Industry guru Dave Taylor offers tech support on technical and business topics, including iPhone, iPod, Microsoft Windows, Sony PSP, cellphones, online advertising, CSS, Web design, business, Unix, Linux, SEO, Mac OS X, and shell script programming.     


Did I pick up spyware by visiting a Web site?

Hey Dave, I was looking at information on the Mirc website and I happened to come across a link called ircnick.com. Since the link came from an official website, I clicked on the link only to be redirected to a site called eta.us. Ever since hearing about phishing and malicious websites (e.g. Googkle) I was concerned as to whether or not the site I was redirected to was insidious in any kind of way (whether or not I had spyware, adware, trojans, etc.). I scanned my computer using various virus and adware scanners (everything was clean). Still feeling uneasy, I need advice, therefore I'm asking you.

Dave's Answer:

I can understand your concern, but fortunately there are some tools available that make tracking down this sequence pretty straightforward. I'm going to use a Unix command-line based tool called lynx to step through the sequence of what was sent from the site. I'm actually doing this on the Mac OS X command line by using the Terminal application that's included with the operating system (it's in Applications --> Utilities).

The first step is to recognize that when you visit a Web page you get two things sent back to you, a HEAD and an actually web page. The header is the http protocol handshake, and you can view it with lynx by using the following command: 

$ lynx -head -dump http://www.ircnick.com/
HTTP/1.1 200 OK
Connection: close
Date: Wed, 25 May 2005 15:24:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=32sgufnkkyppad2nkpcqnd45; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 644

Nothing untoward here, no suspicious redirects, but do note that there's a Cookie set and that it's obviously from a Windows server (which is confirmed by the fact that it's running Microsoft's IIS server).

Next step is to see the HTML itself, which can be done from lynx too: 

$ lynx -source  http://www.ircnick.com/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<html>
<head>
<title>ircnick.com</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" 
  content="http://schemas.microsoft.com/intellisense/ie5">

<noframes>
<body>
IRCNICK.COM
<a href='www1.eta.us/default.aspx?a=ircnick.com'>
</body>
</noframes>
</head>
<frameset rows="*">
<frame src='http://www1.eta.us/default.aspx?a=ircnick.com&ref=*&rs='>
</frameset>
<!-- #11 -->
</html>

You can see the link to the ETA site, so let's now traverse that with the same set of commands... 

$ lynx -head -dump http://www1.eta.us/default.aspx?a=ircnick.com
HTTP/1.1 200 OK
Connection: close
Date: Wed, 25 May 2005 15:34:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
p3p: CP="CAO PSA OUR"
Set-Cookie: ASP.NET_SessionId=ghuy3yqeu4roesak3bveykyc; path=/
Set-Cookie: tengnikrap=domain=ircnick.com:ref=:refst=; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 11471

Again, no big deal. But when I go to actually view their page, phew! Lots of dense code, but it all looks benign to me. Here's how I can test this hypothesis: if there were anything bad going on, we'd find some JavaScript or similar scripting code, so we can just look for a few key words or phrases in the HTML source itself, again, easily doable with lynx when coupled with the pattern matching grep command: 

$ lynx -source http://www1.eta.us/default.aspx?a=ircnick.com | \
  grep -iE '(java|form|action| on|object)'
<form id="parking_form" method="post" action="Default.aspx">
</form>

Looks like you're clear this time, but you might well want to check out my recent article on Safe Web Surfing and also seriously consider using a Web browser other than Internet Explorer for better security.

Oh, and if you are surfing the web - which you're obviously doing since you're here on my site! -- then you must have both a solid antivirus solution and anti-spyware solution. I recommend AVG Antivirus for the former and Spy Sweeper for the latter.

More Useful Computer and Internet Basics Articles:
✔   How do I blur my house on Google Maps Street View?
I was poking around on Google Maps looking at satellite views of my neighborhood and when I switched to street view, was upset...
✔   Create a custom vanity URL for Kickstarter?
I was reading some updates on Twitter and saw someone had posted a URL that would let me see what projects they'd backed...
✔   Export or Save Subscription List from Google Reader?
Just heard that Google Reader is going away this summer. That stinks! How am I supposed to read my RSS feeds? More importantly,...
✔   Shrink or Reduce a Photo File Size on Mac?
I'm trying to upload some photos to a social media site and it's complaining that they're too big. They are, as they come...
✔   Can I organize my Yahoo Mail with folders?
I've been on Yahoo Mail for years and while most of my friends are now on Gmail or their own Web-based email programs,...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
    Enter your name: and your email addr:  




Categorized: Computer and Internet Basics   (Article 4013, Written by )
Tagged: antivirus, security, spyware
Previous: Best practices for Google AdSense for Feeds?
Next: Can I delete the contents of Windows NtUninstall?




Reader Comments To Date: 2

Gary W. Longsine said, on May 26, 2005 12:01 AM:

People surfing the web with Windows should probably use Firefox to start with, and should probably use whatever they can in the way of filters - ad blockers, etc.

So Dave, there are scads of these filtering plugins for Windows, but some of them are undoubtedly vehicles for delivering "preferred" adware and spyware. What do you recommend to Windows users?

PC users ask me all the time, and I always say, "Sell your PC on eBay and buy a Macintosh." If they want to keep the Windows PC, what else can they do for prevention of browser based malware?

Mike said, on May 26, 2005 11:14 AM:

Although Macs are less attacked by viruses Mac users can also use the free virus checker www.clamxav.com to make sure that their machines are not misused as virus safe havens.

Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!

I do have a comment, now that you mention it!











I will never send you any unsolicited email. Ever.






Check This Out Too...

 
Recent Entries
Look for Answers
Recommended
Need Help? Ask Dave Taylor!
All Our Categories


Follow Me on Pinterest

Find Me on Google+
ADT on G+
© 2002 - 2013 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. My lawyer says "Thanks".
"Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.