News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Popups

Started by Robert Collins, June 06, 2005, 05:16:15 PM

Previous topic - Next topic

Robert Collins

What causes popups?

About a year ago I was getting the same popup all the time and more so it was installing an executable into my system. I finally got fed up with this so I was able to contact the company for which the popup was advertizing. I told them to please keep their crap off my computer and they responded back apoligizing to me and told me that they had no control over it because their ads were bundled up with other ads and were being sent by an unknown source. Well, I wrote back and told them that I didn't care and that it was your ad and your executable so if you don't stop doing it I was going to take further action against them. Since then, I have not recieved any more of their stuff.       

If I go to a web site my browser knows what file to get because I explicitly told it so by typing in the complete URL.  Now, even if I go to my own web site which I know is clean then how does the browser know to get other files (popups) when I did not explicity give it the URL of the site from where the popup came from. How does this other URL get inserted into my browser?

AeroASM

If you get popups even when you go to a clean site, then you probably have adware (most likely Shop-At-Home). Get Microsoft's anti-spyware tool.

Mark Jones

Ads/popups probably get inserted by javascripts and/or flash. In more obscure cases, I think a SSI (server-side-include) could spawn a second browsing thread or a BHO (browser helper object) can be automatically installed - without your knowledge - and run like a process in the browser. FireFox does not allow BHO's to do this, (maybe SSI's also) and that's one reason why you get much less popups when using that browser.

I can reccomend several great tools to permanently get this under control:

Get FireFox! - A nice, small, full-featured browser that won't take over IE or do any "bad" things to your PC.
Spyware Blaster - Program which maintains a database of bad scripts and BHO's and blocks them automatically, preventing malware and adware from ever being installed.
SpyBot Search & Destroy - A very nice spyware/malware detection and removal tool with lots of advanced features.
Pest Patrol - An extremely thorough spyware/malware scanner. It often finds stuff that is NOT necessarily spyware, so be careful deleting everything it finds.

Hope that helps. :)
"To deny our impulses... foolish; to revel in them, chaos." MCJ 2003.08

Robert Collins

Thanks for your responses, they are very informative. However I need to clarify myself. What I was really wanted to know was how do popups work technically. What actualy takes place?   

doomsday

Another common way to open a popup is with a javascript function called window.open( 'someurl.com', windowIdentifier, "feature string") ('open' being a member function of the 'window' object).  Of itself, the ability to create popup windows isn't a terrible thing but too often it's either used (like the blinking text attribute in the DOS text modes) by people who think it's the coolest thing ever, or by people trying to hide malicious goings on.

I'd also like to add my voice to the others here:  Get Mozilla, K-Melon, Netscape, or any other brower appart from IE.  My money says you won't miss it.

For a benign example, copy & paste the following code to notepad and save it as a .HTM before and use IE to open the page.

regards,
-Brent

ps:
QuoteNow, even if I go to my own web site which I know is clean then how does the browser know to get other files (popups) when I did not explicity give it the URL of the site from where the popup came from. How does this other URL get inserted into my browser?
My best guess is that you've got a trojan.



<html><head><title>Test Page</title></head><body><script>

var popupWindow = null;

// This function opens a popup window if it hasn't already been opened.
// If the window has been opened, then this function closes it.
function OpenPopup()
{
if (!popupWindow)
{
// If you want, insert your favorite URL inbetween the first two quotation marks
// on the next line ...
popupWindow = window.open('', '', 'width=300,height=200');
// ... then delete the next two to make this script open a 'popup' window
// which loads your favorite URL
popupWindow.document.title = 'Test popup window';
popupWindow.document.write('<center><h1>This is a popup window</h1></center>');
}
else {
popupWindow.close();
popupWindow = null;
}
}

</script><center><h1><br>
<a href="javascript:OpenPopup();">Open/Close Popup</a>
</h1></center>

</body></html>


sluggy

Another way to get the popups even when going to a clean site is for spyware to install an inline proxy (either as a stand alone proxy or by hooking/replacing various API or system dlls). With a proxy they get access to you request both before it leaves your machine, and as the requested page comes back in.

drhowarddrfine

I have switched to Firefox because I'm creating websites for two companies and hope to expand to a full fledge design company.  I've learned to absolutely despise IE.  IE is five years behind the standards AND they get it wrong in some cases.  We have to design the site to Firefox because they get the standard correct.  Then we have to adjust the code to make it work in IE.  Worst case we have to throw out code and start over to make it work in IE. 

It's not really that bad but it would be nice to not have to keep creating workarounds for IE.  A lot of the gurus use sentences like "it works on modern browsers and IE".  It's generally considered out of date but there is little hope IE7 will be much better.

Robert Collins

Quote from: drhowarddrfine on June 15, 2005, 09:36:32 PM
I have switched to Firefox because I'm creating websites for two companies and hope to expand to a full fledge design company.  I've learned to absolutely despise IE.  IE is five years behind the standards AND they get it wrong in some cases.  We have to design the site to Firefox because they get the standard correct.  Then we have to adjust the code to make it work in IE.  Worst case we have to throw out code and start over to make it work in IE. 

It's not really that bad but it would be nice to not have to keep creating workarounds for IE.  A lot of the gurus use sentences like "it works on modern browsers and IE".  It's generally considered out of date but there is little hope IE7 will be much better.

Thank you, drhowarddrfine, but I am having problems figuring out what it is in your post that helps me with the cause of popups.

drhowarddrfine

My response was OT but I thought doomsday and Mark answered the question.

Robert Collins

Not really. I just haven't had time to respond back in a more meaningful way because I'm not sur how to explain what I was wanting to know although their responses were helpful but not quite what I was looking for.

sluggy

Quote from: Robert Collins on June 08, 2005, 02:32:56 PM
Thanks for your responses, they are very informative. However I need to clarify myself. What I was really wanted to know was how do popups work technically. What actualy takes place?   
What happens is your browser has a javascript parser and execution engine (or it can use the windows scripting host). The browser parses & executes all inline javascript as the html page is rendered. Other javascript gets parsed as it is called in response to various events, i.e. you can have javascript called by specifying the body.onLoad event, this js will then be executed when the body of the document has finished loading (but not necessarily finished rendering). Why do i mention this? Because that is quite a common way of spawning popups, the code will look similar to this:


<html>
    <head>Blah</head>

    <body onload="this is my javascript; callAnotherFunction(); window.open('url',.....);">

    </body>
</html>


This is very similar to what doomsday mentioned above.

chep

There are also free web hosts having installed a kind of "filtering" module to their web server that is able to dynamically add contents (typically, ad popups) to any requested (clean) page.
Most of the time they insert a javascript link in the page's HEAD, and use the onLoad method that sluggy described.