Spy Cookies

Computers are attacked by more and more threats every single day. It seems that the so-called “rogues” are on the top of all the web threats. Some are more dangerous than others.

It seems that the rogueware AV Security Suite is advertised the most. One of a long list of domains, promoting the fake application is a n t i s p y b a s e . n e t. Although the layout and structure of the website isn’t different than most of the sites, advertising AV Security Suite, after a PC user visits a n t i s p y b a s e . n e t two cookies are created on your PC: dizine and testMagazine.

Image 1. Cookies created after visiting a n t i s p y b a s e . n e t site

As seen from the image above, “testMagazine” cookie expires as soon as you end your visit on the site. In the meantime, the expiration of  “dizine” cookie is 31 December, 2011.

I would recommend you to clean cookies from the sites like a n t i s p y b a s e . n e t because of their ability to track sensitive information about your activities and habits on the Internet.

Repair and Optimize Your PC for Better Performance!

Fix Annoying Errors, and Speed Up Your PC!

These are slogans used by the creators of ErrorWiz software. Should you trust this application? NO! Don’t even think about that. These guys are only waiting for you to fall into their ambush.

The so-called rogue anti-spyware application ErrorWiz is distributed via two sites: e r r o r w i z . c o m and e r r o r w i z s i t e . c o m. They are identical: selling the same product and looking just the same.

Image 1. ErrorWiz site                                 Image 2. ErrorWiz site

Besides, both domains create the same cookies on your browser: utmz, utma, and visit. While _utmz is used to track where a visitor came from, _utma tracks the number of visits of a single user. Unfortunately, it is unclear what the purpose of cookie named “visit” is. Luckily, it expires in several hours after a user has been on the website.

Image 3. Cookies created

All in all, neither e r r o r w i z . c o m nor e r r o r w i z s i t e . c o m is a suitable place for you to enter. Be sure to remain on the secure side of the web.

How much do you know about Anti Virus Armor software and a n t i v i r u s a r m o r . c o m website?

The only thing that should be said is that the domain a n t i v i r u s a r m o r . c o m is promoting the fake and malicious software, Anti Virus Armor. A long list of websites suggest removing the threat in different ways: it can be done manually (following the instructions provided), or using antivirus software tools. In either ways, Anti Virus Armor is considered to be a rather dangerous tool which might cause lots of troubles to your PC, starting from making the PC run slowly and ending with annoying pop-ups thrown on the screen.

What happens when you visit a n t i v i r u s a r m o r . c o m site? As soon as you enter the website in the search bar and click Enter, two cookies are created on your browser: _utmz and _utma.

Image 1._utmz cookie

Image 2._utma cookie

_utmz and _utma cookies are used to identify whether or not you are a returning visitor of this website. Most of the cookies expire as you finish the session. However, in this case, _utma is valid till the year 2012, while _utmz expires in the end of the year. Isn’t that suspicious that a n t i v i r u s a r m o r . c o m is collecting some strange information from its visitors?

What is CSRF? Have you ever heard anything about Cross Site Request Forgery? If not yet, now it’s the perfect time to find more about this attack.

CSRF, also referred to as Cross Site Request Forgery, Sea Surf, Session Riding or XSRF, is a tricky attack which deceive the unsuspected victim to take certain actions without being unaware of that. In most cases, it happens as a victim just visits a webpage containing the malicious request. After your visit, cyber criminals can perform actions they have planned.

How is CSRF attack carried out? Unfortunately, there is no one way cyber criminals might do this. The attack might be performed in one of the following ways:

• using html img tag, or embedding certain url into the target application (this way works as the victim is logged into the application);
• hosting a site and influencing the victim to visit that site (the site to be visited would contain the malicious request).

How CSRF works? Every browser has a feature of sending the session cookie together with POST/GET HTTP request. The CSRF uses this feature and configures it according to own wishes.

The criminal identifies a URL on a website, for example a site where you shop online. In order to purchase something, you need to enter your account number and similar sensitive information. On your shop site, a certain URL is posted. However, this URL is controlled by the adversary.

When the victim visits this web page, the URL is triggered. Along with the request of the cyber criminal, the browser sends the authenticated cookie. In case this cookie isn’t expired and the victim keeps information like passowords to the bank account in it, the cyber criminal might use this sensitive information and do transactions without the knowledge of the victim.

Image 1. ALOT toolbar

Every single day, more and more people seem to be complaining about certain features or updates made to their computers. These days ALOT toolbar is one of the most popular topic to talk about. Everyone wants to remove it from their computers. Why so many troubles of this add-on for a PC?

Although ALOT toolbar is quite useful in searching for the information on different topics, according to most PC users, it also has the ability to redirect you to different fraudulent websites. I suppose this is enough to keep away from ALOT.

In addition, alot.com creates a list of cookies which track information about you (take a loot at the screenshot below):

Image 2. Cookies from alot.com

In the screenshot, you can see that after visiting alot.com, seven different cookies were created. You might be familiar with some of them but let’s take a closer look at the less frequent ones: _qca, csrf, and sid.

Cookie _qca: although hard to detect what this cookie is tracking on your browser but once you visit alot.com, you get this cookie which lasts until 18 January, 2038. There should be a good reason for a cookie to last this long, don’t you think so?

Cookie csrf: csrf, or cross site request forgery, is also known as an attack that is used to deceive computer users and make them take certain actions without you noticing that. That definitely looks scary. Besides, the date of the expiration of this cookie is the year 2038 as well. Once you visit the site, cyber criminals might expose you when they wish that.

Cookie sid: this cookie is supposed to be helping to create a new session on your browser.

All in all, be sure to remove cookies from alot.com in case you get lost on the Internet and visit the domain. To remain on the safe side of surfing the net, I would advice you to keep away from this website or toolbar.