[Techtalk] is this malicious code? -- the code in Pastebin
Carla Schroder
carla at bratgrrl.com
Tue Jan 15 23:46:14 UTC 2013
On Tue, 15 Jan 2013 23:30:12 +0000
James Sutherland <james at deadnode.org> wrote:
> On 15 Jan 2013, at 23:20, Carla Schroder <carla at bratgrrl.com> wrote:
> > On Tue, 15 Jan 2013 23:03:57 +0000
> > James Sutherland <james at deadnode.org> wrote:
> >
> >> On 15 Jan 2013, at 23:01, Carla Schroder <carla at bratgrrl.com>
> >> wrote:
> >>
> >>> Hey all,
> >>>
> >>> I have a snippet of a Javascript ad that Google flagged as
> >>> malicious. I would like a second opinion from you fine
> >>> Techtalkers-- what's the best way to safely share this code? It's
> >>> about a dozen lines.
> >>
> >...
> >
> > http://pastebin.com/NvTGxDQd
>
> Looks harmless: all it does is insert a <script> tag referencing
> adsbyisocket.com. The "odd" bits are just it putting things like the
> current page address and the page 'referer'(sic) into that URL, so
> they get a better idea whom they're serving their ads to.
>
> It's possible adsbyisocket.com is a malware domain, but it certainly
> looks like a regular online ad broker from a quick look.
Here's the whole story: one of the sites I work for uses Isocket for
serving ads. This ad was flagged by Google this morning and they
blocked 5 of our 8 sites. We removed the ads early this morning, and I
manually inspected every page that Google flagged, and they were clean.
Google still has not removed the block.
Isocket did this once before, and despite vowing to 'do whatever it
takes' to get their customers back online they are utterly useless and
helpless. Google, of course, is impenetrable and unresponsive. We've
lost a day's business.
Carla
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
ace Linux nerd
buy my books! Book of Audacity,
Linux Networking Cookbook,
Linux Cookbook
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list