[Dshield] Spyware Scan

Tom Geairn tgeairn at newviewconsulting.com
Mon Mar 18 23:25:54 GMT 2002


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A little follow up on this, since it is a hot topic amongst the
conspiracy minded.

The exact script executed when you click "Show Related Links" is
below.  As the registry key in question indicates, the file can be
found at: %SystemRoot%\web\related.htm.  You will notice that the
only thing sent is the current page
(external.menuArguments.location.href).  This is contrary to what
some people would have you believe.

<Related.htm follows>
- -----------------------------------------
<script>

//Build the query
userURL=external.menuArguments.location.href;
RelatedServiceURL="http://related.msn.com/related.asp?url=";

//Perform simple check for Intranet URLs 
//this is where the http or https will be, as found by searching for
:// but skip res:
protocolIndex=userURL.indexOf("://",4);
serverIndex=userURL.indexOf("/",protocolIndex + 3);
urlresult=userURL.substring(0,serverIndex);

//Check if Intranet URL - then open search bar

if (urlresult.indexOf(".",0) < 1) userURL="Intranet URL";
finalURL = RelatedServiceURL + encodeURIComponent(userURL);
external.menuArguments.open(finalURL, "_search");

</script>
- -------------------------------------------

- -Tom Geairn
NewView Consulting, LLC
 

- -----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On
Behalf Of Rick Rowerdink
Sent: Monday, March 18, 2002 3:51 PM
To: list at dshield.org
Subject: [Dshield] Spyware Scan


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPJZ3gskak2XDABkdEQJFAgCgv+rUO/iyWUOrzclAfM4Yq+Texb0AoK+a
spFjOAo5Z0a6w3NBgO1zyWS3
=7HnI
-----END PGP SIGNATURE-----




More information about the list mailing list