Spyware found in MB trading Sotware

[Simple-Ideas]

Quote from hedgeking:

report those secretive sucks. they route orders with there "proprietary software " and won't tell you were. isn't that illegal?

This is not fair and maybe illegal.
Simple-Ideas = Get your money and run like a rabbit

 

[Bitstream]

Quote from Simple-Ideas:

This is not fair and maybe illegal.
Simple-Ideas = Get your money and run like a rabbit

fx shit is not regulated..meanin' u are at the mercy of your broker, who has no boundaries as where to push it and can fkuc u at will with no consequences other than for your acct.

 

[GTS]

Quote from abe:

My latest scan shows MB software in fact has this adware which could be used for hijacking purposes. I have attached the log file and you can see it for yourself.

abe.

I just followed a fairly methodical procedure which I had assumed would prove user error on your part (I admit this bias freely) but I must now say that I agree with your results if not your conclusion.

I installed the latest Ad-Aware (Ad-Aware SE Build 1.06r1
Using definitions file:SE1R119 15.08.2006) run a scan on my system that did not have MBT installed.

Results came back clean.

Installed the latest MB Navigator downloaded directly from MBT's web site.

Re-ran the Ad-Aware scan and got this hit:

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : .Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-0000-0000-0000-000000000000}

I also noted that in the details it says that it is zero bytes:

Name:CommonName
Category:.Data Miner
Object Type:Regkey
Size:0 Bytes
Location:clsid\{00000000-0000-0000-0000-000000000000}\
Last Activity:8/18/2006
Relevance:Low
TAC index:7
Comment:
Description:Browser search hijacker. Causes ads. Recent variant installs a Winsock LSP.

I then ran RegEdt32 and attempted to locate the registry entry in question but so far have not been able to.

As an IT security person I know all about false positives which at first blush this appears to be; I don't see how a zero byte registry entry can hijack a browser or do anything.

I also note that MBT uses the common WISE installer and a log is produced during the installation. I do not see any references to this registry key, however MBT's and some 3rd party dll's are allowed to self-register so it is possible that this is how the registry entry is being created.

I am going to continue to investigate however while I agree that you did not make this up (and apologize for assuming that you had) I think it is wrong to jump to the conclusion that MBT had purposely installed malware when the more likely reason is just a false positive. So far the only proof of this malware is this suspect Ad-Aware alert.

 

[Simple-Ideas]

Quote from GTS:
I just followed a fairly methodical procedure which I had assumed would prove user error on your part (I admit this bias freely) but I must now say that I agree with your results if not your conclusion.

Hi GTS,
I closed my account with them, Now:
Simple-Ideas = I have to check my money for any suspicious virus, BUT How?

Difficult-Idea

 

[GTS]

Quote from Simple-Ideas:
I have to check my money for any suspicious virus, BUT How?

Easy, ignite the money with a lighter.

If it burns yellow-orange it was clean, if it burns greenish then it had a virus.

 

[Simple-Ideas]

Quote from GTS:

Easy, ignite the money with a lighter.

If it burns yellow-orange it was clean, if it burns greenish then it had a virus.

Nice one,
I am thinking.....
Simple-Ideas = MBT-Steve can give each of us a live account with 10000$ real money and we won't report him to NFA

 

[steve46]

"I think you need to get your 12 guage and go out to find those idiots. When you find'em you need to let'em have an assfull of birdshot. Believe me, those bastards will never screw with you again. Nothing quite as embarrassing as getting shot in the ass. Actually, now that I think about it, I prefer a nice head shot, but hey just take whatever shot you can get. Oh, and we never had this conversation"

"Dick Cheney, August 12, 2004 Interoffice staff memo"

 

[GTS]

Well here's another data point:

On different system that has had MBT's Navigator installed and updated many times and is currently running 2 versions back (10.13.0.8 installed on 02-02-2006) the same Ad-Aware program does not report the CommonName registry issue.

I'm going to upgrade to the latest (10.13.0.10) and see if that changes...

(Mods, I think it sucks that this got moved to Forex Brokers - talk about hijacking, this thread has been hijacked with this Forex tangent!)

 

[GTS]

After installing the latest (10.13.0.10) over my existing 10.13.0.8 the questionable registry entry is there (or at least Ad-Aware is detecting *something*)

MBT-Steve, ball is in your court. Something changed between 10.13.0.8 and 10.13.0.10. PM me if you need any details.

 

[Simple-Ideas]

Hi Abe,

where are you man?
You asked for IT investigation and here it is. Now, Who will pay my damage I already suffered with MB Trading?

Because of their illegal activities (putting Spyware into software)
the only broker I could find in my search engine was MB Trading. This is ridiculous. Please prepare a petition to NFA and everybody in this site will sign it.

Simple-Ideas = Claim your loss as soon as possible.

Thanks again GTS for your smart work.