|
|
LizardBar Cookie Information
| Name: |
LizardBar |
| Category: |
Cookie |
| Advice: |
Remove |
| Risk: |
Low Risk
Low risk threats pose a very low risk or no immediate danger to your computer or your privacy, however these types of applications may profile user online habits, but only according to specific privacy policies stated in the applications End-User License. These types of threats generally borderline on being a threat to being a standard application that has a complex license agreement that you knowingly installed. |
| Description:
|
Adult content related toolbar for Internet Explorer.
LizardBar is an Internet Explorer browser helper object (BHO) that attempts to advertise porn sites by inserting URLs into web forms where a homepage entry is requested, such as a guestbook or web forum. The insertion is done in such a way that the user does not realize it has happened until they see their profile with a link to a porn site that they did not put there. If you enter the url in the web browser, the server's response will be a link to pornographic material at www.indateens.com.
Submithook uses OLE methods to control the content of the form being submitted. When a page with an HTML form is loaded, Submithook replaces the internal "onsubmit" handler with its own subroutine. When the form is submitted, the Submithook subroutine enumerates all the form fields, looking for any with the name "url", "homepage", "page", "www", ".cl1" or "site". If it finds any of these fields AND the field is left blank, it will retrieve a single URL from a remote server and insert the URL into the form field. Additionally it will perform the same function if a form field with ANY name contains only the text "http://". The remote server where the porn site URL is obtained is contacted via http.
The text [URL] is replaced with the URL of the form being submitted. The text [NID] is replaced with a unique GUID assigned to the infected computer at the time Submithook is installed, using the CoCreateGuid API call. When this URL is accessed, it sends back only a single URL as output, which is then added to the form field.
In order to conceal the newly added text while the submission is in progress, the subroutine sets the text color in the form field to match the background color, rendering the text invisible. The added text can be seen if it is highlighted with the mouse during the submit phase. If the user hits the "back" button on the browser after the submission, the text of the added URL will be the normal color and fully visible.
Submithook is usually bundled with the trojan family known as IEFeat/WinShow. It is dropped by the file submit2.exe, which is downloaded and executed during subsequent stages of an IEFeat infection. The installer is deleted on the next system boot by a command added to the "Runonce" registry key.
|
| Type: |
Cookie - Cookies are small files that are created by your web browser when you visit sites on the Internet. They can be used to track your visits to certain web sites and can provide companies with information about frequency of visits and other profile information. The user is usually not aware that their surfing habits are being tracked. |
Top Cookie Visited Pages:
bbs.darkcollection - 1722 visits
Sexmaxx.com - 1102 visits
Dragonballxxx - 726 visits
XXXMovies - 640 visits
WWW.teenax.com - 627 visits
Zoofil - 493 visits
XXXPower.net - 447 visits
TurkPorn - 383 visits
The HunsYellowPages - 338 visits
PornoRiver.com - 329 visits
Random Cookie Pages:
ServedFor.ValueAd.com
AdultSexStoryLinks
RegFreeze
Cok.Whenu.com
FirstLook Search Portal
PecDialer
WurldMedia.com
SearchAnt.com
AI
CleverCrackers
|
|
