<P>Ever go to the Music City Morpheus chat and get barraged by popup ads? Well, it happens there was popup ad code embedded into the Java Chat. Turns out it was put in there by a user named--> Kayaman. lol. And all this time he was getting ad clicks. <P>

Here's the info: <P>

You know how when you went to http://chat.musiccity.com that all these annoying popup ads came up in your face? For things like cellphones and whatnot...<P>

Well upon tracking the source of these ads, it turns out that the chat page opened several session connections to the IP of www.popuptraffic.com, also media.popuptraffic.com. This turns out to be a notorious popup ad/spam site that is on many spam 'BlackLists' including anti-spam sites that supply lists of sites to block out in your HOSTS file. (see <a href="http://www.smartin-designs.com" target="_blank">http://www.smartin-designs.com</a> for how to block ad/popup/spam sites ) <P>

So ok, I thought musiccity morpheus was doing it. Nope.<P>

MusicCity's Morpheus chat was admin'd by a person named Kayaman who recently also started a competing chat server called p2pchat.org. p2pchat.org was supposed to be the spillover chat where people could chat about various p2p clients and touted as being against spyware. It is also home of chat rooms for p2p clients such as xolox, a simple gnutella p2p program. And is populated by many ops from the Morpheus chat.<P>

Well, The music city chat server has been rumored to be shutting down for a while now, but a few hours ago it just happened. <P>

The morpheus chat just changed, morpheus chat is now gone, and users are now routed to p2pchat.org. That's how the spyware in the java chat revealed itself. Here's how...<P>

For the switchover, the Webmaster ConferenceRoom java chat was replaced by Kayaman's own JAVA CHAT. Inspecting the code put there, revealed it. Right clicking on the page you can VIEW the SOURCE CODE. And hidden in the source code of the page was this:<P>

&lt;SCRIPT LANGUAGE="JavaScript" src="http://www.popuptraffic.com/assign.php?l=kayaman&mode=behind"&gt;<P>

&lt;SCRIPT LANGUAGE="JavaScript" src="http://www.popuptraffic.com/assign.php?l=kayaman"&gt;&lt;/script&gt;<P>

If you don't know what that means, that is the code that spews those cellphone popup ads from popuptraffic.com in your face when you go to morpheus chat. But look at the end... Notice it doesn't say MusicCity at the end. It says 'l=kayaman'. It turns out that Kayaman put *himself* as the affiliate. --So all this time, while touting NoSpyware and ad free systems, he was secretly getting ad impression credits from you. LOL.<P>

By the way, I looked for the user and tried to contact them in the chat server, but upon getting no answer I posted the spyware info into the chat rooms to tell everyone. Upon Kayaman seeing it in the chat room, I was killed off the server with the following message:<P>

*** You were killed by KayaMan (irc2!netadmin.p2pchat.org!KayaMan (learn the difference between a popup and spyware))<P>

LOL.<P>

-Notice that it doesn't say "No. There's nothing there." but rather he seems to be admitting it and just arguing whether or not it's popups or spyware. In any case, you can argue over definitions if you like, but I'd say anything that is hidden code and is embedded secretly, pops up ads at you, and directs revenue credits to someone is not too good no matter what term you want to use for it. <P>

By the way, Kayaman says he is NOT an employee of music city. Although he does administer their chat and have the keys to edit and manipulate their website to add his own name in there for revenue credits, and direct people to his new p2pchat server. <P>

Whether or not someone deserves or does not deserve ad revenue, the fact that it was hidden and designed to launch popup ads by someone who at all other times was vocal against such things is a little questionable. <P>

As soon as I revealed the popup ad code and that the credit was going to Kayaman, the site was quickly edited to prohibit RIGHT-CLICKING to view the source code, and the ad code was edited out. LOL!<P>

But here is what it was:<P>


&lt;HTML&gt;&lt;HEAD&gt;<BR>
&lttitle&gt;. . MusicCity - Java Client . .&lt;/title&gt<BR>
&;ymeta http-equiv="content-type" content="text/html; charset=iso-8859-1" /zzzzzzzzzzzzzzzzzzzz&gt;<BR>
&gt;meta http-equiv="Content-Language" content="en-us" /&gt;<BR>
&gt;meta name="robots" content="none" /&lt;<P>

&gt;SCRIPT LANGUAGE="JavaScript" <BR>
src="http://www.popuptraffic.com/assign.php?l=kayaman&mode=behind"&gt;<BR>
&lt;/script&gt;<BR>
&lt;SCRIPT LANGUAGE="JavaScript" src="http://www.popuptraffic.com/assign.php?l=kayaman">&lt;/script&gt;<P>

&lt;/HEAD&gt; <p>


&lt;body class=background bgcolor="#FFFFFF" text="#828282" <BR>
link="#669999" vlink="#669999" topmargin="1" &gt;<BR>
&lt;script language=JavaScript&gt;<BR>
&lt;!--
var message="";
/////////////////////////////////// <BR>
function clickIE() {if (document.all) {(message);return false;}} <BR>
function clickNS(e) {if <BR>
(document.layers||(document.getElementById&&!docum ent.all)) { <BR>
if (e.which==2||e.which==3) {(message);return false;}}} <BR>
if (document.layers)<BR>
{document.captureEvents <BR>(Event.MOUSEDOWN);document.onmousedown=clickNS ;}<BR>
else{document.onmouseup=clickNS;document.oncontext menu=clickIE;} <BR>

document.oncontextmenu=new Function("return false")<BR>
// --&gt;<BR>
&lt;/script&gt;<BR>
&lt;center&gt;<BR>
&lt;****** border=0 height=450 FRAMEBORDER="0" width=665 <BR>
MARGINHEIGHT=0 MARGINWIDTH=0 SCROLLING=Yes <BR>
NORESIZE scrolling=no src="http://www.p2pchat.org/mchat.htm"&gt;&lt;/******&gt<BR>
&lt;center&gt;<BR>
&lt;/body&gt;<BR>
&lt;/html&gt;<BR>
<P>
<P>

And here's how the code appears on the chat page...<P>

****

Hmmm, Kayaman also has XOLOX using his java chat code. I wonder what kind of stuff is in now embedded in XOLOX chat... ?<P>

-Helen Brocke<P>

[edit note: this post contained HTML code which caused pop ups, this is a sort of spamming]