Web Bugs

Discussion in 'polls' started by peakaboo, Jan 31, 2003.

?

How many of the web-bug related links are you able to neutralize?

  1. nuked all of em... no problem.

    5 vote(s)
    100.0%
  2. did not see any web bugs.

    0 vote(s)
    0.0%
  3. what's a web bug?

    0 vote(s)
    0.0%
Thread Status:
Not open for further replies.
  1. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    The six links below are from Bugnosis. How many are you able to defend against?

    What do you use to neutralize?


    1) http://washingtonpost.com/wp-dyn/articles/A6818-2001Mar14.html
    Contained bugs from DoubleClick.net and Mediaplex.com. These are with an article from The Washington Post about Web bugs. informative article BTW

    2) http://www.cnn.com/
    Contained a bug from Netscape.com

    3) http://www.bountyfamily.com/
    Contained a preferences.com bug (from MatchLogic)

    4) http://www.us.buy.com/
    Contained bugs from DoubleClick.net and AvenueA.com

    5) http://www.denverpost.com/
    Contained a bug from MyComputer.com

    6) http://www.mycomputer.com/
    Contained bugs from Superstats.com
     
    Last edited by a moderator: Jun 11, 2004
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Did not see ANY bugs. Nothing came up visiting each site, no pop-ups, no windows asking to accept whatever, nothing.

    Scanned after with Spybot and AdAware6, nothing.

    What was I supposed to "get" or "see" ?
     
  3. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    No problems to filter with WW but some are no webbugs, just *.gif 1x1 pixel.

    Rgds,
     
  4. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Tassie,

    if you go back to the Washington Post link, there is a good explanation of what a web bug is and the malicious possibilities.

    Also on the 1st page of this article, I counted about 5 web bugs from doubleclick.

    Proxo can filter these, also web washer I heard, also spyblocker gets after these bugs and zaps also. Probably some other software avail which can zap. Others may want to list what they are using.

    Each of the links had web bugs so if you did not filter or see 'em, maybe a good time to tighten up.
     
  5. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    I can see some beacons but not on all the linked pages.

    Maybe some are already filtered by string with my Hosts file.
    All gif 1x1 pixel are not webbugs : for instance, this one is no webbug : http://i.cnn.net/cnn/1.gif (1x1 pixel)

    This one is a webbug : http://ad.doubleclick.net/activity;src=776516;type=desig750;cat=bount270;ord=7988030337178.355? (1 x 1 pixel)

    Bugnonis does not identify formally webbugs but invisible pics which might be webbugs.

    Rgds,

    Rgds,
     
  6. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Hi Jack,

    Good point as you put it: " I can see some beacons but not on all the linked pages."

    I went to the CNN page and counted 3 web bugs on the right side:

    added $ at front end to make url not clickable

    $http://ar.atwola.com/link/93103306/aol

    $http://ar.atwola.com/link/93101912/aol

    $http://ar.atwola.com/link/93103308/aol

    counted many many beacons on the CNN site which did not appear to be web bugs.

    Take care M8.
     
  7. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    there is a potential malicious side of web bugs as stated in the Washington Post article, but the info below appears to show the "legitimate side or use" of web bugs. Regardless privacy and disclosure is the issue.

    more info. regarding web bugs:

    http://www.nthelp.com/oetest/web_bug_faq.htm <--- got the info from bellsouth.net

    --- THE WEB BUG FAQ

    --- 1. WHAT EXACTLY IS A WEB BUG?

    A Web Bug is a graphics on a Web page or in an Email message that is
    designed to monitor who is reading the Web page or Email message. Web
    Bugs are often invisible because they are typically only 1-by-1 pixel in
    size. They are represented as HTML IMG tags. For example, here are two
    Web Bugs recently found on Quicken's home page (www.quicken.com):

    <img src="http://ad.doubleclick.net/ad/pixel.quicken/NEW" width=1
    height=1 border=0>

    <IMG WIDTH=1 HEIGHT=1 border=0
    SRC="http://media.preferences.com/ping?ML_SD=IntuitTE_Intuit_1x1_RunOfSite_A
    ny&db_afcr=4B31-C2FB-10E2C&event=reghome&group=register&time=1999.10.27.20.5
    6.37">

    The two Web Bugs were placed on the home page by Quicken to provide
    "hit" information about visitors to DoubleClick and MatchLogic (AKA,
    preferences.com), two Internet advertising companies.


    --- 2. WHY ARE WEB BUGS INVISIBLE ON A PAGE?

    To hide the fact that monitoring is taking place.


    --- 3. ARE WEB BUGS ALWAYS INVISIBLE ON A PAGE?

    Not necessarily. Any graphics on a Web page that is used for monitoring
    purposes can be considered a Web Bug.


    --- 4. ARE ALL INVISIBLE GIF IMAGES, WEB BUGS?

    No. Invisible GIF files are also used for alignment purposes on Web
    pages. A Web Bug will typically be loaded from a different Web server
    than the rest of the page, so they are easy to distinguish from
    alignment GIF files.


    --- 5. WHAT OTHER NAMES ARE WEB BUGS KNOWN BY?

    The Internet advertising community prefers the more sanitized term
    "clear GIF". Web Bugs are also known as "1-by-1 GIFs" and "invisible
    GIFs".


    --- 6. WHAT INFORMATION IS SENT TO A SERVER WHEN A WEB BUG IS VIEWED?

    * The IP address of the computer that fetched the Web Bug
    * The URL of the page that the Web Bug is located on
    * The URL of the Web Bug image
    * The time the Web Bug was viewed
    * The type of browser that fetched the Web Bug image
    * A previously set cookie value


    --- 7. WHAT ARE SOME OF THE USES OF A WEB BUG ON A WEB PAGE?

    Ad networks can use Web Bugs to add information to a personal profile of
    what sites a person is visiting. The personal profile is identified by
    the browser cookie of an ad network. At some later time, this personal
    profile which is stored in a data base server belonging to the ad
    network, determines what banner ad one is shown.

    Another use of Web Bugs is to provide an independent accounting of how
    many people have visited a particular Web site.

    Web Bugs are also used to gather statistics about Web browser usage at
    different places on the Internet.


    --- 8. WHERE CAN I FIND WEB BUGS BEING USED?

    * Quicken
    * FedEx
    * Metamucil
    * Oil of Olay
    * StatMarket


    --- 9. HOW CAN I SEE A WEB BUG ON A PAGE?

    A Web Bug can be found by viewing the HTML source code of a Web page and
    searching for IMG tags. A Web Bug will typically have its HEIGHT and
    WIDTH parameters in the IMG tag set to 1. Also for the tag to be a bug,
    the image should be loaded from a different server then the rest of the
    Web page.




    --------------------------------------------------------------------------------

    --- WEB BUGS IN EMAIL MESSAGES

    --- 10. WHAT KINDS OF USES DOES A WEB BUG HAVE IN AN EMAIL MESSAGE?

    1. A Web Bug can be used to find out if a particular Email message
    has been read by someone and if so, when the message was read.
    2. A Web Bug can provide the IP address of the recipient if the
    recipient is attempt to remain anonymous.
    3. Within an organization, A Web Bug can give an idea how often a
    message is being forwarded and read.


    --- 11. WHY ARE WEB BUGS USED IN "JUNK" EMAIL MESSAGES?

    1. To measure how many people have viewed the same Email message in a
    marketing campaign.

    2. To detect if someone is viewed a junk Email message or not. People
    who do not view a message are removed from the list for future mailings.

    3. To synchronize a Web browser cookie to a particular Email address.
    This trick allows a Web site to know the identity of people who come to
    the site at a later date,


    --- 12. WHAT ARE SOME OF THE EMAIL MARKETING COMPANIES WHO ARE KNOWN TO
    USE WEB BUGS?

    * Exactis
    * Digital Impact
    * Responsys


    --- 13. WHAT COMPANIES HAVE USED WEB BUGS IN EMAIL MARKETING CAMPAIGNS?

    * Barnes and Noble
    * eToys
    * Cooking.com
    * Microsoft
    * InfoBeat


    --- 14. WHAT DO WEB BUGS IN EMAIL MESSAGES LOOK LILE?

    Email Web Bugs are represented as 1-by-1 pixel IMG tags just like Web
    Bugs for Web pages. However, because the sender of the message already
    knows your Email address, they also include the Email address in the Web
    Bug URL. The Email address can be in plain text or encrypted. For
    example, here are two Web Bugs sent to me in junk Email messages:


    <img width='1' height='1' src="http://www.m0.net/m/logopen02.asp?
    vid=3&catid=370153037&email=SMITHS%40tiac.net" alt=" ">

    <IMG SRC="http://email.bn.com/cgi-bin/flosensing?x=ABYoAEhouX">




    --------------------------------------------------------------------------------

    --- ADVANCED TOPICS

    --- 15. IS THERE ANY METHOD OF REMOVING WEB BUGS FROM HTML PAGES?

    Not really. The technical problem is that there is no method of
    distinguishing Web Bugs from spacer GIFs which are used on Web pages for
    aligment purposes. Your best defense against Web Bugs is to turn off
    cookies. Instructions for turning off cookies can be found at the
    Junkbusters Web site:

    http://www.junkbusters.com/ht/en/cookies.html#disable

    One note about cookies. Netscape Navigator and Internet Explorer will
    still send out existing cookies after disabling cookies in the browser.
    You must manually delete any cookie files on your hard drive to
    eliminate being tracked by third-party ad networks.


    --- 16. WHY DON'T WEB SITE PRIVACY POLICIES EVER MENTION WEB BUGS?

    Good question. Clearly Web site privacy policies need to disclose the
    use of Web Bugs as a minimum. Also the general practice of online
    profiling by third-party ad networks should be talked about in privacy
    policies. However, this important topic is rarely mentioned.


    --- 17. ARE THE USE OF WEB BUGS LEGAL?

    A complicated question that is best answered by a lawyer.


    --- 18. ARE THE USE OF WEB BUGS UNETHICAL?

    Clearly Web Bugs are controversial. Because they allow people to be
    monitored, when they don't expect it, they certainly can be very
    upsetting. For example, most people will likely be troubled to learn
    that an outsider is tracking when they read Email.


    --- 19. CAN NEWSGROUP MESSAGES BE BUGGED ALSO?

    Yes. If someone is using Outlook Express or Netscape Messenger to read a
    newsgroup, then Web Bugs will also work inside of HTML newsgroup
    messages. A Web Bug can be used to log people who are reading messages
    in particular newsgroup. Such bugs might be used for example by
    investigators to track illegal activity such as trading in child
    pornography and copyrighted MP3 music files. Web Bugs might also be used
    to monitor people in extreme political groups.
     
  8. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    web bugs and tracking links spotted @ yahoo.com

    whoda thunk it! :-*

    http://finance.yahoo.com/q?s=%5EDJI&d=t

    if they don't come up on the 1st try just hit refresh a couple times...

    if ya still don't see 'em... tighten up!
     
  9. Uguel 707

    Uguel 707 Guest

    Hi!

    I can't get to Bugnosis site anymore. "the address cannot be found" Any idea?
    I've got to update my bug analyser 'cause I get this message: "an error occured when parsing bugnosis datafile"
    The address is:http://www.bugnosis.org/
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Six for six.

    What wasn't handled by OutPost (using the AGNIS-OP blocklist in the "Ads " plug-in as well as the "Active Content" plug-in), SpyBlocker took care off. Pete
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    This is bugging ;) me: only 2 out of 6 ( decided to test the capabilities of Adshield 3.0 in this field)
    Am I doing something wrong or is the rest not getting through the proxyserver?

    Regards,

    Pieter
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    That's quite possible, Pieter. In my case, SB is the "proxyserver" , so-to-speak - what's yours? Prox? Pete
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi Pete,

    I'm at work behind a "physical" proxyserver with NIS installed.
    I'll give it a try at home. Did anyone ever notice the number of bugs at DSLR? It looks like PestPatrols website with Adshield on. ;)

    Regards,

    Pieter
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Same result o_O

    Only the bugs on pages 2 and 4 in peakaboo´s list are found.

    Regards,

    Pieter
     
  15. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Hmmmm, couldn't vote, I needed a fourth option. The web bugs that I could see were zapped by Adshield but on about half the sites I couldn't see any.

    Take care, Acadia.
     
  16. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I seen web bugs ( a little gif I have Proxo showing when it spots a web bug) on 4 out of 6 pages. Proxo seems to be good at catching them. Maybe I should thighten up my web bug filter. anyone care to share a web bug filter for Proxo? LOL
     
  17. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Hi notageek,

    Original links are old, I think 2 of the 6 no longer have web bugs...

    Also bugnosis looks to have gone out of cyberbusiness, that link no longer works

    Finally, link to a good web bug swatter filter, by JakBeNymble post towards bottom dated 12/20/02:

    http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=39

    ____________________

    Hi "ALL",
    Here is the "Web-Bug Filter" that I'm using. It's a combination of several different Web-Bug Filters, so it't not Original. But I think that You will like the results of this Filter. I've also included an animated gif.file that You will need to UnZip into Proxo's HTML folder.

    [Patterns]
    Name = "Super Web Bug Swatter MHG"
    Active = TRUE
    URL = "$TYPE(htm)"
    Bounds = "<img\0src=$AV(\1)\2>"
    Limit = 300
    Match = "(*height=$AV([#0:6])&(*width=$AV([#0:6]))&"
    "(*src=$AV((\"|)http(s|)(%3A|:)(%2F|/)(%2F|/)(^\h)*))*)|"
    "((^*src=$AV(*.(gif|jpg|jpeg|jpe|png)))*)"
    Replace = "<img src="\dhtml/lilbuzs.gif" height="25" width="25">"

    Here is the gif.file: here
    Have a Great & Wonderful Evening,
    Safe-Surfin',
    "Jak"


    any way
     
  18. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Thanks Peakaboo. I don't know what happened to bugnosis. I tried their program a long time ago on my win98 system. But looks like they are gone or they changed web address. I'm gonning to check out this web bug swatter. Thanks again.
     
  19. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Some of the articles seem to be FUD.. For example . the Washington article

    "I became downright alarmed after a Pittsburgh security start-up called Intelytics demonstrated a potentially malicious Web bug to a congressional panel and then, at my request, unleashed a version on two of my computers -- one at home and the other at my office. I picked up the bug by visiting Intelytics' Web site, and it managed to slip past the "fire wall" and anti-virus software that is supposed to protect both of my machines. During the test, the bug sent copies of two personal files back to Intelytics and left behind a hidden file on my hard driv"

    Copies of personal files? That's some web-bug!!

    o_O

    Some thoughts about web-bugs

    While I can see the point of web-bugs in emails (they help spammers figure out live account), this whole practice of web-bugs on webpages seems pointless.

    Say I own a webpage www.mywebsite.com. When a visitor comes to my site and requests a html page, my mail server logs your visit ,ip address , date, referrer (if not blocked), etc, there is nothing you can do about it, web-bug or no.

    Supposedly I'm paid by some advertising company to put a "invisible" web-bug. Basically when you load my webpage, you also load up a 1x1 gif file from the adserver, so the adserver getsa hit too, and your visit is logged since something is downloaded from the adserver, and it gets a hit in it's log files.


    I'm not sure how bugnosis/adshield etc works, but I think the default proxo filters images with heights and widths less then equal to 3 pixels size.

    Now, you might think it's clever to refuse to remove (or refuse to load up) 1x1 gif files, but what abt 5x5?, 10x10? Basically the "web-bug "can be any size right? It doesnt even have to be a transparent gif. It can even be a relatively informative diagram or picture right?

    How is a web-bug detection script going to catch everything?

    IMHO only way to be 100% protected from such web-bugs is to totally refuse to download images not from the current server (available in proxo and many browser options). That kills all web-bugs in its tracks. The original website still gets your ip, but that's unavoidable.



    Is my logic flawed? Or are web-bugs more dangerous than that?
     
  20. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    I agree with you JayK. I find web bugs in emails much more useful to those who place them there than those on webpages. Who ever did that first had a very clever idea to be sure. I block web bugs in emails just because I don't want some spam sender to get confirmation that I exist in case I accidentally render their message.

    As for webbugs on webpages, they don't concern me much. If I choose to go to the webpage and the host of that page has content linked from other sites, well, so what. They get to log my current, highly dynamic, IP address and whatever referrer information I am allowing or faking. :rolleyes:

    As to the incredibly powerful webbugs mentioned in the article, well, I've never seen that big and strong a bug in my life. (Not being from a tropical area, I rarely see big bugs at all. ;) )
     
  21. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Still looking around but was looking for a program aside from proxo to stop webbugs....

    any ideas ?
     
  22. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    I use AdShield. WebWasher also kills them and is free. I believe AdSubtact also kills them (not positive about that) but AS is not free. Good luck.

    Acadia.
     
  23. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Let's put it this way.....

    Reverse engeneering..... can make wonders

    For Educational Purpose only.
     
  24. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Such a bug if it exists wouldnt be a traditional web-bug anyway, it would be some kind of malware, sort of like driveby hijackers or trojans/viruses that exploit security flaws.

    The whole story about how the web-bug could bypass his firewall and copy files off his computer could only work if the web-bug was doing somekind of browser exploit or if the user had very low security settings.

    That is a serious concern, but shouldnt be lumped into the slight privacy concerns with regards to web-bugs
     
  25. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    If you are using mozilla, (probably other browsers have something similar) , go to

    Edit-->preference--->privacy--->images

    Then click the box , "accept images only from orginanting server."

    That should be more effective and give you close to compelte immunity since what you don't load can't hurt you, and almost all web-bugs are images that are placed by third parties.

    much better then banking on software to guess which 1x1 or whatever size gif are web-bugs.

    The drawbacks of the recommended method are obvious.
     
Loading...
Thread Status:
Not open for further replies.