onMouseOver

Discussion in 'other security issues & news' started by vasa1, Sep 30, 2010.

Thread Status:
Not open for further replies.
  1. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Some exploits employ onMouseOver to redirect to a new page/site.

    Can someone post a link to a site that legitimately (= not for malicious purposes) uses such a tactic? Or is it that all uses of this tactic are not legitimate and will be found only on compromised sites?

    If I have set the firewall to query all outgoing requests from my browser, won't I get a prompt asking me if I wish to proceed?

    This is a newbie question so please oblige :)
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Do an internet search for that term - you will find hundreds of sites and tutorials.

    It is a legitimate javascript function which, like so many others, has been misappropriated for cybercriminals' malicious use.

    I don't know the answer to your firewall question.

    ----
    rich
     
    Last edited: Sep 30, 2010
  3. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,974
    Location:
    U.S.A.
    vasa1, Rmus is correct, onMouseOver is a legitimate JavaScript effect and here is a site that you will be able to safely see the process:

    W3Schools onmouseover Event - Examples #1 & #2.

    However, JavaScript is not the only source. CSS (Cascading Style Sheets) can be used to provide a similar effect:

    W3Schools CSS Image Opacity / Transparency - Example #2.

    Because your browser, while visiting a site, is the one that calls for either JavaScript and/or CSS (if needed to display an effect on a page), blocking them would be a browser function, not a firewall function.
     
  4. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Thank you, Rmus and JRViejo:

    I understand that onMouseOver is a normally useful tool for drop-down menus, as just one of many examples, whether triggered by javascript or CSS and I didn't mean to question its utility.

    My question is specific to the issue (if I understood it correctly) that mousing over without even clicking a certain region (or even a link) of a web-page could trigger a redirect to another site as seems to have been the case in the recent Twitter example.

    While Firefox can be set up to warn on redirect and then notifies the user that a redirect is requested on a per request basis, from the little I saw of Opera, it's an on or off setting and far less convenient. I can't even find the equivalent in Chrome.

    Here's where the firewall comes in. I can set the way the firewall handles internet requests from an application including any browser: always block, always allow, or always ask.

    In other words, a browser can be set by the firewall to a rules-based mode. So unless I set a specific site as always allow, the firewall will hold up things until I allow or deny the request. In other words, I shouldn't be unknowingly directed to another site.

    I wanted to know if such a procedure would minimise the chances of unwanted redirection if I use a browser like Chrome with "the always ask" (unless I mark a site as trusted) setting in the firewall.
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,884
    Using Opera browser, I 'mouseover' all the time....have not been bitten yet! ;)
     

    Attached Files:

  6. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,974
    Location:
    U.S.A.
    vasa1, are you running Online Armor's Web Shield or something similar? Then, yes!
     
  7. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152

    JRViejo,

    Thanks! I'm using PC Tools Firewall 6.0.0.88.
     
  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,974
    Location:
    U.S.A.
    vasa1, keep in mind that once you "trust" a site that contains the malicious JavaScript code, all bets are off.

    You're welcome! Take care.
     
Thread Status:
Not open for further replies.