Web Bugs

[peakaboo]

The six links below are from Bugnosis. How many are you able to defend against?

What do you use to neutralize?


1) http://washingtonpost.com/wp-dyn/art...2001Mar14.html
Contained bugs from DoubleClick.net and Mediaplex.com. These are with an article from The Washington Post about Web bugs. informative article BTW

2) http://www.cnn.com/
Contained a bug from Netscape.com

3) http://www.bountyfamily.com/
Contained a preferences.com bug (from MatchLogic)

4) http://www.us.buy.com/
Contained bugs from DoubleClick.net and AvenueA.com

5) http://www.denverpost.com/
Contained a bug from MyComputer.com

6) http://www.mycomputer.com/
Contained bugs from Superstats.com

[Tassie_Devils]

Did not see ANY bugs. Nothing came up visiting each site, no pop-ups, no windows asking to accept whatever, nothing.

Scanned after with Spybot and AdAware6, nothing.

What was I supposed to "get" or "see" ?

[JacK]

Hello,

No problems to filter with WW but some are no webbugs, just *.gif 1x1 pixel.

Rgds,

[peakaboo]

Quote:

quoting: Tassie_Devils link=board=19;threadid=6909;start=0#46077 date=1044086379]

Did not see ANY bugs. Nothing came up visiting each site, no pop-ups, no windows asking to accept whatever, nothing.

Scanned after with Spybot and AdAware6, nothing.

What was I supposed to "get" or "see" ?

Tassie,

if you go back to the Washington Post link, there is a good explanation of what a web bug is and the malicious possibilities.

Also on the 1st page of this article, I counted about 5 web bugs from doubleclick.

Proxo can filter these, also web washer I heard, also spyblocker gets after these bugs and zaps also. Probably some other software avail which can zap. Others may want to list what they are using.

Each of the links had web bugs so if you did not filter or see 'em, maybe a good time to tighten up.

[JacK]

Quote:

quoting: peakaboo link=board=19;threadid=6909;start=0#46206 date=1044124287]
Each of the links had web bugs so if you did not filter or see 'em, maybe a good time to tighten up.

Hello,

I can see some beacons but not on all the linked pages.

Maybe some are already filtered by string with my Hosts file.
All gif 1x1 pixel are not webbugs : for instance, this one is no webbug : http://i.cnn.net/cnn/1.gif (1x1 pixel)

This one is a webbug : http://ad.doubleclick.net/activity;src=776516;type=desig750;cat=bount270;ord=7988030337178.355? (1 x 1 pixel)

Bugnonis does not identify formally webbugs but invisible pics which might be webbugs.

Rgds,

Rgds,

[peakaboo]

Quote:

quoting: JacK link=board=19;threadid=6909;start=0#46221 date=1044127877]

Quote:

Hello,

I can see some beacons but not on all the linked pages.

Maybe some are already filtered by string with my Hosts file.
All gif 1x1 pixel are not webbugs : for instance, this one is no webbug : http://i.cnn.net/cnn/1.gif (1x1 pixel)

This one is a webbug : http://ad.doubleclick.net/activity;src=776516;type=desig750;cat=bount270;ord=7988030337178.355? (1 x 1 pixel)

Bugnonis does not identify formally webbugs but invisible pics which might be webbugs.

Rgds,

Rgds,

Hi Jack,

Good point as you put it: " I can see some beacons but not on all the linked pages."

I went to the CNN page and counted 3 web bugs on the right side:

added $ at front end to make url not clickable

$http://ar.atwola.com/link/93103306/aol

$http://ar.atwola.com/link/93101912/aol

$http://ar.atwola.com/link/93103308/aol

counted many many beacons on the CNN site which did not appear to be web bugs.

Take care M8.

[peakaboo]

there is a potential malicious side of web bugs as stated in the Washington Post article, but the info below appears to show the "legitimate side or use" of web bugs. Regardless privacy and disclosure is the issue.

more info. regarding web bugs:

http://www.nthelp.com/oetest/web_bug_faq.htm <--- got the info from bellsouth.net

--- THE WEB BUG FAQ

--- 1. WHAT EXACTLY IS A WEB BUG?

A Web Bug is a graphics on a Web page or in an Email message that is
designed to monitor who is reading the Web page or Email message. Web
Bugs are often invisible because they are typically only 1-by-1 pixel in
size. They are represented as HTML IMG tags. For example, here are two
Web Bugs recently found on Quicken's home page (www.quicken.com):

<img src="http://ad.doubleclick.net/ad/pixel.quicken/NEW" width=1
height=1 border=0>

<IMG WIDTH=1 HEIGHT=1 border=0
SRC="http://media.preferences.com/ping?ML_SD=IntuitTE_Intuit_1x1_RunOfSite_A
ny&db_afcr=4B31-C2FB-10E2C&event=reghome&group=register&time=1999.10.27.20.5
6.37">

The two Web Bugs were placed on the home page by Quicken to provide
"hit" information about visitors to DoubleClick and MatchLogic (AKA,
preferences.com), two Internet advertising companies.


--- 2. WHY ARE WEB BUGS INVISIBLE ON A PAGE?

To hide the fact that monitoring is taking place.


--- 3. ARE WEB BUGS ALWAYS INVISIBLE ON A PAGE?

Not necessarily. Any graphics on a Web page that is used for monitoring
purposes can be considered a Web Bug.


--- 4. ARE ALL INVISIBLE GIF IMAGES, WEB BUGS?

No. Invisible GIF files are also used for alignment purposes on Web
pages. A Web Bug will typically be loaded from a different Web server
than the rest of the page, so they are easy to distinguish from
alignment GIF files.


--- 5. WHAT OTHER NAMES ARE WEB BUGS KNOWN BY?

The Internet advertising community prefers the more sanitized term
"clear GIF". Web Bugs are also known as "1-by-1 GIFs" and "invisible
GIFs".


--- 6. WHAT INFORMATION IS SENT TO A SERVER WHEN A WEB BUG IS VIEWED?

* The IP address of the computer that fetched the Web Bug
* The URL of the page that the Web Bug is located on
* The URL of the Web Bug image
* The time the Web Bug was viewed
* The type of browser that fetched the Web Bug image
* A previously set cookie value


--- 7. WHAT ARE SOME OF THE USES OF A WEB BUG ON A WEB PAGE?

Ad networks can use Web Bugs to add information to a personal profile of
what sites a person is visiting. The personal profile is identified by
the browser cookie of an ad network. At some later time, this personal
profile which is stored in a data base server belonging to the ad
network, determines what banner ad one is shown.

Another use of Web Bugs is to provide an independent accounting of how
many people have visited a particular Web site.

Web Bugs are also used to gather statistics about Web browser usage at
different places on the Internet.


--- 8. WHERE CAN I FIND WEB BUGS BEING USED?

* Quicken
* FedEx
* Metamucil
* Oil of Olay
* StatMarket


--- 9. HOW CAN I SEE A WEB BUG ON A PAGE?

A Web Bug can be found by viewing the HTML source code of a Web page and
searching for IMG tags. A Web Bug will typically have its HEIGHT and
WIDTH parameters in the IMG tag set to 1. Also for the tag to be a bug,
the image should be loaded from a different server then the rest of the
Web page.




--------------------------------------------------------------------------------

--- WEB BUGS IN EMAIL MESSAGES

--- 10. WHAT KINDS OF USES DOES A WEB BUG HAVE IN AN EMAIL MESSAGE?

1. A Web Bug can be used to find out if a particular Email message
has been read by someone and if so, when the message was read.
2. A Web Bug can provide the IP address of the recipient if the
recipient is attempt to remain anonymous.
3. Within an organization, A Web Bug can give an idea how often a
message is being forwarded and read.


--- 11. WHY ARE WEB BUGS USED IN "JUNK" EMAIL MESSAGES?

1. To measure how many people have viewed the same Email message in a
marketing campaign.

2. To detect if someone is viewed a junk Email message or not. People
who do not view a message are removed from the list for future mailings.

3. To synchronize a Web browser cookie to a particular Email address.
This trick allows a Web site to know the identity of people who come to
the site at a later date,


--- 12. WHAT ARE SOME OF THE EMAIL MARKETING COMPANIES WHO ARE KNOWN TO
USE WEB BUGS?

* Exactis
* Digital Impact
* Responsys


--- 13. WHAT COMPANIES HAVE USED WEB BUGS IN EMAIL MARKETING CAMPAIGNS?

* Barnes and Noble
* eToys
* Cooking.com
* Microsoft
* InfoBeat


--- 14. WHAT DO WEB BUGS IN EMAIL MESSAGES LOOK LILE?

Email Web Bugs are represented as 1-by-1 pixel IMG tags just like Web
Bugs for Web pages. However, because the sender of the message already
knows your Email address, they also include the Email address in the Web
Bug URL. The Email address can be in plain text or encrypted. For
example, here are two Web Bugs sent to me in junk Email messages:


<img width='1' height='1' src="http://www.m0.net/m/logopen02.asp?
vid=3&catid=370153037&email=SMITHS%40tiac.net" alt=" ">

<IMG SRC="http://email.bn.com/cgi-bin/flosensing?x=ABYoAEhouX">




--------------------------------------------------------------------------------

--- ADVANCED TOPICS

--- 15. IS THERE ANY METHOD OF REMOVING WEB BUGS FROM HTML PAGES?

Not really. The technical problem is that there is no method of
distinguishing Web Bugs from spacer GIFs which are used on Web pages for
aligment purposes. Your best defense against Web Bugs is to turn off
cookies. Instructions for turning off cookies can be found at the
Junkbusters Web site:

http://www.junkbusters.com/ht/en/cookies.html#disable

One note about cookies. Netscape Navigator and Internet Explorer will
still send out existing cookies after disabling cookies in the browser.
You must manually delete any cookie files on your hard drive to
eliminate being tracked by third-party ad networks.


--- 16. WHY DON'T WEB SITE PRIVACY POLICIES EVER MENTION WEB BUGS?

Good question. Clearly Web site privacy policies need to disclose the
use of Web Bugs as a minimum. Also the general practice of online
profiling by third-party ad networks should be talked about in privacy
policies. However, this important topic is rarely mentioned.


--- 17. ARE THE USE OF WEB BUGS LEGAL?

A complicated question that is best answered by a lawyer.


--- 18. ARE THE USE OF WEB BUGS UNETHICAL?

Clearly Web Bugs are controversial. Because they allow people to be
monitored, when they don't expect it, they certainly can be very
upsetting. For example, most people will likely be troubled to learn
that an outsider is tracking when they read Email.


--- 19. CAN NEWSGROUP MESSAGES BE BUGGED ALSO?

Yes. If someone is using Outlook Express or Netscape Messenger to read a
newsgroup, then Web Bugs will also work inside of HTML newsgroup
messages. A Web Bug can be used to log people who are reading messages
in particular newsgroup. Such bugs might be used for example by
investigators to track illegal activity such as trading in child
pornography and copyrighted MP3 music files. Web Bugs might also be used
to monitor people in extreme political groups.

[peakaboo]

web bugs and tracking links spotted @ yahoo.com

whoda thunk it!

http://finance.yahoo.com/q?s=%5EDJI&d=t

if they don't come up on the 1st try just hit refresh a couple times...

if ya still don't see 'em... tighten up!

Hi!

I can't get to Bugnosis site anymore. "the address cannot be found" Any idea?
I've got to update my bug analyser 'cause I get this message: "an error occured when parsing bugnosis datafile"
The address is:http://www.bugnosis.org/

[spy1]

Six for six.

What wasn't handled by OutPost (using the AGNIS-OP blocklist in the "Ads " plug-in as well as the "Active Content" plug-in), SpyBlocker took care off. Pete

[Pieter_Arntz]

This is bugging me: only 2 out of 6 ( decided to test the capabilities of Adshield 3.0 in this field)
Am I doing something wrong or is the rest not getting through the proxyserver?

Regards,

Pieter

[spy1]

That's quite possible, Pieter. In my case, SB is the "proxyserver" , so-to-speak - what's yours? Prox? Pete

[Pieter_Arntz]

Hi Pete,

I'm at work behind a "physical" proxyserver with NIS installed.
I'll give it a try at home. Did anyone ever notice the number of bugs at DSLR? It looks like PestPatrols website with Adshield on.

Regards,

Pieter

[Pieter_Arntz]

Quote:

quoting: Pieter_Arntz link=board=19;threadid=6909;start=0#54122 date=1049811834]
I'll give it a try at home.

Same result

Only the bugs on pages 2 and 4 in peakaboo´s list are found.

Regards,

Pieter

[Acadia]

Hmmmm, couldn't vote, I needed a fourth option. The web bugs that I could see were zapped by Adshield but on about half the sites I couldn't see any.

Take care, Acadia.

[notageek]

I seen web bugs ( a little gif I have Proxo showing when it spots a web bug) on 4 out of 6 pages. Proxo seems to be good at catching them. Maybe I should thighten up my web bug filter. anyone care to share a web bug filter for Proxo? LOL

[peakaboo]

Quote:

quoting: notageek link=board=19;threadid=6909;start=15#54412 date=1050014914]
I seen web bugs ( a little gif I have Proxo showing when it spots a web bug) on 4 out of 6 pages. Proxo seems to be good at catching them. Maybe I should thighten up my web bug filter. anyone care to share a web bug filter for Proxo? LOL

Hi notageek,

Original links are old, I think 2 of the 6 no longer have web bugs...

Also bugnosis looks to have gone out of cyberbusiness, that link no longer works

Finally, link to a good web bug swatter filter, by JakBeNymble post towards bottom dated 12/20/02:

http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=39

____________________

Hi "ALL",
Here is the "Web-Bug Filter" that I'm using. It's a combination of several different Web-Bug Filters, so it't not Original. But I think that You will like the results of this Filter. I've also included an animated gif.file that You will need to UnZip into Proxo's HTML folder.

[Patterns]
Name = "Super Web Bug Swatter MHG"
Active = TRUE
URL = "$TYPE(htm)"
Bounds = "<img\0src=$AV(\1)\2>"
Limit = 300
Match = "(*height=$AV([#0:6])&(*width=$AV([#0:6]))&"
"(*src=$AV((\"|)http(s|)(%3A|(%2F|/)(%2F|/)(^\h)*))*)|"
"((^*src=$AV(*.(gif|jpg|jpeg|jpe|png)))*)"
Replace = "<img src="\dhtml/lilbuzs.gif" height="25" width="25">"

Here is the gif.file: here
Have a Great & Wonderful Evening,
Safe-Surfin',
"Jak"


any way

[notageek]

Thanks Peakaboo. I don't know what happened to bugnosis. I tried their program a long time ago on my win98 system. But looks like they are gone or they changed web address. I'm gonning to check out this web bug swatter. Thanks again.

[JayK]

Some of the articles seem to be FUD.. For example . the Washington article

"I became downright alarmed after a Pittsburgh security start-up called Intelytics demonstrated a potentially malicious Web bug to a congressional panel and then, at my request, unleashed a version on two of my computers -- one at home and the other at my office. I picked up the bug by visiting Intelytics' Web site, and it managed to slip past the "fire wall" and anti-virus software that is supposed to protect both of my machines. During the test, the bug sent copies of two personal files back to Intelytics and left behind a hidden file on my hard driv"

Copies of personal files? That's some web-bug!!



Some thoughts about web-bugs

While I can see the point of web-bugs in emails (they help spammers figure out live account), this whole practice of web-bugs on webpages seems pointless.

Say I own a webpage www.mywebsite.com. When a visitor comes to my site and requests a html page, my mail server logs your visit ,ip address , date, referrer (if not blocked), etc, there is nothing you can do about it, web-bug or no.

Supposedly I'm paid by some advertising company to put a "invisible" web-bug. Basically when you load my webpage, you also load up a 1x1 gif file from the adserver, so the adserver getsa hit too, and your visit is logged since something is downloaded from the adserver, and it gets a hit in it's log files.


I'm not sure how bugnosis/adshield etc works, but I think the default proxo filters images with heights and widths less then equal to 3 pixels size.

Now, you might think it's clever to refuse to remove (or refuse to load up) 1x1 gif files, but what abt 5x5?, 10x10? Basically the "web-bug "can be any size right? It doesnt even have to be a transparent gif. It can even be a relatively informative diagram or picture right?

How is a web-bug detection script going to catch everything?

IMHO only way to be 100% protected from such web-bugs is to totally refuse to download images not from the current server (available in proxo and many browser options). That kills all web-bugs in its tracks. The original website still gets your ip, but that's unavoidable.



Is my logic flawed? Or are web-bugs more dangerous than that?

[LowWaterMark]

I agree with you JayK. I find web bugs in emails much more useful to those who place them there than those on webpages. Who ever did that first had a very clever idea to be sure. I block web bugs in emails just because I don't want some spam sender to get confirmation that I exist in case I accidentally render their message.

As for webbugs on webpages, they don't concern me much. If I choose to go to the webpage and the host of that page has content linked from other sites, well, so what. They get to log my current, highly dynamic, IP address and whatever referrer information I am allowing or faking.

As to the incredibly powerful webbugs mentioned in the article, well, I've never seen that big and strong a bug in my life. (Not being from a tropical area, I rarely see big bugs at all. )

[FluxGFX]

Still looking around but was looking for a program aside from proxo to stop webbugs....

any ideas ?

[Acadia]

I use AdShield. WebWasher also kills them and is free. I believe AdSubtact also kills them (not positive about that) but AS is not free. Good luck.

Acadia.

[FluxGFX]

Let's put it this way.....

Reverse engeneering..... can make wonders

For Educational Purpose only.

[JayK]

Quote:

quoting: LowWaterMark link=board=19;threadid=6909;start=15#msg69073 date=1056415046]


As to the incredibly powerful webbugs mentioned in the article, well, I've never seen that big and strong a bug in my life. (Not being from a tropical area, I rarely see big bugs at all. )

Such a bug if it exists wouldnt be a traditional web-bug anyway, it would be some kind of malware, sort of like driveby hijackers or trojans/viruses that exploit security flaws.

The whole story about how the web-bug could bypass his firewall and copy files off his computer could only work if the web-bug was doing somekind of browser exploit or if the user had very low security settings.

That is a serious concern, but shouldnt be lumped into the slight privacy concerns with regards to web-bugs

[JayK]

Quote:

quoting: FluxGFX link=board=19;threadid=6909;start=15#msg69076 date=1056420272]
Still looking around but was looking for a program aside from proxo to stop webbugs....

any ideas ?

If you are using mozilla, (probably other browsers have something similar) , go to

Edit-->preference--->privacy--->images

Then click the box , "accept images only from orginanting server."

That should be more effective and give you close to compelte immunity since what you don't load can't hurt you, and almost all web-bugs are images that are placed by third parties.

much better then banking on software to guess which 1x1 or whatever size gif are web-bugs.

The drawbacks of the recommended method are obvious.