Jump to content


This is scary

  • Please log in to reply
5 replies to this topic

#1 VashonDude


    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 10 June 2004 - 09:52 PM

I found this ad at a website (411mania.com) I go to frequently. If you put the cursor anywhere on the ad (top part of picture), a dialog box (bottom part of picture) shows up. Fortunately IE plugin won't install if you click on Cancel. Have there been known cases where something can install just by placing your cursor on an ad?

-- LB

Attached Files

Want to help in the fight against malware? Join the SWI boot camp.

#2 Misereor



  • Full Member
  • Pip
  • 84 posts

Posted 11 June 2004 - 12:26 AM

It's called a mouseover, and if you have scripting enabled in Internet Explorer it can do anything a mouseclick can.
(As far as hyperlinks are concerned.)

#3 ChaoGuy



  • Full Member
  • Pip
  • 18 posts

Posted 11 June 2004 - 12:28 AM

The banner itself I recently searched is Intelligent Explorer, that is likly the maker of the toolbar also, and it is best to block or put the Toolbar URL on the restricted sites list because I found it is using other domains to prevent the Restricted sites issue that most spyware is still getting around, just a heads up guys.

also trying to find it on the View Source thing is usless it's code is hidden from view.

If you guys are also concerned on it here is the URL on this virant, http://securityrespo...e.ieplugin.html

Edited by ChaoGuy, 11 June 2004 - 12:43 AM.

#4 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 11 June 2004 - 11:33 PM

Yeah, Flingstone tried this on animelyrics.com a while back. It doesn't work if you turn off Javascript.
Signature file is under revision. This will be back shortly.

#5 nl255



  • Full Member
  • Pip
  • 54 posts

Posted 12 June 2004 - 03:15 PM

There is a toolbar that automatically installs just by visiting a website. The I-lookup trojan bar installs by using unpatched security holes in MSIE.

#6 Misereor



  • Full Member
  • Pip
  • 84 posts

Posted 14 June 2004 - 06:27 AM

A quick correction to what Tuxedo Jack said. (No offense.)
Just about any kind of web-scripting will enable mouseovers, not just Javascript.

Scripting can also try to execute files (such as installing a BHO), but unless it utilizes a security flaw, you will be prompted for an accept.

Edited by Misereor, 14 June 2004 - 06:30 AM.

Member of UNITE
Support SpywareInfo Forum - click the button