Yahoo Assistant

Yahoo Assistant, formerly named 3721 Internet Assistant, is a Browser Helper Object for Internet Explorer developed by Beijing 3721 Technology Co. Ltd, and was renamed to Yahoo Assistant after Beijing 3721 Technology was acquired by Yahoo.

3721 Internet Assistant, together with 3721 Chinese Keywords, are known as Spyware by Microsoft AntiSpyware, and malware or browser hijacker by some others, such as Panda Antivirus. However, Yahoo China filed a lawsuit against Beijing Sanjiwuxian Internet Technology Co. Ltd, the developer of the 360Safe antispyware for identifying Yahoo Assistant as malware in 360Safe.[1]

Distribution

[edit]

3721 Internet Assistant was originally released as a normal client-server application. However, it turned to use ActiveX technology to install itself on a client system later and was also shipped with many sharewares as default install options. 3721 Internet Assistant was also blamed for its use of a flaw in Microsoft Internet Explorer to install itself automatically when a user is browsing an array of 3721 sponsored personal and commercial websites with Microsoft Internet Explorer. Yahoo! Assistant is also included in 3721 Chinese Keywords and Yahoo! Mail Express, but sometimes the whole package of Internet Assistant, Chinese Keywords and Mail Express is named "Yahoo Assistant" in some sharewares. The company says the automatic installation ended in September 2005 and now asks user's permission before installing,[2] however, CA Inc. reported that during Yahoo! Assistant installation, extra components are installed without obtaining user's consent.[3]

This software is also bundled with the Chinese client of the CGA Gaming platform Archived 2006-10-21 at the Wayback Machine.

Features

[edit]

3721 claims 3721 Internet Assistant includes many useful features, such as IE setting repair, security shield, removal of internet history information and blocking ads. However, it installs various windows hooks that will slow down the system, and tries to install the hooks repeatedly. Some users also reported that Internet Assistant buttons reappeared immediately after their manual removal using Internet Explorer customization features, and Blue Screen of Death appeared when using Internet Assistant.

Internet Explorer extension hijacking

[edit]

3721 Internet Assistant will enable/disable other Internet Explorer extensions, except the advertisement links and extensions installed by Yahoo products.

Concealment and resistance to user termination

[edit]

3721 Internet Assistant runs under multiple rundll32.exe processes. If one of them is killed in Windows Task Manager, it will immediately be restarted by others, thereby resisting efforts by a user to terminate the application.

A driver named CnsMinKP.sys is installed with 3721 Internet Assistant, along with several hidden Windows services.

After uninstallation, several files are left on the system, but they are not visible in Windows Explorer. They can be found by using tools such as Total Commander or in the DOS box.

Removal of antispyware program

[edit]

Yahoo Assistant also removes 360Safe, an antispyware program of a competitor, without notifying the user.[4] On August 15, 2007, a Beijing court ruled this behavior as unfair competition.

Uninstall

[edit]

3721 Internet Assistant, together with 3721 Chinese Keywords, according to Interfax, are regarded by Chinese internet users as "Hooligan" or "Zombie" applications. The uninstall program of the pair provided by 3721 simply redirects users to the 3721 website (in Simplified Chinese thus not recognizable except by Chinese speakers), and the default option of the web page is to keep 3721 Internet Assistant after the uninstallation. After following the web uninstallation wizard and a reboot, many 3721 files will still remain on the client system. The pair were ranked #1 by Beijing Association of Online Media in its list of Chinese Malware at 2005.

References

[edit]
  1. ^ "Business & Financial News, U.S & International Breaking News | Reuters". Archived from the original on March 20, 2007. Retrieved August 28, 2006.
  2. ^ http://australianit.news.com.au/articles/0,7204,20420041^15841^^nbv^,00.html[permanent dead link]
  3. ^ http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93143&id=90744[permanent dead link]
  4. ^ "Yahoo上网助手自杀式破坏360safe的程序代码分析" [Yahoo Internet Assistant Destroys 360safe Program Code Analysis]. cnbeta.com. October 10, 2006. Archived from the original on July 23, 2012.
[edit]