I just recently found the Red Sheriff spyware cookie on my machine. I did a little background research and found out it is server side spyware which runs in java. I had a IE-Spyads restricted list installed, but apparently it was too old (dated 5.13.2004). I'm guessing a new domain which was not included in the IE-Spyads was slipping by and able to run the java applet. So I upgraded to the newest version of IE-Spyads and I'm not getting the imrworldwide.com cookie anymore.
But here is the question. Why is Internet Explorer allowing a java applet to drop a cookie on my machine? This is a security risk, and why has Microsoft not patched this hole if Red Sheriff has been around since late 2002? I mean what good are the use of cookie rules, if some rouge applet (Red Sheriff) just decides to bypass the whole thing altogether, and drop a cookie whenever it wants? I've always had strict rules for cookies only allowing cookies listed in my trusted zone.
Can someone expain how this applet works in detail and how its able to drop cookies on my machine?
Edited by dualsmp, 16 January 2005 - 02:45 AM.