[Techtalk] is this malicious code? -- the code in Pastebin
Carla Schroder
carla at bratgrrl.com
Sun Jan 20 01:52:49 UTC 2013
>
> http://pastebin.com/NvTGxDQd
>
>
Some followup here-- there is a problem with this code, and it's not
that the code itself is malicious. Rather it's typical lazy copy-paste
and a de-facto standard for ad servers.
First of all, the scr"+"ipt bit that some of you noticed is a common
practice, but not a good practice. Javacript, for security reasons,
cannot add a <script> element to documents. So this gets around that.
So the result is this mass of clunky JS opens an unrestricted portal
into a customer's site. The customer has to trust that whatever this
chunk of code calls from the originating server (most likely an ad
server) is clean and error-free. There are no safety or sanity checks,
no restrictions on what can come through this nice little gateway--
images, scripts, who-knows-what. Ad servers, because of their reach,
are obvious malware targets, so this is obviously a terrible practice.
I can't imagine a scenario where it would be a good practice.
One of the sites I work for got blacklisted last week by Google for
malware, along with 175 other sites all using the same ad server, and
this is the code that Google flagged. It was a mistake, and Google
reversed the block within an hour. Unfortunately it takes up to 12
hours for it to disappear completely, so many sites were affected for
most of the day. I did a writeup here
http://socialmediatoday.com/cschroder/1163996/google-we-dont-care-we-dont-have
Executive summary: this sort of crud is why I use swear words a lot :)
Carla
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
ace Linux nerd
buy my books! Book of Audacity,
Linux Networking Cookbook,
Linux Cookbook
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list