Hacker techniques exploited
That's just the tip of the iceberg, according to security experts, who say they are turning up even more troubling examples of how settings can be quietly tweaked.
"We're now seeing Internet marketing companies using the same techniques that hackers use...to try to get more traffic," Smith said.
In one example turned up late last year, security company F-Secure reported a Web site apparently took advantage of a vulnerability in Internet Explorer 5.0 to cause people's home page preferences to be reset. F-Secure said the site appeared to use a Trojan virus dubbed "seeker" to drop a file in a person's Windows start-up folder when someone visited an adult site.
The operators of the site could not immediately be reached for comment. The company reportedly discontinued the practice after it became known.
Microsoft issued a security patch for the bug, dubbed "scriplet/Eyedog," in mid-1999, but the exploit hasn't gone away.
Just this week, online entertainment Web site PassThisOn.com acknowledged it had knocked out the home page preferences of some consumers over an unspecified period using the same bug.
PassThisOn co-founder Sanford Wallace, who won Internet fame in a previous career as the self-professed "King of Spam," acknowledged use of the bug. However, he said it was unintentional and that he fixed the code himself after learning of it.
Although the problem was corrected, it demonstrates how easy it is for Web sites to override a person's preferred home page, and the difficulty in restoring the original page.
According to Wallace, the home page switches were caused by a test he was conducting to garner more site traffic without redirecting Web surfers away from their original home pages.
"We were experimenting with a script that would not change your home page, but redirect your home page through our servers to your intended home page," he said. The test was an attempt to determine, "if we have them go through our server, would it change our traffic metrics?"
Security experts, who contacted CNET News.com with details of the bug this week, responded that the explanation was troubling because by routing pages through its servers, PassThisOn could potentially monitor individuals' surfing habits.
"If you allow the page to completely load, it's saving a file to your start-up folder," said Brian High, a network administrator at a scientific lab, and one of a handful of computer specialists who investigated the code at PassThisOn. "That script is executed the next time you reboot your machine and it changes the Internet Explorer start page" to PassThisOn.
"Before (Thursday), this all happened without the users' consent."
Software specialists said the exploit was functioning Wednesday under a file called "music.js," but by Thursday it had apparently been turned off.
Specifically, the file contained about 1.6K of data Wednesday night, software analysts say, but by Thursday it held only 1 byte of information. "It looks like they turned it off," High said.
When the code is written to a person's machine with or without consent, security experts say it resembles a Trojan horse virus. With consent, it is still questionable because instructions aren't given to get rid of the code, which continually resets the person's home page to PassThisOn's chosen address once a computer is rebooted even if the person has changed his or her start page preferences. Security experts say the only way to undo it is to remove the "reg.hta" file in the start-up folder.
Geez, if I did that to them, I would be prosecuted for hacking. Guess the laws written the the people don't apply to Companies.
Have a Nice Penguin Day..!
R Spinks