Can URLs be added to the dropdown address list in IE 6 in any way other than typing them?
I know that no matter how you get to a website, all the pages visited in that site are in your history. But as far as I know, the only way for a URL to appear in the dropdown list under the main address bar is if you typed it in.
I ask because one of my customers found some porn links in the dropdown list on the computer used by their 12-year-old and 14-year-old boys. The boys claim the entries are from popups and that they did not deliberately visit those sites.
As the “computer guy” my customer asked me if that were possible. I said I didn’t think it was possible, but I’d try to find out for sure.
Anyone know chapter and verse on how items can be added to the URL address dropdown list?
MSIE saves the URL history in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
You can open this key and add URLs (or modify existing ones) that have not actually been visited, and they will show up in the URL history drop-down list.
I guess the next question is, do the 12 and 14 year old boys in question know how to edit this registry key :dubious:
I missed this part. In that case I guess the next question is, can pop-ups cause registry keys to change. I’m not sure. Malware/spyware might be able to do it.
I have never seen any Typed URLs in my registry that I haven’t typed or pasted and I use my address bar routinely rather than links or favourites. I edit it whenever it gets too much crap in it.
Here is a brief discussion about how police investigate PC content that seems to indicate that the trail is pretty easy to follow. And that in the absence of any malware created before the site was visited that the Typed URLs tell the story:
*Physical evidence and electronic evidence is collected. In the case of crimes involving computers, the evidence is collected with tools designed to find the evidence. This evidence includes internet history, content, and registry data, including “typed URLs”. It’s these “typed URLs,” gleaned from the registry, which are identified - not pop ups.
Additional tools which search for specific viruses, trojans, and worms by their unique hashes can be brought into play to search for the known bad code.
Once evidence is located, police take note of the date and time it was created, modified, and last accessed. When the evidence (malware, .jpg, web page) was created is the “when” in “who, what, when, where, how and why.” So, if malware was created at the same time the web pages and images were created, was the malware spawned by the “typed URL”, by its content (i.e. Web Attacker kit), or mouse napping (click-throughs)? If there’s no malware created prior to a web page with questionable content how do you end up at said web page?
I ask this rhetorical question: Where does objectionable material come from - a site like Disney.com or the pornographic dot coms?*
Interesting. The registry key is specifically named “TypedURLs”, so Microsoft seems to have clearly intended that only URLs actually entered in the address bar appear in the dropdown list.
However I know spyware can change the registry, I’ve certainly spent enough time cleaning the results out.
But has anyone ever seen any spyware that added URLs to the history list? I haven’t, but there is a bunch of spyware out there.
don’t ask thanks for the link. Also very interesting. It seems the police pay attention to the difference between ordinary history and TypedURls.