A little something different today that’s getting and probably going to be on the news in some fashion, but probably won’t get as large as it needs to be.
The jist of the news is that Skype has installed malware on your computer called “EasyBits Go”, claiming to be a games application of whatever sort. However, it appears that regardless of your response – whether you click the red X, click the Yes, or click the Maybe Later – the shit installs, runs, and places crap all over your computer anyways. There’s been lots of discussion on it for the timespan it’s been around (and a contrasting lack of official response from skype), so there several good explanations of ways to get rid of what seems to be all traces of the program: end the process, manual deletion of hidden files and registry, AV scanners, etc. enxk used the winhammer known as Eraser in its removal of EasyBits and recommends you to do the same, but this won’t be a tech-focused post, because this is not a tech-focused blog.
I’m interested to see whether or not, in their official statement, they’re going to say it was the result of some security failure and some hacker, or if they’re going to terminate relations with this Easy Bits thing. I don’t know much history of Skype but from what I’ve been able to glean off of google and various threads on this current incident at 4AM on a Sunday morning, it is at least the 3rd or 4th time Skype has had an Easy Bits security-related incident (one was dated november 2007, another dated june 2010). Which suggests that it is systematic and due to some kind of business relationship.
Which in turn means lulz will ensue (read: “*beep*storm”) if they say it’s a security failure.
– “rezzealaux”
This poster took the same position enxk will take (though of course, without the redundant sentence structure and incorrect dating). When enxk was looking up the problem yesterday, the writers found a post claiming to link to solutions, and then a response telling the aforementioned poster off because he clearly didn’t see that the advice was two years old. That’s interesting, isn’t it? Generally if you look up a specific combination for a problem, in this case “Skype EasyBits”, you’d expect to only find one problem and one solution from one short range of dates – unless of course, you’re talking about the government, but we all know the government isn’t from the business of fixing problems. We do not blame the former, nor the latter poster. Their banter notified us to what the quoted poster “rezzealaux” noted: this is not an isolated incident.
(In other words, Microsoft, whatever influence it may or may not have had on this incident, is definitely not a sole cause.)
Since at least 2007, (though the partnership started in 2006) “EasyBits”, “Skype”, and “Security Breach” have come together multiple times. Perhaps once, or twice, the incidents were true accidents, but at least once, or twice, they just came out and told us: “We’re in your BIOS and that’s normal”. To non tech-savvy readers, that’s more or less equivalent to saying “We’re raping you and that’s normal”. If Skype has an official press release stating that this was a security breach, we called it, and enxk advises you to uninstall Skype and wipe your hard drive in the same manner you did with EasyBits Go, and never go near Skype again at least until they have ended their partnership. If they admit that it is systematic, end their relations with this malware company, then god’s in his heaven and all’s right with the world.
In the meantime, nuke everything related to the malware with Eraser and do not touch Skype.
Update: An admin called “VoltNincs” has stated that
This latest update from EasyBits included elements of their desktop games organizer in error, but it neither installs nor un-installs correctly.
Had this been a government excuse this would’ve simply dismissed it as another part of the pack. Companies which are more subject to market forces however, well, enxk will hold them to those standards. Seeing this happen is almost like watching Star Trek where the Enterprise almost blows up every other episode. If you’re building an energy reactor which utilizes stuff that can blow up, the first thing you do is to make sure it doesn’t blow up. If you’re giving out a program for free and you’re trying to get customers to buy from you (which, as we can see from the micro-transaction model of many MMORPGs, is at least a working business method), the first thing you do is to make sure that they’re actually getting it for free. If you’re coding a password security system, it has to work so that only the password unlocks the system. If you’re coding a menu, it has to actually show up and link to all the correct places. If you’re making an installer, it has to install only if the user says yes.
People said no, they had crap put in hidden folders around their computer, their registries modified, the uninstaller in the control panel being fake, and this is an “error”? Not that it isn’t an error. Mistakes of any level of magnitude can always be called errors. It’s just that normally, “errors” refer to something in the opposite direction of “catastrophic failure”. But that’s fine. If Skype intends to use words in different ways, people will respond in different ways. If Skype wants to talk like the government, people will respond to it like it’s the government.
Except the government can tax you regardless and Skype can’t force their stuff on you without the whole tech world coming down on them. Herp derp.
We stand by our recommendation from before this press release: Go and nuke Skype out of your computer.
synthesis demon 
Skype’s Shit Is Not A Security Breach
May 29, 2011 in Commentary | Tags: EasyBits Go, Malware, Scam, Skype, trojan, virus | Leave a comment
A little something different today that’s getting and probably going to be on the news in some fashion, but probably won’t get as large as it needs to be.
The jist of the news is that Skype has installed malware on your computer called “EasyBits Go”, claiming to be a games application of whatever sort. However, it appears that regardless of your response – whether you click the red X, click the Yes, or click the Maybe Later – the shit installs, runs, and places crap all over your computer anyways. There’s been lots of discussion on it for the timespan it’s been around (and a contrasting lack of official response from skype), so there several good explanations of ways to get rid of what seems to be all traces of the program: end the process, manual deletion of hidden files and registry, AV scanners, etc. enxk used the winhammer known as Eraser in its removal of EasyBits and recommends you to do the same, but this won’t be a tech-focused post, because this is not a tech-focused blog.
– “rezzealaux”
This poster took the same position enxk will take (though of course, without the redundant sentence structure and incorrect dating). When enxk was looking up the problem yesterday, the writers found a post claiming to link to solutions, and then a response telling the aforementioned poster off because he clearly didn’t see that the advice was two years old. That’s interesting, isn’t it? Generally if you look up a specific combination for a problem, in this case “Skype EasyBits”, you’d expect to only find one problem and one solution from one short range of dates – unless of course, you’re talking about the government, but we all know the government isn’t from the business of fixing problems. We do not blame the former, nor the latter poster. Their banter notified us to what the quoted poster “rezzealaux” noted: this is not an isolated incident.
(In other words, Microsoft, whatever influence it may or may not have had on this incident, is definitely not a sole cause.)
Since at least 2007, (though the partnership started in 2006) “EasyBits”, “Skype”, and “Security Breach” have come together multiple times. Perhaps once, or twice, the incidents were true accidents, but at least once, or twice, they just came out and told us: “We’re in your BIOS and that’s normal”. To non tech-savvy readers, that’s more or less equivalent to saying “We’re raping you and that’s normal”. If Skype has an official press release stating that this was a security breach, we called it, and enxk advises you to uninstall Skype and wipe your hard drive in the same manner you did with EasyBits Go, and never go near Skype again at least until they have ended their partnership. If they admit that it is systematic, end their relations with this malware company, then god’s in his heaven and all’s right with the world.
In the meantime, nuke everything related to the malware with Eraser and do not touch Skype.
Update: An admin called “VoltNincs” has stated that
Had this been a government excuse this would’ve simply dismissed it as another part of the pack. Companies which are more subject to market forces however, well, enxk will hold them to those standards. Seeing this happen is almost like watching Star Trek where the Enterprise almost blows up every other episode. If you’re building an energy reactor which utilizes stuff that can blow up, the first thing you do is to make sure it doesn’t blow up. If you’re giving out a program for free and you’re trying to get customers to buy from you (which, as we can see from the micro-transaction model of many MMORPGs, is at least a working business method), the first thing you do is to make sure that they’re actually getting it for free. If you’re coding a password security system, it has to work so that only the password unlocks the system. If you’re coding a menu, it has to actually show up and link to all the correct places. If you’re making an installer, it has to install only if the user says yes.
People said no, they had crap put in hidden folders around their computer, their registries modified, the uninstaller in the control panel being fake, and this is an “error”? Not that it isn’t an error. Mistakes of any level of magnitude can always be called errors. It’s just that normally, “errors” refer to something in the opposite direction of “catastrophic failure”. But that’s fine. If Skype intends to use words in different ways, people will respond in different ways. If Skype wants to talk like the government, people will respond to it like it’s the government.
Except the government can tax you regardless and Skype can’t force their stuff on you without the whole tech world coming down on them. Herp derp.
We stand by our recommendation from before this press release: Go and nuke Skype out of your computer.