[24hoursupport] Re: security concern

  • From: Ron Allen <chizotz@xxxxxxxxxxx>
  • To: Christian <24hoursupport@xxxxxxxxxxxxx>
  • Date: Tue, 22 Apr 2003 23:57:33 -0500


Hello Christian,

I am not a JavaScript expert as such, but I am a professional
programmer and know enough to dissect this script.

This script in and of itself is not trying to do anything directly to
your computer, meaning it makes no attempt to cause direct harm such
as formatting the drive or anything like that. It does try to do a
couple of semi-indirect things that, in
my opinion, are slimy at best and at worst could open you up to
various problems.

First, the program resizes the browser window it is running in to make
it essentially invisible on the screen as well as non-resizable and

Next, once the window is invisible so the user can't see what's going
on, it attempts to load a Gator program that would give you some kind
of time-setting utility and, while it was at it, install spyware on
your computer so that Gator could track your movements around the web,
apparently in conjunction with another advertising company, Adtegrity.
If you permitted the installation, when you went to web sites that use
Gator or Adtegrity advertising banners that the banners you saw would
be targeted at you based on the information they had collected about
your web habits. If you have your security setting set high enough, as
you should have for web surfing, you would get a warning box which
would allow you to not allow the install. If you did not get the
warning box, or if you clicked on "OK" to install the utility, you
might have this software installed now.

Back to what the program does. Once the above step is complete, a
one-pixel image known as a "web bug" is loaded. That lets them know,
unfortunately, a lot about you already, such as your IP address and
from that what ISP you use and what web page you were viewing when the
web bug was downloaded. There isn't a whole lot they can do with that
information, and even though they got your IP address they didn't get
anything truly personally identifiable as yours (unless you have DSL,
cable, or otherwise have a static IP address; if you use a dial-up
ISP, your IP address changes every time you log on).

So there you have it. You should be aware that the real culprit, in my
opinion, is the greeting card site that allows Gator and other
companies of their ilk to use their site to propagate Gator spyware
and other atrocities. Gator couldn't do this without the explicit help
and cooperation of web sites like that one.

Hope that answers your question :)


Tuesday, April 22, 2003, 9:31:10 PM, you wrote:
C> Hi! 
C> on http://www.all-yours.net/ (greeting cards website) when clicking on 
thumbnails images for a greeting cards a webpage open and behave funny in the 
bottom of the screen ,we cannot open it full
C> screen it's stay minimize.
C> By my history I manage to know the web URL it is 
C> and I copy the source here, do you know what this webpage intend to do by 
reading the script ?

For a web-based membership management utility and information on list policies, 
please see http://nibec.com/24hoursupport/

To unsubscribe, send a blank email to 24hoursupport-request@xxxxxxxxxxxxx with 
"unsubscribe" (without quotes) in the subject.

Other related posts: