Unlike most conventional spyware, imrworldwide.com's Red Sheriff is loaded as a Java applet embedded in a Web page you visit.
Once loaded, it sends information about your Internet usage (how long the page took to load, how long you stayed, etc.) to the parent company, supposedly bypassing firewalls, cookie blockers and the like.
A number of Internet Service Providers have begun including Red Sheriff on their start pages, which are programmed to load every time the user logs on to the Internet.
Currently, the Red Sheriff program is billed as a reporting tool to measure how visitors use a Web site, kind of like an access_log reader with some extra frills.
Previously, the Red Sheriff product page (cached) was more obscure about what kind of information was collected, suggesting access to surfing habits beyond the original Web site containing the Red Sheriff applet, and bragging of its ability to get past personal firewalls and cookie crunchers.
Known (former/current) users of Sheriff: ninemsn.com.au
Bigpond/Telstra Internet Services
NZDating - New Zealands premier NZ dating and friendship service
Peakhour (
Welcome to Peakhour : Mobile Phone Accessories and Personal Technology,
http://www.peakhour.net.au/ Welcome to Peakhour : Mobile Phone Accessories and Personal Technology
BBC.co.uk
-----------------------------------------
You can block Red Sheriff ad servers in the hosts file.
If you are using a Windows NT / 2000 / XP machine, your hosts file will most
likely be located in the following path:
c:\windows\system32\drivers\etc\hosts
For Windows 95 and 98, your hosts file will most likely be located in the
following path:
c:\windows\hosts
You need to edit the aforementioned file using a text editor (e.g:
notepad.exe) and add the following lines:
server list updated Apr 3
127.0.0.1 dk.imrworldwide.com
127.0.0.1 fe-au.imrworldwide.com
127.0.0.1 fe1-au.imrworldwide.com
127.0.0.1 fe1-fi.imrworldwide.com
127.0.0.1 fe1-it.imrworldwide.com
127.0.0.1 fe2-au.imrworldwide.com
127.0.0.1 fe2-gc.imrworldwide.com
127.0.0.1 fe3-au.imrworldwide.com
127.0.0.1 fe3-gc.imrworldwide.com
127.0.0.1 fe3-uk.imrworldwide.com
127.0.0.1 fe4-uk.imrworldwide.com
127.0.0.1 imrworldwide.com
127.0.0.1 lycos-eu.imrworldwide.com
127.0.0.1 ninemsn.imrworldwide.com
127.0.0.1 rc-au.imrworldwide.com
127.0.0.1 redsheriff.com
127.0.0.1 secure-au.imrworldwide.com
127.0.0.1 secure-uk.imrworldwide.com
127.0.0.1 secure-us.imrworldwide.com
127.0.0.1 secure-jp.imrworldwide.com
127.0.0.1 server-au.imrworldwide.com
127.0.0.1 server-br.imrworldwide.com
127.0.0.1 server-by.imrworldwide.com
127.0.0.1 server-ca.imrworldwide.com
127.0.0.1 server-de.imrworldwide.com
127.0.0.1 server-dk.imrworldwide.com
127.0.0.1 server-ee.imrworldwide.com
127.0.0.1 server-fi.imrworldwide.com
127.0.0.1 server-fr.imrworldwide.com
127.0.0.1 server-hk.imrworldwide.com
127.0.0.1 server-it.imrworldwide.com
127.0.0.1 server-jp.imrworldwide.com
127.0.0.1 server-lt.imrworldwide.com
127.0.0.1 server-lv.imrworldwide.com
127.0.0.1 server-no.imrworldwide.com
127.0.0.1 server-
nz.imrworldwide.com
127.0.0.1 server-pl.imrworldwide.com
127.0.0.1 server-ru.imrworldwide.com
127.0.0.1 server-se.imrworldwide.com
127.0.0.1 server-sg.imrworldwide.com
127.0.0.1 server-stockh.imrworldwide.com
127.0.0.1 server-ua.imrworldwide.com
127.0.0.1 server-uk.imrworldwide.com
127.0.0.1 server-us.imrworldwide.com
127.0.0.1 telstra.imrworldwide.com
127.0.0.1
www.telstra.imrworldwide.com
127.0.0.1
www.imrworldwide.com
127.0.0.1
imrworldwide.com.au
127.0.0.1
www.redsheriff.com
Adding the above lines will redirect all traffic collected by RedSheriff to
your own PC, thus excluding you from RedSheriff data collection.