Jump to content


Red Sheriff

  • Please log in to reply
4 replies to this topic

#1 dualsmp



  • New Member
  • Pip
  • 1 posts

Posted 16 January 2005 - 02:32 AM


I just recently found the Red Sheriff spyware cookie on my machine. I did a little background research and found out it is server side spyware which runs in java. I had a IE-Spyads restricted list installed, but apparently it was too old (dated 5.13.2004). I'm guessing a new domain which was not included in the IE-Spyads was slipping by and able to run the java applet. So I upgraded to the newest version of IE-Spyads and I'm not getting the imrworldwide.com cookie anymore.

But here is the question. Why is Internet Explorer allowing a java applet to drop a cookie on my machine? :huh: This is a security risk, and why has Microsoft not patched this hole if Red Sheriff has been around since late 2002? I mean what good are the use of cookie rules, if some rouge applet (Red Sheriff) just decides to bypass the whole thing altogether, and drop a cookie whenever it wants? I've always had strict rules for cookies only allowing cookies listed in my trusted zone.

Can someone expain how this applet works in detail and how its able to drop cookies on my machine?



Edited by dualsmp, 16 January 2005 - 02:45 AM.

#2 Seventeen


    Ad hater

  • Full Member
  • Pip
  • 18 posts

Posted 17 January 2005 - 12:34 AM

Just about any program can put a Cookie in your Browsers cache, and cookies have always been considered low risk, read and write only.

Heck, MSN Instant Messenger when launched will connect to its servers and drop a cookie, also the ads at the bottom connect to different adservers, and they can(and do try to) drop a cookie.

In addition to IE-SpyAd, another good program to use is Spyware blaster from JavaCool. You should check it out and do try and keep them updated.

Edited by Seventeen, 17 January 2005 - 12:36 AM.

#3 Moore



  • Full Member
  • Pip
  • 55 posts

Posted 19 January 2005 - 12:02 PM

What are your browser settings , if you dont have active scripting disabled in your browser the java applet will be able to run without any problems , thats if its not also blocked by IP or hostname or in restricted sites zone.

There was a really good discussion about Redsherrif on the old Spyware Info forum , but there seems to be a problem with it now:

This is a security risk, and why has Microsoft not patched this hole if Red Sheriff has been around since late 2002?

I dont think they have enough money to patch any of the holes in their software , and there are a lot worse things than cookies to worry about.

Heres a host file domain list that was posted on the Spyware Info page :

Edited by Moore, 19 January 2005 - 12:04 PM.

#4 trojanmountie



  • Helper
  • Pip
  • 62 posts

Posted 19 January 2005 - 02:06 PM

Red Sheriff is big and getting bigger. Originally from Australia, there are good reasons why this thing is gathering momentum world wide.

I cannot easily find their data gathering techniques (it's not just cookies/surveys), but there may be other factors about the business model which will enable us to make decisions about Red Sheriff without understanding how they do it.

There are existing malware (yes/no?) discussions here (Spywareinfo) on Red Sheriff. Please check them out.

Take a look at the appeal of the gathered data studies to marketeers and check out the new strategies for say, playstation 2:


I cannot easily find explicit descriptions of of the discreet data elements collected, but here's some insightful information:

A wide range of factors, from survey data and automatic collection, is analysed, including the user's display colour-depth and resolution settings. Some publishers' advertisers may wish to know such facts, Whinnen says, to verify that painstaking design is having an impact.


This info will introduce you to the scale, growth and strategy morality of Red Sheriff.

The bigger they get, the more financial value will be associated with flirting with the "Dark Side". Since, they are international, it is not likely that simple mechanisms like legislation will reshape their emerging business model.

We need to stay tuned . . .
". . . because, 99, he didn't count on the power of Goodness and Niceness!" - Maxwell Smart

#5 shieldsup



  • New Member
  • Pip
  • 1 posts

Posted 06 April 2005 - 12:56 AM

I just thought it might be useful to explain that these types of services are not all bad. The service does get gather any personal identifiable information, nor does it gather anymore information that a web servers log files.

So I really don't see what all the fuss is about.

Just my 2 cents.

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button