Olympus-OM
[Top] [All Lists]

Re: [OM] OT: Hijacked Browsers

Subject: Re: [OM] OT: Hijacked Browsers
From: Philippe <photo.philippe.amard@xxxxxxxxx>
Date: Sat, 17 Dec 2016 21:07:50 +0100
Good!

Amities
Philippe



Le 17 déc. 2016 à 14:21, Chris Trask <christrask@xxxxxxxxxxxxx> a écrit :

>     I found the culprit in the Earthlink webmail page, thanks to a burp in 
> viewing yesterday evening.  There are two instances where the HTML code is 
> calling "Google_ad" for the top banner, left tower, and right tower:
> 
> /wam/brand/earthlink/google_ad_top_banner.jsp
> 
> and
> 
> /wam/brand/earthlink/google_ad_left_tower.jsp
> 
> and
> 
> /wam/brand/earthlink/google_ad_right_tower.jsp
> 
>     This is a somewhat innocuous function, the real culprit being Google_Ads, 
> which is downloading malware that bypasses ad blocking.  Yet another piece of 
> evidence that justifies the efforts in removing anything related to Google 
> (deGoogleisation) from my machines, the only exception being Google Earth on 
> the laptop I'm presently using.
> 
>     What worries me about this is that the activity indicator for my dialup 
> dialer showed that my machine was sending data as well as receiving during 
> these periods of activity.  That could very likely mean that Google was using 
> the pubads.js script as a means of harvesting data, for which Google has long 
> been suspected.
> 
>> 
>>    I've had this laptop running all afternoon, sitting on the webmail page 
>> all the time.  The only activity I've seen has probably been the NETTIME 
>> clock synchroniser interrogating the online NIST standard.
>> 
>>> 
>>>    Soon after I did this, I restarted the laptop and watched for any 
>>> activity.  Whenever there is a data download taking place, a small window 
>>> appears at the bottom informing you where the data is being downloaded 
>>> from.  Sure enough, there were downloads taking place from the 
>>> "securepubads.g.doubleclick.net" URL.  So, I added that to the "hosts" 
>>> file as well, then restarted and watched for any activity.
>>> 
>>>    There hasn't been any activity for almost 30 minutes, so this appears 
>>> to have put the kabosh on that intrusion.
>>> 
>> 
> 
> 
> Chris
> 
> When the going gets weird, the weird turn pro 
>     - Hunter S. Thompson
> -- 
> _________________________________________________________________
> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
> Themed Olympus Photo Exhibition: http://www.tope.nl/
> 

-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz