This forum is infected
Join Date: Nov 2010
Location: London
Age: 54
Posts: 232
Likes: 0
Received 0 Likes
on
0 Posts
OMG, says I. I would have expected the various scanners I have to pick it up, but its there.....
And then I realised that I had searched for it, and found the string that was actually your thread starter.
Doh!
And then I realised that I had searched for it, and found the string that was actually your thread starter.
Doh!
Join Date: May 2001
Location: 75N 16E
Age: 54
Posts: 4,729
Likes: 0
Received 0 Likes
on
0 Posts
I can see Alice.it in the source....because you wrote it 
As it was explained to me once, sometimes website designers leave it little bits of code which point to a dead domain, just in case their clients refuse to pay the bill. In that case the domain comes alive and they can sabotage the website.
Some of the time, depending on how clever your virus scanner is, these are picked up as possible viruses by heuristic scans, when in actual fact they are benign.
As it was explained to me once, sometimes website designers leave it little bits of code which point to a dead domain, just in case their clients refuse to pay the bill. In that case the domain comes alive and they can sabotage the website.
Some of the time, depending on how clever your virus scanner is, these are picked up as possible viruses by heuristic scans, when in actual fact they are benign.
Join Date: Nov 2010
Location: London
Age: 54
Posts: 232
Likes: 0
Received 0 Likes
on
0 Posts
we used something similar in a bunch of early web applications we wrote, but to track unique user base, many many years ago. Page would pull in a single pixel image from our website embedded in the client site, so we could keep track of whether they were paying for correct user license. Permission was granted somewhere deep in T&Cs.
Now its pretty much used by everyone in products like Webtrends. Ah, I wish we'd had the foresight to make that product :-) Never mind
Now its pretty much used by everyone in products like Webtrends. Ah, I wish we'd had the foresight to make that product :-) Never mind
Thread Starter
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes
on
0 Posts
It was definitely in the "Italian" thread; I could make the warning pop-up anytime I did an F5 on that thread. Now it's gone.
The URL was
xoomer . alice . it / hpcave / p66.jpg
and it's identified as a known phishing site.
If you go to the Italian thread, without any AV software running, and see the URL in there...
Nasty - but I have seen that on another aviation forum. Actually every aviation forum I know of has been hit with "silent redirection" hacks (usually SQL insertion in the advert feed) within the past year. The admins never like to advertise it.
That technique is used today to see if people have read their emails 
You stick the 1-pixel image URL in the email and log the server hit. Like most of these things, it works best with Micro$oft email software 
Easily blocked by NoScript plug-in in Firefox. I block all that stuff by default.
The URL was
xoomer . alice . it / hpcave / p66.jpg
and it's identified as a known phishing site.
If you go to the Italian thread, without any AV software running, and see the URL in there...
sometimes website designers leave it little bits of code which point to a dead domain, just in case their clients refuse to pay the bill. In that case the domain comes alive and they can sabotage the website.
Page would pull in a single pixel image from our website embedded in the client site, so we could keep track of whether they were paying for correct user license. Permission was granted somewhere deep in T&Cs.
You stick the 1-pixel image URL in the email and log the server hit. Like most of these things, it works best with Micro$oft email software
Now its pretty much used by everyone in products like Webtrends
