Date: Tue, 08 Feb 2005 18:39:48 +0000 From: Mark Ovens <marko@freebsd.org> To: Frank Shute <frank@esperance-linux.co.uk> Cc: FreeBSD chat <freebsd-chat@freebsd.org> Subject: Re: Spyware on FreeBSD!? Message-ID: <42090774.2070805@freebsd.org> In-Reply-To: <20050208181532.GA8508@peach.veggie.com> References: <20050208181532.GA8508@peach.veggie.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Frank Shute wrote: > Bad news, looks like my machine has been infected with some Spyware. > > I noticed that on surfing to: http://news.bbc.co.uk/ or anything under > that domain, I was getting some outgoing activity and Firefox was > after a URL (as shown by the status bar) somewhere under the domain: > > http://bbcnewscouk.112.2o7.net/ > > A quick Google on 2o7.net confirmed my worst fears: spyware! > > and a 2o7.net cookie planted on my machine. > > I cached some pages in my proxy <excerpt>: > > http://bbcnewscouk.112.2o7.net/b/ss/bbcnewscouk/1/G.7-Pd-R/s68107022286455?purl=http%3A%2F%2Fnews.bbc.co.uk%2F&pccr=true&%5BAQB%5D&ndh=1&t=8/1/2005+2:21:56+2+0&cdp=3&pageName=BBC+NEWS+|+News+Front+Page&g=http://news.bbc.co.uk/&cc=GBP&c1=1&s=1152x864&c=24&j=1.3&v=N&k=Y&bw=1129&bh=543&p=Default+Plugin%3B&%5BAQE%5D > > http://bbcnewscouk.112.2o7.net/b/ss/bbcnewscouk/1/G.7-Pd-R/s68107022286455?purl=http://news.bbc.co.uk/&pccr=true&%5BAQB%5D&ndh=1&t=8/1/2005+2:21:56+2+0&cdp=3&pageName=BBC+NEWS+|+News+Front+Page&g=http://news.bbc.co.uk/&cc=GBP&c1=1&s=1152x864&c=24&j=1.3&v=N&k=Y&bw=1129&bh=543&p=Default+Plugin%3B&%5BAQE%5D > > Looks like some sort of perl script which returns a 2x2 gif, whilst > harvesting your browsing habits (and screen & windowsize - by calling > Javascript functions in Firefox?) > % whois 2o7.net [....] Registrant: Omniture, Inc. (2O41-DOM) 550 East Timpanogos Cir Building G Orem, UT 84097 US From BBC's Privacy and Cookies Policy (there's a link at the bottom of the main page) http://www.bbc.co.uk/privacy/ 2. Visitor Information [....] "The BBC also uses a company called Omniture to track and analyse non-personally identifiable usage and statistical information about volume of visitors to the BBC News pages on bbc.co.uk in order to measure the effectiveness of the BBC News web pages and improve services to users. Please note that this is not personal information, only general summaries of the activities of visitors to bbc.co.uk. If you wish to reject the Omniture cookies, you can use the process set out below in point 7. Further information regarding Omniture's privacy statement can be found at http://www.omniture.com/policy.html#cookies." Blocking the cookies does not stop the site working. Regards, Mark --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0506-0, 08/02/2005 Tested on: 08/02/2005 18:39:49 avast! - copyright (c) 2000-2004 ALWIL Software. http://www.avast.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42090774.2070805>