Does anyone know how this works?

Forum Moderators: open

Message Too Old, No Replies

Does anyone know how this works?

linkshark

6:17 pm on Apr 27, 2001 (gmt 0)

I was surfing aaddultt pages looking for new javascripts and found a page that executes a "stealth bookmark" through <iframe> tags(1 x 1 pixel) that places stealth favorites in IE. It goes under the disguise of "www.domain.com/hitcount.html?account=site" but installs 2 favorites (1 is the site and 1 is the sponsor) w/o the users knowledge (unless you surf w/ the favorites window open).

How is this done?

Xoc

6:14 am on Apr 29, 2001 (gmt 0)

The following code should add a favorite to the IE favorites, but it is supposed to ask you first if it can do that. I haven't used it, just found it from the Microsoft web site while looking for something else.


<SCRIPT>
<!--
if ((navigator.appVersion.indexOf("MSIE") > 0)
 && (parseInt(navigator.appVersion) >= 4)) {
 document.write("<U>
  <SPAN STYLE='color:blue;cursor:hand;'
  onclick='window.external.AddFavorite(location.href, document.title);'>
Add this page to your favorites</SPAN>
 </U>");
}
//-->
</SCRIPT>

tedster

6:48 am on Apr 29, 2001 (gmt 0)

Just guessing here --

I'm wondering what would happen in the code Xoc posted if the onClick event handler was replaced with something more common than a click, say, onMouseOver. And the SPAN was not text but a clear gif that stretched the length of the page on the right hand side, where the cursor is most likely to be.

If that works, it's still devious and invasive, but at least it's not a total security hole. I really hope there's no way to place a favorite without any user action at all (for instance, onLoad)

Xoc

6:58 am on Apr 29, 2001 (gmt 0)

The critical code is:


window.external.AddFavorite(location.href, document.title);

So if you put that on an onLoad, it should actually try to add it to your favorites. But it is supposed to ask you first. I'm too jet-lagged right now to try it.

theperlyking

10:27 am on Apr 29, 2001 (gmt 0)

I once noticed that a site both added itself to my bookmarks and changed my home page to itself without even asking:(
To make it more disturbing i'd been looking at a computer security related page that had a risque ad pop up, it was this pop up that seemed to have done it and.... my home page was now a porn site!

linkshark

2:01 pm on Apr 29, 2001 (gmt 0)

This works but still asks for a user prompt alert box:

<SCRIPT>
//window.external.ImportExportFavorites(1,"c:\\fav.imp");
window.external.ImportExportFavorites(1,"http://www.domain.com/fav.imp");
</SCRIPT>

In another file fav.imp
(netscape bookmark file)

<!DOCTYPE NETSCAPE-Bookmark-file-1>
<DL>
<DT><A HREF="********URL HERE********">TITLE</A>
<DT><A HREF="*********URL HERE************">TITLE</A>
</DL>

But this asks for a prompt similar to the "set your home page to xyz.com" alert box. Must be missing something that keeps it stealth. Definitely some sort of hackkkkk. That site I found that imported the favorites had no alert box and the whole thing operated from 1x1 <Iframes> without user knowledge.

Source: [guninski.com...]