First, it references a script on the advertiser’s (Tribalfusion) web page. This site uses a number of obfuscation techniques to hide what’s happening. You might have to refresh a few times since the popup generation is random: While the DHTML Editor ActiveX control might have been the source of at least one of the popups I’ve seen get through the blockers, there’s a web page that will get popups past not only IE, but Firefox as well.
Maxthon browser malware windows#
However, Microsoft chose to leave the basic script support in place and to have it ignore the Windows XP popup blocker settings. Related to cross-domain scripting discovered earlier this year and so has been patched. Here’s the invocation of its script interface that references a script on another page that actually creates the popup window and moves it around: The control is considered safe for scripting by Windows, which means that anybody can generate popups that bypass standard popup blockers by invoking its scripting interface. If you look at the source to the page you see the reference to an ActiveX control class ID:Ĭlassid="clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A"Ī little more research revealed this is the GUID for the Microsoft DHTML (MSDHTML) Editor ActiveX control that ships with every copy of Windows. Before clicking on the link please note that the page only works on IE, there’s no malware posted on the page and you can terminate the demonstration by closing any of the browser windows: Within a short period of time my research took met to a thread in a discussion group where a poster reported that you can see dramatic example of popup blocker ineffectiveness at a particular URL. Popups are not only annoyances, but they can bait unsuspecting users into visiting “drive-by-download” web sites that try and deploy malware on a system by exploiting unpatched vulnerabilities in the visitor’s browser. I assumed that the popup was a fluke of some kind, and because I was busy tracking down some piece of information, I dismissed it and forgot about it until a few days ago when I came across another one at a pretty popular Windows information site. So because I’m running Windows XP SP2 I have two popup blockers at work for me: the one built into XP SP2’s version of IE and that of the browser application. Avant Browser and Maxthon are applications that wrap Internet Explorer (IE) with all the features considered mandatory of a modern-day web browser, including tabbed browsing, enhanced popup blocking, advertisement blocking, skinning support, and a configurable search engine. This, despite the fact that I’m running either First published on TechNet on Jun 22, 2005Ī couple of weeks ago I came across a site in my web wandering and had a popup.
0 kommentar(er)
