Malware Cookies?

Discussion in 'malware problems & news' started by treehouse786, Mar 27, 2012.

Thread Status:
Not open for further replies.
  1. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    malware cookies?

    :rolleyes:
     

    Attached Files:

  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    maybe, as in the cookies that are not wanted or associated with malware etc etc
     
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  4. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    i disagree with the above statements as i received those cookies visiting well known trusted websites and even if i did visit dodgy sites the cookies listed in that log are not harmful in any way.

    with regards to this quote
    that analogy can be applied to any file on ones computer. personally i just think its scare mongering as that result log is from panda's online scanner and the same system scanned with panda cloud did not class the cookies as malware as there is no need to scare monger when a client is already using panda cloud ;)

    but hey, what do i know
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Many people probably don't know about the existence of cookies (web browsers do allow them by default... so... :D), and millions of users could have their systems infested with tracking cookies?

    Maybe they shouldn't be tagged as being malware. But, maybe it comes from maliciously aware - tracking companies are maliciously aware that they're tracking you. :D
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    You certainly don't have to visit dodgy sites to pick up cookies from third party advertising firms that use those cookies to track your web wanderings and profile you. On one hand the term 'malware' doesn't seem to fit well, but on the other hand such cookies are most definitely considered harmful to those attempting to minimize their exposure to such tracking and profiling.
     
  7. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    i have third party cookies disabled so is it possible that they still got through? however i understand the word malware means (malicious software) and i would never class cookies as malware no matter how paranoid i am.

    cheers for the info fellas
     
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    That's makes it fun and interesting. You have a mystery to solve :)

    If you (still) have them I would inspect them in order determine if they are in fact ordinary cookies (vs local storage object, flash LSOs) and what domains they were set for.

    I would probably try to find a sophisticated third-party cookie setting test tool and make sure you browser passes all of the tests.

    It wasn't long ago that there were various reports about Google and other's bypassing third party cookie blocking features of some browsers. You might look into if/how yours was involved.

    If you are using Windows and those were IE cookies, perhaps it is possible you acquired them when a program on your computer used the Web Browser Control(?).

    Perhaps you got hit when clicking on an ad, clicking on a switcheroo link, something like that?

    I can't think of one off the top of my head, but maybe there is a cookie blocker that allows you setup a trigger to detect the setting of a cookie for a specific domain and it will alert you if that specific trigger fires. You could set one up and see if you can zero on in specifically what causes you to get the cookie of interest. Without having to endure alerts for cookies that aren't of interest.
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Not that long ago... Shameful behavior! :mad: :thumbd:

    You know, there's something rather funny with Internet Explorer 9 and Tracking Protection Lists... or maybe something else was involved... No idea... But, the other day I was making some search in a relative's laptop, using Internet Explorer 9 with a few TPLs.

    I know that if you have all cookies blocked, but if a TPL allows communication to a given domain, then the cookie will still be set.

    I don't know if it was related to this, as I still didn't have time and availability to research all the TPLs in my relative's laptop, but I went to -https://secure.dshield.org and according to their own test, and according to IE's own privacy tool, cookies were being allowed from -https://secure.dshield.org

    Even after explicitely adding the domain to the blocked sites cookie list, it still allowed the cookies. o_O

    On the other hand, with Chromium such does not happen. Both Chromium and DShield own test tool reveal cookies as not being set. As it should happen.
     
  10. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    Not that we have all this free time to test everything, but you do have to test stuff to know if it really works as advertised and make sure no bugs have crept in. I'm glad you mentioned IE TPLs because I haven't been keeping abreast of their evolution and one of these days I should figure out if what I do on the FF side can be duplicated on the IE side. That will now be... crap... item #65 on my todo list.
     
  11. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    what about using a host file like mvps
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    I explicitly block cookies from bing.com and have never had a Bing cookie set on my machine. Or are you trying to say you had a TPL that allowed content from dshield.org? That wouldn't matter at all because TPL's don't kick in for first party content.

    If it makes a difference: My cookie handling is set to custom: Allow 1st party, block 3rd party.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    As I mentioned, I didn't have time to research if any of the TPLs have any dshield entry (Fanboy's TPLs). But, from what I could verify moments ago, it doesn't have any *.dshield.org entry. Which would be odd if any entry was there, because as you pointed out, TPLs will only block third-party content.

    So, the issue is another one.

    All cookies are being blocked in IE9, but I could see that dshield had set cookies, by checking IE9's own privacy tool functionality (I don't know the exact name lol, but you probably know what I'm talking about). Even after blocking using IE9's tool to prevent the cookies from being set, they were still being set. I even cleaned temporary internet files and reopened IE9. The cookies were still being set.

    In fact, when going to here -https://secure.dshield.org/tools/browserinfo.html I could see that it reported that it set cookies as well.

    Even after explicitely blocking the domain names related to dshield. Pretty crazy.

    With Chrome it didn't happen. (I also checked it on my relative's system at the time.)
     
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    IIRC, there was once a time when IE's cookie blocking feature only blocked the setting of cookies and not the sending of already set cookies. I don't know if that still applies or relates to what you are saying, but I thought I'd mention it.
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I just finished retesting it a few seconds ago, and this time IE9 blocked the cookies without problems.

    Not sure what happened the other day.

    Anyway, but anyone using Tracking Protection Lists should be aware that, even if they're blocking third-party cookies, if a TPL allows connections to such third-party domains, the cookies will be allowed. Unless Microsoft changed that behavior, of course.
     
  16. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Just Marketing tactics? :D
     
  17. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    malware or not I love cookies......I have them for breakfast....
     
  18. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Can't say that's the healthiest start to the day! :D
     
Loading...
Thread Status:
Not open for further replies.