![]() ![]() ![]() But that domain is still useful for getting a better idea of what we’re dealing with here. The opt-out feature referenced in the text above doesn’t actually work because it points to a domain that no longer resolves - thisadsforus. This appears to be boilerplate text used by one or more affiliate programs that pay developers to add a few lines of code to their extensions. In both cases, your choice will remain in effect unless you reinstall or reset the extension. Both of these options are available by clicking \’x\’ button in the corner of each ad. You can also minimize the ads appearance by clicking on partial support button. You can disable these ads now or later in the settings page. Similarly, without revenue, this extension (and the upcoming new ones) would not be possible. During the development of this extension, I’ve put in thousands of hours adding features, fixing bugs and making things better, not mentioning the support of all the users who ask for help.Īds support most of the internet we all use and love without them, the internet we have today would simply not exist. ’s development is supported by advertisements that are added to some of the websites you visit. If we download a copy of that javascript file and view it in a text editor, we can see the following message toward the end of the file: A simple Internet search shows this same javascript code is present on hundreds of other Web sites, no doubt inadvertently published by site owners who happened to be editing their sites with this Page Ruler extension installed. The file it attempted to download - 212b3d4039ab5319ec.js - appears to be named after an affiliate identification number designating a specific account that should get credited for serving advertisements. The malicious link that set off antivirus alarm bells when people tried to visit Blue Shield California downloaded javascript content from a domain called linkojagerorg. Who exactly gets paid when those ads are shown or clicked is not clear, but there are a few clues about who’s facilitating this. When that altered HTML content is saved and published to the Web, the hidden javascript code causes a visitor’s browser to display ads under certain conditions. In that case, the extension silently adds a request for a javascript link to the end of whatever the user types and saves on the page. How did a browser extension lead to a malicious link being added to the health insurance company Web site? This compromised extension tries to determine if the person using it is typing content into specific Web forms, such as a blog post editing system like WordPress or Joomla. But the extension was sold by the original developer a few years back, and for some reason it’s still available from the Google Chrome store despite multiple recent reports from people blaming it for spreading malicious code. ![]() Page Ruler lets users measure the inch/pixel width of images and other objects on a Web page. The extension in question was Page Ruler, a Chrome addition with some 400,000 downloads. The health insurance site was compromised after an employee at the company edited content on the site while using a Web browser equipped with a once-benign but now-compromised extension which quietly injected code into the page. And as we’ll see, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals. The incident is a reminder that browser extensions - however useful or fun they may seem when you install them - typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month. Blue Shield quickly removed the unauthorized code. Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |