I was looking for in the log files. Still though, with 32 separate infections and a 22,000+ page log over 34 MB in size… This isn’t anything to laugh at.

But the winner of the contest was truly a man amongst boys. Joelb79 posted this result:

Screenshot

Joel headed up the troops with an impressive 115,034 objects. As was the trend in the competition, again 101,462 of those were Netsky. However, this still left Joel with 69 separate infections making up 13,572 objects that were not Netsky. This put Joel in the number one spot in the challenge, as his infection was by far the most awe-inspiring – 69 infections and he was able to complete an adaware scan!

CONCLUSION

The Spyware Challenge turned out to be more of a spectator sport than an interactive contest, but thanks go out to those brave souls who took part and made the rest of us on the sidelines shake our heads in dumbfounded wonder. In times when people everywhere are scrambling to free themselves from the clutches of spyware doom, fearlessly you subjected your systems to the worst and gave everyone something to shake their heads, smile, or laugh about.

IMOG

Leave a Reply

Your email address will not be published. Required fields are marked *