Olympus-OM
[Top] [All Lists]

Re: [OM] OT: Hijacked Browsers

Subject: Re: [OM] OT: Hijacked Browsers
From: Chris Trask <christrask@xxxxxxxxxxxxx>
Date: Tue, 20 Dec 2016 10:36:54 -0700 (GMT-07:00)
     This became a bit more interesting yesterday.  I had the Earthlink webmail 
page open and observed that there was a lot of data activity taking place.  I 
quickly unlugged the telephone cord and a couple of panels appeared at the top 
and right of the screen saying that it was unable to connect to 
blah.blah.blah.googleads.com.

     Aha!  I added that root URL to the hosts file this morning and have yet to 
see any activity.  My guess here is that when the webpage contacts Google, 
Googleads.com sends down a URL for my laptop to contact.  Putting a block on 
that might be the best overall way to handle this.

     Now I have a question:  Anyone here know of a utility that will record the 
URLs that our machines are downloading from, or perhaps a utility that records 
the URLs that the hosts file blocks?

>
>     It was an interesting investigation.  I tried using the same approach 
> with the annoying ads on the right side of Facebook pages, but it didn't work.
>
>>
>>Good!
>>
>>>     I found the culprit in the Earthlink webmail page, thanks to a 
>>>burp in viewing yesterday evening.  There are two instances where the 
>>>HTML code is calling "Google_ad" for the top banner, left tower, and 
>>>right tower:
>>> 
>>> /wam/brand/earthlink/google_ad_top_banner.jsp
>>> 
>>> and
>>> 
>>> /wam/brand/earthlink/google_ad_left_tower.jsp
>>> 
>>> and
>>> 
>>> /wam/brand/earthlink/google_ad_right_tower.jsp
>>> 
>>>     This is a somewhat innocuous function, the real culprit being 
>>>Google_Ads, which is downloading malware that bypasses ad blocking.  
>>>Yet another piece of evidence that justifies the efforts in removing 
>>>anything related to Google (deGoogleisation) from my machines, the 
>>>only exception being Google Earth on the laptop I'm presently using.
>>> 
>>>     What worries me about this is that the activity indicator for my 
>>>dialup dialer showed that my machine was sending data as well as 
>>>receiving during these periods of activity.  That could very likely 
>>>mean that Google was using the pubads.js script as a means of harvesting 
>>>data, for which Google has long been suspected.
>>> 
>>
>
>Chris
>
>When the going gets weird, the weird turn pro 
>     - Hunter S. Thompson


Chris

When the going gets weird, the weird turn pro 
     - Hunter S. Thompson
-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz