Auto-porn bookmarks in IE

[istara]

When using a shared computer at work, the morning after a colleague had stayed late after hours to “catch up on some work”, we discovered the Internet Explorerer Favourites crammed full with fairly unnerving hard-core porn sites.

What I am wondering is:

(1) Is this guy so stupid that:
(a) he uses a work computer for this thing,
(b) doesn’t bother to cover his tracks, and
© actually chooses to advertise his deeds by bookmarking his salacious surfing?

or:

(2) Porn sites now manage to use some nasty javascript-type-thing that automatically bookmarks them when you visit. (Like the endless series of pop-ups when you try to close a porn site window).

Anyone?

[iamthewalrus_3]

Yeah, they can do this. I had one site put itself in my start menu. Yet another good reason to disable javascript.

[grimpixie]

Ditto - one also replaced my start page with itself…

Tricky devils these porn pages - so I have heard…

Gp

[cls]

Yes, they usually use this exploit to change your home page or add bookmarks. You can also download a patch from this URL.

Developer tools, technical documentation and coding examples

If you’re not already patched, do it as soon as you can. They can do much worse than changing your IE settings using this hole.

[Nukeman]

Ha, busted. Have you mentioned it to him yet?

Thanks for that link, cls. I have just recently installed IE 6, does that come with it already installed?

[Stupendous_man]

If you look in the folder called “cookies” there should be dozens of them for the sites he’s been to. Also, there might be some “history” left of the visits.

[Kendo]

Fairy positive that Javascript can’t do this guys, can’t change your home page or add to favourites with direct say so.

Java can. And any other applet you specifically ALLOW to enter your PC can. But again, you have to give your say so for this to happen, too.

[c_goat]

Usually they trick you into running their applet somehow. Just like email viruses try and trick you into opening attachments.

You can bookmark the page through javascript, but IE will pop up a confirmation box asking you to verify. The problem is that the person writing the javascript can put a message in that says “Click ‘Yes’ to enter the site”. So you get a popup box that says:

“Bookmark the site http://pornlinkhere?
Press ‘Yes’ to enter the site.”

And apparently that fools people into clicking yes. They also do this to try and trick you into setting your homepage.

They even do the same thing with java applets that install things on your system (ALL BAD). People that don’t know better click yes when asked for authorization to access their local machine.

[cls]

Nukeman: That link has information on how to check if you’re vulnerable. It sounds like IE 6 isn’t affected.

Kendo & c_goat: If you’re vulnerable, there won’t be any prompt before the script changes your home page or adds stuff to your favorites.