Original URL: https://www.theregister.com/2003/12/09/can_you_say_ncase/

Can you say n-CASE?

It lurks on your computer too

By Jan Libbenga

Posted in Legal, 9th December 2003 09:34 GMT

One day we were happily surfing away, when all of a sudden a couple of web sites began to pop up, apparently from nowhere. We were stunned. Didn't we install a popup killer to prevent this from happening?

A quick inspection learned that the culprit was n-CASE, "a small application that is downloaded to your computer and runs in the background looking to show websites with information, offers and products that match keywords you are looking for", to cite the firm behind it.

Small application? It had swollen to a beast of 1.5 MB, Microsoft's process viewer showed. What was it sucking up?

According to some sites, n-CASE generates a log of your surfing activity, including the web pages you visit and in which order you visit them. The log is then uploaded to the n-Case server and used to open advertisements that fit your preferences.

We have to admit: n-Case seems pretty mild compared to other spyware. Some infected machines are known to have their start page and search bar reset to a company's home page and some parasites even mutate their filenames randomly as they are installed, so they can’t be detected. A couple of months ago, another piece of spyware broke our TCP/IP (internet) connection, so we had to re-install Windows.

n-Case isn't exactly hiding. It has its own webpage, but the company doesn’t provide a phone number or postal address, perhaps to avoid direct confrontation from users. The Whois database reveals that n-Case is located in the state of Washington and is part of 180solutions.com.

According to a recent MSNBC article, n-Case has quietly been installed on some 21 million computers around the world. The company says it is expecting to make $18 million in revenue this year and signed up big advertisers such as eBay.com and Dell.

n-CASE comes bundled with freeware, as programmers earn 7 cents for each time a consumer downloads and installs n-CASE. Which explains how it got installed on our machine without our consent. "Users must opt-in in order to receive n-CASE," 180Solutions persists, but could it be that some freeware writers put n-CASE on PCs furtively, so they can make more money? We never saw an opt-in screen.

180Solutions also claims that a typical n-CASE user is shown two to three websites over a 24-hour period, but we got a lot more than that. One user says that he was highly concerned about the sheer volume of data transmitted to his computer - which "didn't seem compatible with their claims of small amounts of data gathered". He also noticed additional component programs, which tried to add themselves to the startup menu.

n-Case does offer an uninstaller for its Trojan, but it warns that "uninstalling n-CASE will prevent you from seeing products and offers that you might miss out on the next time you are searching or shopping online".

Meanwhile, the Center For Democracy and Technology in Washington D.C. has just released a report, criticising spyware for deceiving consumers and wreaking havoc with their computers. ®