ML Archiv: Re: [OM] OT: Hijacked Browsers

Subject:	Re: [OM] OT: Hijacked Browsers
From:	Chris Trask <christrask@xxxxxxxxxxxxx>
Date:	Sat, 17 Dec 2016 06:21:34 -0700 (GMT-07:00)

     I found the culprit in the Earthlink webmail page, thanks to a burp in 
viewing yesterday evening.  There are two instances where the HTML code is 
calling "Google_ad" for the top banner, left tower, and right tower:

/wam/brand/earthlink/google_ad_top_banner.jsp

and

/wam/brand/earthlink/google_ad_left_tower.jsp

and

/wam/brand/earthlink/google_ad_right_tower.jsp

     This is a somewhat innocuous function, the real culprit being Google_Ads, 
which is downloading malware that bypasses ad blocking.  Yet another piece of 
evidence that justifies the efforts in removing anything related to Google 
(deGoogleisation) from my machines, the only exception being Google Earth on 
the laptop I'm presently using.

     What worries me about this is that the activity indicator for my dialup 
dialer showed that my machine was sending data as well as receiving during 
these periods of activity.  That could very likely mean that Google was using 
the pubads.js script as a means of harvesting data, for which Google has long 
been suspected.

>
>     I've had this laptop running all afternoon, sitting on the webmail page 
> all the time.  The only activity I've seen has probably been the NETTIME 
> clock synchroniser interrogating the online NIST standard.
>
>>
>>     Soon after I did this, I restarted the laptop and watched for any 
>>activity.  Whenever there is a data download taking place, a small window 
>>appears at the bottom informing you where the data is being downloaded 
>>from.  Sure enough, there were downloads taking place from the 
>>"securepubads.g.doubleclick.net" URL.  So, I added that to the "hosts" 
>>file as well, then restarted and watched for any activity.
>>
>>     There hasn't been any activity for almost 30 minutes, so this appears 
>>to have put the kabosh on that intrusion.
>>
>


Chris

When the going gets weird, the weird turn pro 
     - Hunter S. Thompson
-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [OM] OT: Hijacked Browsers, (continued) Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Ken Norton Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Ken Norton Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Ken Norton Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Chris Trask <= Re: [OM] OT: Hijacked Browsers, Philippe Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Philippe Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Philippe Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Michael R. Collins Re: [OM] OT: Hijacked Browsers, Chris Trask Re: [OM] OT: Hijacked Browsers, Mike Lazzari

Previous by Date:	Re: [OM] OT: Protecting my email from spammers, Bob Whitmire
Next by Date:	Re: [OM] OT: Protecting my email from spammers, Rick Beckrich
Previous by Thread:	Re: [OM] OT: Hijacked Browsers, Chris Trask
Next by Thread:	Re: [OM] OT: Hijacked Browsers, Philippe
Indexes:	[Date] [Thread] [Top] [All Lists]