Tue Nov 30, 2004 8:31 am
*refreshes many times and sees no non-neo related ads* Thank you neopets staff! 
Tue Nov 30, 2004 8:37 am
Just to make everybody a little bit paranoid, I found the following article in EWeek about viruses being delivered via Banner Ad Servers:
IE Exploit Targets Banner Ad Servers
By Ryan Naraine
November 22, 2004
The ubiquitous banner ad has become the latest delivery mechanism for exploit code targeting a known flaw in Microsoft Corp.'s Internet Explorer browser.
During a 12-hour window over the weekend, hackers broke into a load balancing server that handles ad deliveries for Germany's Falk eSolutions and successfully loaded exploit code on banner advertising served on hundreds of Web sites.
"Users visiting Web sites that carry banner advertising delivered by our system were periodically delivered a file from the compromised site. This file tries to execute the IE-Exploit function on the users' computer," Falk eSolutions confirmed Monday.
The exploit (Bofra/IFrame) takes advantage of an IE vulnerability discovered and reported to Microsoft earlier this month. It is a variant of the MyDoom virus that launched zero-day attacks on vulnerable IE users two weeks ago.
The flaw, which does not affect IE users running Windows XP Service Pack 2 (SP2), has not yet been patched.
The SANS Internet Storm Center (ISC), which tracks malicious Internet activity, said it was in the process of contacting other Falk customers in Sweden and the Netherlands that may have also been compromised.
SANS ISC Director Marcus Sachs told eWEEK.com the fact that the ad servers were used to distribute the exploit suggests that hundreds of sites, and possibly millions of users, were affected.
Sachs said the Center is highly recommending that users ditch the affected IE browser until Microsoft issues a fix.
"This is a strong candidate for an out-of-cycle Microsoft patch. There are real exploits circulating with real security risks," Sachs said, noting that the next scheduled patch from Microsoft won't be available until Dec. 14.
"The fact that this has already been fixed in SP2 suggests that Microsoft has been aware of it for a very long time," Sachs said, noting it was also very possible that the vulnerability was fixed during the SP2 code rewrite.
The ISC is urging Web site operators that serve banner ads to verify the banners do not contain the IFrame exploit code. "Or you might want to consider disabling banner ads for a little while to minimize the risk of accidentally infecting your users and propagating," the Center said.
Because the vulnerability is easy to exploit, Sachs said it is very likely that malware for this issue will emerge in many flavors and colors. In addition to the possibility of becoming infected while surfing a Web site, there are e-mail propagation vectors, he added.
NOTEThe full article is found at http://www.eweek.com/article2/0,1759,1730904,00.asp
IE Exploit Targets Banner Ad Servers
By Ryan Naraine
November 22, 2004
The ubiquitous banner ad has become the latest delivery mechanism for exploit code targeting a known flaw in Microsoft Corp.'s Internet Explorer browser.
During a 12-hour window over the weekend, hackers broke into a load balancing server that handles ad deliveries for Germany's Falk eSolutions and successfully loaded exploit code on banner advertising served on hundreds of Web sites.
"Users visiting Web sites that carry banner advertising delivered by our system were periodically delivered a file from the compromised site. This file tries to execute the IE-Exploit function on the users' computer," Falk eSolutions confirmed Monday.
The exploit (Bofra/IFrame) takes advantage of an IE vulnerability discovered and reported to Microsoft earlier this month. It is a variant of the MyDoom virus that launched zero-day attacks on vulnerable IE users two weeks ago.
The flaw, which does not affect IE users running Windows XP Service Pack 2 (SP2), has not yet been patched.
The SANS Internet Storm Center (ISC), which tracks malicious Internet activity, said it was in the process of contacting other Falk customers in Sweden and the Netherlands that may have also been compromised.
SANS ISC Director Marcus Sachs told eWEEK.com the fact that the ad servers were used to distribute the exploit suggests that hundreds of sites, and possibly millions of users, were affected.
Sachs said the Center is highly recommending that users ditch the affected IE browser until Microsoft issues a fix.
"This is a strong candidate for an out-of-cycle Microsoft patch. There are real exploits circulating with real security risks," Sachs said, noting that the next scheduled patch from Microsoft won't be available until Dec. 14.
"The fact that this has already been fixed in SP2 suggests that Microsoft has been aware of it for a very long time," Sachs said, noting it was also very possible that the vulnerability was fixed during the SP2 code rewrite.
The ISC is urging Web site operators that serve banner ads to verify the banners do not contain the IFrame exploit code. "Or you might want to consider disabling banner ads for a little while to minimize the risk of accidentally infecting your users and propagating," the Center said.
Because the vulnerability is easy to exploit, Sachs said it is very likely that malware for this issue will emerge in many flavors and colors. In addition to the possibility of becoming infected while surfing a Web site, there are e-mail propagation vectors, he added.
NOTEThe full article is found at http://www.eweek.com/article2/0,1759,1730904,00.asp
Tue Nov 30, 2004 8:39 am
Cranberry wrote:davthocao2 wrote:Bleh, I'll get the Adblock anyways for the remaining games flash buttons... Where do I download it?
Firefox here, adblock here. And if you want the alt text to pop up when you mouse over an item in your inventory or a shop, you'll need this.
ETA: To easily block all the ads on Neopets, add these three filters to AdBlock:
http://images.neopets.com/buttons/*
http://images.neopets.com/728ads/*
http://images.neopets.com/ads/*
Cranberry, you are an absolute champion
Now if only there was something I could do about that damn IFrame
EDIT: Just a question, but does anyone know how to permanantly decrease the size of the text? It's really helpful, bit I've got no idea how to make it permanant. Sorry, non-techie here
Last edited by Twisted Sanity on Tue Nov 30, 2004 8:53 am, edited 1 time in total.
Tue Nov 30, 2004 8:48 am
Sierra, very interesting - and scary article. You should send that to Adam!
The thing with Firefox and the adblocker. Someone on another topic said yes, it does block the ad from being seen, but it IS still downloading, and is there. You just don't see it. Which means you are still open to spyware if it's there. I-Frames are evil IMO. I've had problems on another site from them.
I've seen Yahoo Hotjobs, Verison DSL - 2 versions, Verizon wireless phones. So that's 4 ads so far. Thing is, they're on just about every page for so many pages. I had 9 pages in a row with outside ads, then 3 Neo ads (which almost made my head explode), then 7 pages of outside ads, then 7 Neo ads. The petpetsitter, mynci beachball and "ready to rock" are killers that big.
All I can say is my dial up connection is even slower, some links don't want to work, I have to beat on the mouse and repeatedly click to navigate. I am not a happy camper.
The thing with Firefox and the adblocker. Someone on another topic said yes, it does block the ad from being seen, but it IS still downloading, and is there. You just don't see it. Which means you are still open to spyware if it's there. I-Frames are evil IMO. I've had problems on another site from them.
I've seen Yahoo Hotjobs, Verison DSL - 2 versions, Verizon wireless phones. So that's 4 ads so far. Thing is, they're on just about every page for so many pages. I had 9 pages in a row with outside ads, then 3 Neo ads (which almost made my head explode), then 7 pages of outside ads, then 7 Neo ads. The petpetsitter, mynci beachball and "ready to rock" are killers that big.
All I can say is my dial up connection is even slower, some links don't want to work, I have to beat on the mouse and repeatedly click to navigate. I am not a happy camper.
Tue Nov 30, 2004 8:48 am
ETA: To easily block all the ads on Neopets, add these three filters to AdBlock:
http://images.neopets.com/buttons/*
http://images.neopets.com/728ads/*
http://images.neopets.com/ads/*
There are a few others that do not belong to the images.neopets.com domain, in particular an add for a USA Greencard. You can just right click the add when it comes up and click on Adblock image to get rid of it for the future.
Tue Nov 30, 2004 8:58 am
everconfused wrote:Sierra, very interesting - and scary article. You should send that to Adam!
The thing with Firefox and the adblocker. Someone on another topic said yes, it does block the ad from being seen, but it IS still downloading, and is there. You just don't see it. Which means you are still open to spyware if it's there. I-Frames are evil IMO. I've had problems on another site from them.
All I can say is my dial up connection is even slower, some links don't want to work, I have to beat on the mouse and repeatedly click to navigate. I am not a happy camper.
Everconfused, the article scared me too when I saw it! The scary thing is Microsoft isn't going to issue a security patch until at least December 14th. Many IT professionals are advising to use alternative browsers until the patch comes out. I usually use Netscape, so it doesn't affect me. But lately I've had to use IE when dealing with my SDB and Stocks because NS has been truncating my pages for the last two weeks.
My dial-up connection is much slower also. I think it's because everytime the ad server puts up an ad, data is transmitted back and forth to several websites.
I went to join up with Neo's Portal, but then I reread the Terms of Service and Privacy Policy of Velocity, their provider. And it still stinks.... So, I guess I'll get Firefox. But, as you point out, spyware and malware can still be installed on my machine from the outside ads. The Ad Blockers block out the image -- they don't do a thing about actual downloading of the image....
Tue Nov 30, 2004 9:12 am
I suppose if your on XP you can access the NP website with a restricted XP account...and then don't have to worry about getting spyware.
I do it for the computer labs I'm in charge of. Very little spyware can get on the machines if your not allowed to install anything.
I do it for the computer labs I'm in charge of. Very little spyware can get on the machines if your not allowed to install anything.
Tue Nov 30, 2004 9:15 am
Yeah, the ad still loads (I'm Canadian and I get very few outside ads, so it's not a huge deal for me). However, you can go into tools-options-privacy-cookies on Firefox and set it so that the browser will only accept cookies from the originating site, and that should be safer, right?
ETA: yep.
However, sometimes a Web site displays content that is hosted on another site. That content can be anything from an image to text or an advertisement. The other Web site that hosts also has the ability to store a cookie in your browser, even though you don't visit the site directly.
Cookies that are stored by a site other than the one you are visiting are called third-party cookies or foreign cookies. Web sites sometimes use third-party cookies with transparent GIFs, which are special images that help sites count users, track email responses, learn more about how visitors use the site, or customize your browsing experience. (Transparent GIFs are also known as web beacons or web bugs.)
What this checkbox does is that it blocks these foreign cookies from being saved.
ETA: yep.
However, sometimes a Web site displays content that is hosted on another site. That content can be anything from an image to text or an advertisement. The other Web site that hosts also has the ability to store a cookie in your browser, even though you don't visit the site directly.
Cookies that are stored by a site other than the one you are visiting are called third-party cookies or foreign cookies. Web sites sometimes use third-party cookies with transparent GIFs, which are special images that help sites count users, track email responses, learn more about how visitors use the site, or customize your browsing experience. (Transparent GIFs are also known as web beacons or web bugs.)
What this checkbox does is that it blocks these foreign cookies from being saved.
Tue Nov 30, 2004 9:45 am
twinklyspangle wrote:I hate it, it's horrible. I hope this isn't "lets make neopets look really gross so everyone buys premium". *cries*
Lol, that statement made me chuckle.
Maybe that really is the case... if not they wouldn't "discreetly" add in the news that Premium users don't experience it. 
Tue Nov 30, 2004 11:07 am
Qanda wrote:twinklyspangle wrote:I hate it, it's horrible. I hope this isn't "lets make neopets look really gross so everyone buys premium". *cries*
Lol, that statement made me chuckle.
Whatever do you mean by that statement?
And Adam, you said it would be flush to the top if we blocked it.
I blocked one of the banner's iFrames, so every so often, it goes flush to the top.
Tue Nov 30, 2004 11:23 am
I very much don't like it... But what can one do...
I just hope that its not permanent.... I do hope that someday neopets will be ad-free.
I just hope that its not permanent.... I do hope that someday neopets will be ad-free.
Tue Nov 30, 2004 11:31 am
its annoying, but thankfully one click on the wheel on my mouse scrolls down so it's not visible anyway, and since i always scroll as the page is opening, i dont have to look at them.
Tue Nov 30, 2004 1:04 pm
THe inventory changed. No more brackets ard the items..... Looks weird though.....
I also notices that the page where you get the prize for the WOE and the WOmedicocrity, the brackets ard the items' pictures are gone.
I also notices that the page where you get the prize for the WOE and the WOmedicocrity, the brackets ard the items' pictures are gone.
Tue Nov 30, 2004 1:47 pm
Ugh... got a shock when I noticed an out-site ad...
And the first time I opened the front page Mozilla crashed
And the first time I opened the front page Mozilla crashed
Tue Nov 30, 2004 2:11 pm
Well, intially out of 10 refreshes, I got 5 off-site ads. 2 were verizon and 3 were Google's Froogle. 3%, ya right. Now that I have them blocked I'm seeing less, but still for those who don't/can't block...
I've been using FF, but glad that I have XP SP2 for when I use IE. Whew.
I've been using FF, but glad that I have XP SP2 for when I use IE. Whew.