Jili tongits login app,Hot JILI casino.Recharge Every day and Get Bonus up-to 50%!

dskvr
(@dskvr)

7 years, 8 months ago

This is a wonderful little widget that’s hard to come by, because obtaining stock data is usually very expensive. So I was skeptical. didn’t take too much digging for me to identify a tracking pixel for an ad network snuck into the plugin.

It inserts the following code, and I’ll break this down below.

<div id="ipq" style="height: 1px; width: 1px; position: absolute; top: -1px; left: -2000px; overflow: hidden; line-height: 0px; font-size: 0px;"><iframe id="ipqe" src="https://dspimp.websking.com/static/html/end.html?s=vagrantpress.dev&z=customstockwidget" style="height:1px;width:1px;position:absolute;top:-1px;left:-2000px;overflow:hidden;line-height:0px;font-size:0px;" width="1" height="1" scrolling="no" frameborder="0"></iframe><embed style="height:1px;width:1px;position:absolute;top:-1px;left:-2000px;overflow:hidden;line-height:0px;font-size:0px;" border="0" width="1" height="1" type="application/x-shockwave-flash" allowscriptaccess="always" pluginspage="//www.macromedia.com/go/getflashplayer" src="https://static.websking.com/static/canary.swf"></div>

The first bit is an iframe that leads to some javascript to extract parameters from the request URL, and then it utilizes javascript to put an img into the dom. It’s then absolutely positioned offscreen.

The next part is worrisome, as it attempts to load an swf which could contain anything, and could even disrupt user experience in some cases, asking them to download flash.

Digging into this further, we find the root url through the iframe uri, and end up at a login screen for an advertising portal.
Login
– https://rtbdisplay.com/accounts/login/?/accounts/login/=/&in_frame=true
Registration
– https://rtbdisplay.com/adbidder/start/?operation_mode=d&to_frame=true

Define your Campaign Bidding Strategy:
Spending patterns during the day
Behavioral information
Retargeting (URL category retargeting, search retargeting, none )

They must have some incentive to provide this service for free, but what’s troubling is that they DO NOT TELL YOU. This is definitively a form of adware and tracking, and could actually land you in hot water in some cases (for example, if your privacy policy does not cover this type of tracking).

Not sure if you know much about the online Stock Industry, but it’s very competitive. If you’re in the area of stocks, then you’re providing this company with visitor targeting information to potentially steal your customers.

I will be forking this plugin, removing the spyware and scraping the web for anyone who uses this plugin and notifying their webmasters. I strongly advise against the usage of this plugin.

The topic ‘Adware/Malware/Spyware Notice – BE WEARY’ is closed to new replies.

Tags