Hijacked Web Traffic For Sale

← Back to Stories (view on slashdot.org)

Hijacked Web Traffic For Sale

Posted by timothy on Sunday January 29, 2012 @07:50PM from the 1-crying-young-spying-young-viewer-for-sale dept.

mask.of.sanity writes "If you can't create valuable content to attract users to your site, Russian cyber criminals will sell them to you. A web store has been discovered that sells hacked traffic that has been redirected from legitimate sites. Sellers inject hidden iframes into popular web sites and redirect the traffic to a nominated domain. Buyers purchase the traffic from the store to direct to their sites and the sellers get paid."

7 of 68 comments (clear)

Min score:

Reason:

Sort:

Uhm... by martin-boundary · 2012-01-29 20:14 · Score: 4, Informative

Isn't this what websites do all the time with ads, and Facebook and Google+ buttons? It's not like I personally agree to send my traffic to Facebook when the button shows up on a random webpage, and visiting all those ad servers incidentally just slows down my web browsing for no good reason.
1. Re:Uhm... by Anonymous Coward · 2012-01-29 20:48 · Score: 2, Informative
  
  Isn't this what websites do all the time with ads, and Facebook and Google+ buttons? It's not like I personally agree to send my traffic to Facebook when the button shows up on a random webpage, and visiting all those ad servers incidentally just slows down my web browsing for no good reason.
  This is different. In this case, It looks like the browser is redirected to the to the seller's domain. The "buttons" you refer to are just AJAX requests in the background.
  what are you talking about? facebook "like" buttons are either scripts or iframes, and the script just adds an iframe after the fact, but in it all comes down to GET requests and cookies stealing information that do slow down browsing of sites. if you cannot see this perhaps it is time to get off dialup.
2. Re:Uhm... by Pieroxy · 2012-01-29 21:56 · Score: 5, Informative
  
  ?
  You only "send your traffic" to facebook, if you choose to click on the link to Facebook.
  Aaaaand, congratulations! You don't know how the Web works.
  Whenever you see the "Like" facebook button, you browser has made several HTTP request to facebook and run facebook hosted scripts on your page. And if you're logged in to facebook on that computer, facebook has recorded the fact that YOU went to that page.
  All of that without clicking on the button, courtesy of the website owner.
  
  --
  Write boring code, not shiny code!
3. Re:Uhm... by trancemission · 2012-01-29 23:02 · Score: 5, Informative
  
  You only "send your traffic" to facebook, if you choose to click on the link to Facebook.
  ?
  
  Wrong. Many sites share information on their visitors to 3rd parties, this allows said 3rd parties to track and profile you. You do not have to click a link, it happens in the background.
  
  Use this to find out who the main players are: http://www.ghostery.com/
  
  Ghostery sees the invisible web - tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.
  
  And obviously ad-block plus, NoScript at al...
  
  Facebook specific:
  https://addons.mozilla.org/en-US/firefox/addon/facebook-blocker/?src=userprofile
Re:AAA: Anti-Ajax-Argument by Pieroxy · 2012-01-29 21:58 · Score: 3, Informative

You are correct. AJAX cannot be cross-domain.
There is however a catch, since a lots of libraries will allow you do do cross-domain "AJAX-like" request by adding a "SCRIPT" object to the page dynamically. You can't POST but you can GET fine with this method since the SCRIPT tag is cross domain.

--
Write boring code, not shiny code!
AJAX-like = JSONP by sakdoctor · 2012-01-29 22:40 · Score: 3, Informative

https://en.wikipedia.org/wiki/JSONP
...and the correct way to do the same thing on modern (aka not fricking ancient) browsers...
https://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing
Re:I don't understand.... by MrAngryForNoReason · 2012-01-29 23:00 · Score: 3, Informative

Somebody please enlighten me on how this service works. If you are "injecting" inline frames that have a size of 0 width and 0 height, then how the heck does anybody click on it? I don't get it.
The iframe loads in a line of javascript which initiates a redirect to the target site. The user doesn't need to click on anything as the javascript will run automatically.
What this means in practice is that as soon as a user loads the page they will be redirected to the target site, probably so quickly that they don't realise. This is what makes it so dangerous as the user can be redirected to a page that is almost identical to the genuine one and then convinced to login to the site giving up their login or bank details etc.