[Full-Disclosure] Is the FBI using email Web bugs?
Gary E. Miller
gem at rellim.com
Thu Jan 8 20:13:00 GMT 2004
Yo Todd!
On Thu, 8 Jan 2004, Todd Burroughs wrote:
> I was wondering what "Web Bug" was, got figuring that it was simply
> clicking (or automatically clicking) on a link.
A web bug can be much more than that. When you read an HTML email or
web page your workstation can send back gobs of information aount you.
For a benign web bug check out awstats: http://awstats.sourceforge.net.
It is an automated system for collecting web user data. It collects
some interesting data on the user using the "awstats.js" web bug.
screen size
operating system
browser type and version
java support
pdf support
flash support
etc....
It could easily return any data that is available to the local javascript
engine. Depending on security setting it could read/write any file or
registry on your local workstation.
More malicious "web bugs" are out there. Like active-X controls that
install silently and log all your keystrokes. My daughter found several
that just pop up porn links on the desktop randomly. Spammers use "web
bugs" to turn your IE into silent spam bots.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
gem at rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
Full-Disclosure is hosted and sponsored by Secunia.