|
LizardBar Browser Plug-in Information
| Name: |
LizardBar |
| Category: |
Browser Plug-in |
| Alias: |
- Alias: Give4Free Plugin |
| Advice: |
Remove |
| Risk: |
Moderate Risk
Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance. |
| Description:
|
Adult content related toolbar for Internet Explorer.
LizardBar is an Internet Explorer browser helper object (BHO) that attempts to advertise porn sites by inserting URLs into web forms where a homepage entry is requested, such as a guestbook or web forum. The insertion is done in such a way that the user does not realize it has happened until they see their profile with a link to a porn site that they did not put there. If you enter the url in the web browser, the server's response will be a link to pornographic material at www.indateens.com.
Submithook uses OLE methods to control the content of the form being submitted. When a page with an HTML form is loaded, Submithook replaces the internal "onsubmit" handler with its own subroutine. When the form is submitted, the Submithook subroutine enumerates all the form fields, looking for any with the name "url", "homepage", "page", "www", ".cl1" or "site". If it finds any of these fields AND the field is left blank, it will retrieve a single URL from a remote server and insert the URL into the form field. Additionally it will perform the same function if a form field with ANY name contains only the text "http://". The remote server where the porn site URL is obtained is contacted via http.
The text [URL] is replaced with the URL of the form being submitted. The text [NID] is replaced with a unique GUID assigned to the infected computer at the time Submithook is installed, using the CoCreateGuid API call. When this URL is accessed, it sends back only a single URL as output, which is then added to the form field.
In order to conceal the newly added text while the submission is in progress, the subroutine sets the text color in the form field to match the background color, rendering the text invisible. The added text can be seen if it is highlighted with the mouse during the submit phase. If the user hits the "back" button on the browser after the submission, the text of the added URL will be the normal color and fully visible.
Submithook is usually bundled with the trojan family known as IEFeat/WinShow. It is dropped by the file submit2.exe, which is downloaded and executed during subsequent stages of an IEFeat infection. The installer is deleted on the next system boot by a command added to the "Runonce" registry key.
|
| Type: |
Browser Plug-in - Adware is generally software that displays advertisements. Some advertisers may covertly install adware on your system and generate a stream of unsolicited advertisements that can clutter your desktop and affect your productivity. The advertisements may also contain pornographic or other material that you might find inappropriate. The extra processing required to track you or to display advertisements can tax your computer and hurt your system performance. |
Top Browser Plug-in Visited Pages:
3721.com Chinese Keywords - Alias: 3721.com Chinese Keywords browser Spyware - 75 visits
Sexxxpassport Plug-in - Alias: Sexxxpassport.com, SEXXXPASSPORT - 52 visits
FavoriteMan - Alias: TrojanDownloader.Win32.Rameh, Windows Help 4 Smart Browsing, F1Organizer, ATPartners - 43 visits
Netster SmartBrowse - Alias: Netster SmartBrowse Toolbar - 40 visits
MapQuest Toolbar - 39 visits
My Way Speedbar - Alias: MyWayToolbar, MyWay Search Bar - 39 visits
Trojan.BHO.NameShifter.T - 36 visits
Kugoo - 35 visits
EZSearch - Alias: ezSearching, ctavp - 34 visits
Esyndicate - Alias: Esyndicate.BHO - 32 visits
Random Browser Plug-in Pages:
BazookaBar 1.0
LizardBar - Alias: Free Community, FreeComm, Submithook, Submit Url, Adware.FreeComm, Free Community Toolbar, Submit UR
Quick! Searchbar
Friend Greeting - Alias: FriendGreeting E-Card, Friend Greeting, Permissioned Media, Flooder.MailSpam.Friendgreetings, WORM_F
CWS.atlass
BHO.Msudpb
Trojan.Downloader.Agent.IK - Alias: TrojanDownloader:Win32/Agent.IK
iDonate BHO
BHO.Bpkhk
Give4Free - Alias: Give4Free Plugin
|
