Loading Profile...
Twitter,
Facebook, or email.
CHAMP
In the last 2 weeks or so I got two installations of an ad-ware program that injects ads into all web pages on Firefox, Internet Explorer and Chrome by adding a javascript from the domain www. jsutils .net. The programs were called MediaPlayerV1 and MediaViewerV1 respectively. The IE plugin was caught by my virus scanner as suspect, but the Firefox and Chrome extension weren't probably because they are implemented in Javascript and look like any adserver javascript.
The URL for the injected javascript is www. jsutils .net/ext.js?c=6411&ext=MediaViewerV1alpha1710, which in turn contains about 10 ad services that are all loaded into the page (including one that displays ads over adult video and dating sites like redtube and ashleymadison).
I'm not sure if this fits the definition of trackers for Ghostery, if possible adding jsutils.net to the blocked sites would be helpful at least.
(I put spaces into the ad service url, do not really want to provide links to that crap)
www.jsutils.net adware service, I'm not sure if this is in the scope of Ghostery
-
-
-
Well, if the malware injects a javascript loader into each page e.g. www.youtube.com, it would keep the browser from loading the actual ad script since it would be blocked as tracker.
(the pic is great)-
Once malware has breached the defensible perimeter, Ghostery itself becomes vulnerable to attack. You can't trust it would still be functioning correctly. If the only way those scripts could appear on a page is by being injected locally, there's simply no reason to have Ghostery look for them. They're not the problem.
-
-
I know it cannot prevent the initial script from being injected, but it should be possible to keep the injected script from loading it's payload via an additional script tag
e.g. adware injects -
-
-
-
CHAMP
