SECURITY ALERT: Link hijacking

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Tue Jan 29 2002 - 06:51:09 MST


Many of you will remember my talk at Extro-5 where I discussed Adware that
spies on your Internet activities while you are online. These programs have
now started doing more than just spying. They are actually trying to
redirect your surfing from the links you actually click to the links they
want you to visit. This is based on Microsoft's technology built into
Internet Explorer and only affects that browser. After a public outcry,
Microsoft removed this as the default setting for their browsers, but other
companies are enabling this technology and using it anyway.

When you click on a link, they don't take you to the page you wanted.
Instead, they present their own content to you. Usually this has a link to
go to the page you really clicked, but only after you get spammed with their
advertisements or suggestions to visit their site instead.

See <http://www.scumware.com/index.html> for more information. The box that
tests your computer to see if you are infected only works on Internet
Explorer with JavaScript enabled.

--
Harvey Newstrom, CISSP <www.HarveyNewstrom.com>
Principal Security Consultant, Newstaff Inc. <www.Newstaff.com>
Board of Directors, Extropy Institute <www.Extropy.org>
Cofounder, Pro-Act <www.ProgressAction.org>


This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:12:03 MST