Back to top

crazy browser stuff

EDIT: like this? Digg it.

I get asked questions - and now I'm answering them here to share the knowledge beyond the emails.

Today one of my coffee group reported the following:

1. He was trying to sign up for {online service} and was asked the usual

information and also he birth date and sex (not gender, as that only

applies to language usage).

2. He questioned the need for this and tried to submit the request

without it. He was rejected and told to fill out those boxes.

3. He called the {online service} and was told that they do not request that

info, that his browser had added it to their website. He was told that

if he did not believe them, he could try logging on to their website

through another browser and see.

4. He tried using MSN and IE and, lo and behold, the questions were

not there. They had been there when he used AOL.

Our question to you: Is this possible? How can this be?

This is interesting, and very possible.


There was clearly something malicious going on that didn't involve the {online service} system. It could have been an extra entry in his hosts file or it could have been some software that watches your browser and whenever you type in {online service} it adds in some extra fields and redirects the form to somewhere else. The malicious software could have gotten there from hundreds of different ways including security flaws in IE and/or Windows. It could have gotten there because this person downloaded some "fun" software for their machine and installed that (and the fun software had malicious software inside it).

You know how AOL gives you marketing stuff that gives you warm fuzzies and they claim that they are protecting you - it's clearly a lie. Look at this report on IE security from Secunia.

Secunia is in the security business and tracks bugs in software. Even after all of the updates for IE, there are highly critical problems with it. AOL browsing technologies are based on IE so they are open to the same problems as IE. That's probably part of why they started bundling all that spyware and virus checking software along with the AOL system.

How to stop from getting this

Don't use MSN or AOL or IE or Outlook or Outlook express - ever. Start over by re-installing the operating system. Then, use Firefox or Opera for browsing, use gmail for your mail (because they'll do virus scanning for you), keep absolutely up to date on MSWindows updates and don't install software unless you know it to be good software.

Alternatively, use a Mac or Linux and stay up to date with their respective updates but rest confident that there are many fewer virii or phishing attempts focused on those systems (to the point of them being basically non-existent).

The interesting side

I said it was "interesting" and very possible and have only talked about the possible side and the how to fix it site. What's interesting to me is that what if he hadn't been skeptical about those extra fields? What if he hadn't called Netflix to ask about them? What if the customer support rep at {online service} hadn't been as good? He would have just kept using a machine infected with something and giving his information away to whomever is spying on him. At least now he knows, but what has he given out so far without knowing he was doing it? Yikes.

People Involved: 


I agree with you on all

I agree with you on all points, you are dead on. I would also like to add that malwarebytes is a great piece of free software which you can use to to get rid of viruses and spyware a the same time.

Your advice is great, thank you.