LOP, or Live Online Portal, is an adware component that is installed on computers.

Lop.com is a web site owned by C2Media (NOTE: C2 Media is the name of a totally unrelated company from C2Media LTD which owns LOP.com). It is a pay-per-click search portal where other websites will pay for each click to their sites via LOP. This was never a bad idea, but a method they used to get people to their site was to install an adware component on people’s computers which would advertise their site through pop-ups. The installer could turn the user’s web browser into a device with a links to lop.com.

Older variants of LOP were quite predictable and installed Browser Helper Objects and startup entries with known names. Lately, LOP variants have been using random English words strung together in a phrase as their executable names and have been placing these executables in the user’s application data directory. For example, there are LOP variants which call their file “meal dog house bone.exe”.

LOP can usually be easily removed using Ad-Aware and Spybot S&D (as well as various other spyware removal programs). You may also ask the support forums below for help on how to remove LOP.

Known programs that bundle LOP

• Patchou’s Messenger Plus

References

• Healan, M. (2004). Lop.com. Retrieved Jun. 13, 2005, from SpywareInfo Web site: http://www.spywareinfo.com/articles/lop/.
• Clover, A. (n.d.). lop. Retrieved Jun. 13, 2005, from doxdesk.com Web site: http://www.doxdesk.com/parasite/lop.html.

Links

• LOP Information Website
• SpywareInfo Forums
• TomCoyote Forums
• BFC Computer Help
• Security and Malware Board

End users can protect themselves from the brunt of spam’s impact in numerous ways.

Preventing Address Harvesting

Preventing spammers from obtaining your email address doesn’t really solve the spam problem, any more than avoiding all but lowest crime areas of a city solves crime. Many people cannot hide their email addresses and most people want to meet new people via email. They just don’t want the flood of spam. It may, however, reduce the amount of spam that you receive.

One way that spammers obtain email addresses to target is to trawl the Web and Usenet for strings which look like addresses, using a spambot. Contact forms and address munging are good ways to prevent email addresses from appearing on these forums. If the spammers can’t find the address, the address won’t get spam.

There are other ways that spammers can get addresses such as “dictionary attacks” in which the spammer generates a number of likely-to-exist addresses out of names and common words. For instance, if there is someone with the address adam@example.com, where ‘example.com’ is a popular ISP or mail provider, it is likely that he frequently receives spam.

Address munging

Posting anonymously, or with an entirely faked name and address, is one way to avoid this “address harvesting”, but users should ensure that the faked address is not valid. Users who want to receive legitimate email regarding their posts or Web sites can alter their addresses in some way that humans can figure out but spammers haven’t (yet). For instance, joe@example.net might post as joeNOS@PAM.example.net, or display his email address as an image instead of text. This is called address munging, from the jargon word “mung” meaning to break.

Contact Forms

Contact forms allow users to send email by filling out forms in a web browser. The web server takes the form data and forwards it to an email address. The user (and therefore the spam harvester) never sees the email address. Contact forms have the drawback that they require a website that supports server side scripts. They are also inconvenient to the message sender as he is not able to use his preferred e-mail client. Finally if the software used to run the contact forms is buggy or badly designed they can become spam tools in their own right.

Disposable e-mail addresses

Many email users sometimes need to give an address to a site without complete assurance that the site will not spam, or leak the address to spammers. One way to mitigate the risk of spam from such sites is to provide a disposable email address — a temporary address which forwards email to your real account, but which you can disable or abandon whenever you see fit.

A number of services provide disposable address forwarding. Addresses can be manually disabled, can expire after a given time interval, or can expire after a certain number of messages have been forwarded. Some of these services allow easier creation of disposable addresses via various techniques.

Defeating Web bugs and JavaScript

Many modern mail programs incorporate Web browser functionality, such as the display of HTML, URLs, and images. This can easily expose the user to pornographic or otherwise offensive images in spam. In addition, spam written in HTML can contain JavaScript programs to direct the user’s Web browser to an advertised page, or to make the spam message difficult or impossible to close or delete. In some cases, spam messages have contained attacks upon security vulnerabilities in the HTML renderer, using these holes to install spyware. (Some computer viruses are borne by the same mechanisms.) Also, the HTML can be used to signal whether a spam message is actually read and seen by a user.

Users can defend against these methods by using mail clients which do not automatically display HTML, images or attachments, or by configuring their clients not to display these by default.

Avoiding responding to spam

It is well established that some spammers regard responses to their messages — even responses which say “Don’t spam me” — as confirmation that an email address refers validly to a reader. Likewise, many spam messages contain Web links or addresses which the user is directed to follow to be removed from the spammer’s mailing list.

In several cases, spam-fighters have tested these links and addresses and confirmed that they do not lead to the recipient address’s removal — if anything, they lead to more spam.

In late 2003, the USA FTC launched a public relations campaign to encourage email users to simply never respond to a spam email — ever. This campaign stemmed from the tendency of casual email users to reply to spam, in order to complain and request the spammer to cease sending spam.

Perhaps more significantly, since the sender address fields borne by spam messages are almost always forged, a reply to a spam message is likely to reach an innocent third party if it reaches anyone at all.

In Usenet, it is widely considered even more important to avoid responding to spam. Many ISPs have software that seeks out and destroys duplicate messages. Someone may see a spam and respond to it before it is cancelled by their server, which can have the effect of reposting the spammer’s spam for them; since it is not just a duplicate, this reposted copy will last longer.

Reporting spam

The majority of ISPs explicitly forbid their users from spamming, and eject from their service users who are found to have spammed. Tracking down a spammer’s ISP and reporting the offense often leads to the spammer’s service being terminated. Unfortunately, it can be difficult to track down the spammer — and while there are some online tools to assist, they are not always accurate. Also occasionally spammers own their own netblocks. In this case the abuse contact for the netblock can be the spammer itself and can confirm your address as live.

Examples of these online tools are SpamCop, Network Abuse Clearinghouse and Blue Frog. These provide automated or semi-automated means to report spam to ISPs. Some spam-fighters regard them as inaccurate compared to what an expert in the email system can do; however, most email users are not experts.

Consumers may also forward “unwanted or deceptive spam” to an email address (spam@uce.gov ) maintained by the FTC. The database so collected is used to prosecute perpetrators of various types of scam or deceptive advertising.

Defense against email worms

In the past several years, scores of worm programs have used email systems as a conduit for infection. The worm program transmits itself in an email message, usually as a MIME attachment. In order to infect a computer, the executable worm attachment must be opened. In almost all cases, this means the user must click on the attachment. The worm also requires a software environment compatible with its programming.

Email users can defend against worms in a number of ways, including:

• Avoiding email client software which supports executable attachments. The most frequently-targeted client software for email worms is Microsoft Outlook and Outlook Express, both of which can easily be made to open executable attachments. However, other Windows-based email software is not immune to worms.
• Using an operating system which does not provide an environment compatible with present worms. Essentially all current email worms affect only the Microsoft Windows operating system. They cannot execute on Macintosh, Unix, GNU/Linux, or other operating systems. In some cases, it is conceivable that a worm could be written for one of these systems; however, various security features militate against it.
• Using up-to-date anti-virus software to detect incoming worms and quarantine or delete them before they can take effect.
• Being skeptical of unsolicited email attachments. Since worms and other email-borne malware arrive in this form, some email users simply refuse to open attachments that the sender has not given them advance notice of.

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

A reciprocal link is a mutual link between two objects, commonly between two websites in order to ensure mutual traffic. Example: Alice and Bob have websites. If Bob’s website links to Alice’s website, and Alice’s website links to Bos’s website, the websites are reciprocally linked.

Website owners often submit their sites to reciprocal link exchange directories in order to achieve higher rankings in the search engines.

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Ad filtering or ad blocking is a service which removes or alters advertising content in a webpage. This content can be represented in a variety of ways including pictures, animations, text, or pop-up windows. More advanced filters allow fine-grained control of advertisements through features like blacklists, whitelists, and regular expression filters. Certain security features also have the effect of disabling some ads.

The immediate benefits include cleaner looking webpages free from advertisements and lower resource-usage (bandwidth, CPU, memory, etc.). One drawback is that advertisements are a major source of revenue for many websites. However, the actual loss of revenue, when present, is difficult to measure.

Browser integration

Some web browsers support ad filtering through built-in features and plugins. A number of popular browsers include a pop-up blocker, such as Microsoft’s Internet Explorer, Mozilla Firefox , Opera Software’s Opera, and Apple Computer’s Safari. All of these browsers support extensions and/or plugins which can include ad filters. For example, Adblock is a popular extension for Firefox.

External programs

A number of external applications offer ad filtering as a primary or additional feature. A traditional solution is to customize an HTTP proxy (or web proxy) to filter content. Proxies may reside on and serve a single computer or serve a number of clients over a network. These programs work by caching and filtering content before it is displayed in a user’s browser. This provides an opportunity to remove not only ads, but content which may be offensive or inappropriate. Popular proxy software which can be used as effective ad filters include: Privoxy, Squid, Proximodo, and Proxomitron.

Common advertising techniques

• Pop-up ads
• Plain text
• Ad banners
• Flash animations
• Keyword hyperlinks (for example Vibrant Media’s IntelliTXT[1])
• Browser plugins/extensions (often labeled as adware)
• External applications

Links

• An Adblock tool for Opera
• DoubleClick Warns Against Ad-Blocking Browsers
• JD’s proxomitron filterset

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.