Web Bugs
Tags
Web Development

The phishing attack

Our world is filled with mouse clicks and keystrokes that connect us to each other. There's been a revolution in the way we live and do business. We're affected in ways we never imagined.

With the internet, we can get information right on our monitors instead of browsing through books. Businesses have always benefited from the internet, so now they can sell their products and services online. You can buy them with a credit card, or your online banking system (e.g. PayPal, Bitcoin) without even leaving your house. From the average person to big companies and organizations, everyone has benefited from the internet.

Netizens are people who use the internet to live their lives. We all know that netizens don't have to be on the right side of the law. Cybercrooks, criminals, hackers, and script kiddies use online services to target and disrupt the lives of innocent internet users, including:

  • Exploiting web vulnerabilities like XSS, CSRF, and Clickjacking.
  • Exploits that don't exist yet
  • Vulnerabilities related to authentication bypass
  • Sending spam, etc.

The activity of malicious attackers can be tracked by various methods that can be deployed on websites. Using web bugs is one such method.

Web bugs are small images (e.g. .gif, .jpeg, .png) that companies and organizations use on their websites, e-mails and other HTML documents to track users.

There are some web bugs that aren't intrusive. A company could use them to keep track of how many hits their site gets every day, or how many active forum users there are.

There are also web bugs that are intrusive. A backend server can be used to log data about a user's internet activity.

Viewing web bugs collects the following information:

  • The IP address of the client who visited the site
  • Where is the web bug?
  • Here's an image of the web bug
  • Visited/viewed time of web bug
  • This is the user agent of the client who viewed the site
  • Cookie value previously set
  • Where can I find a web bug?

Once you see a banner ad, you know you're being tracked. The problem is that people can't see web bugs, and anti-cookie filters don't catch them. Web bugs track surfers on sites where banner ads aren't present, or on sites where people don't expect to be followed.

If you want to find a web bug, you need to look at the HTML code of the target page. Let's look at the HTML source of a webpage for demonstration purposes:

I've highlighted the <[img]> tag in blue. You'll notice that the source of the image file isn't an image, but a PHP file.

Now let's see what the page looks like in the browser. The page looks like this:

The web bug can be seen by zooming in on the page. Press Alt > View on the menu bar > Zoom > Zoom-I. Do this five or eight times. You can also zoom in by pressing "CTRL + +" repeatedly five to eight times. Click anywhere on the website with the mouse. You can select all the text in the web page by pressing "CTRL + A". You’ll notice a tiny blue circle highlighted on the webpage:

These web bugs are one-pixel images, which you cannot see with the naked eye unless you zoom in.

However, even looking for these signs does not guarantee that you will spot a web bug, since it could appear on any image on the page.

Checking email messages for web bugs:

You are already familiar with the sender of the message. In addition, they include the email address in the URL for the web bug. It is possible to enter the email address in plain text or in encrypted form. Below are two examples of web bugs found in junk mail:

<[img width=’1′ height=’1′ src=”http://www.m0.net/m/logopen02.asp? vid=3&catid=370153037&email=test %40example.net” alt=” “]>
OR
<[IMG SRC=”http://email.bn.com/cgi-bin/flosensing? x=ABYoAEhouX”]>

Web bugs should be posted in a web forum as follows:

Users can put images in posts and signatures on a lot of web forums. You'll have to look at the forum's documentation to see if they have a tag for images. An example would be:

code: [img]http://w1.example.com/webbug.php[/img]

Some forums check the file type in the tags and don't let you insert images. This issue can be resolved by using a workaround. In the first step, enter the filename followed by the file type as an image file.

code: [img]http://w1.example.com/webbug.bmp[/img]

In your Apache configuration, you need to set up a redirect. In the httpd.conf file, add the following line:

code: Redirect /webbug.bmp /webbug.php

Is every invisible image a bug?

I'm sorry, but no. On webpages, invisible images are also used for alignment. It's easy to tell a web bug from an alignment image because they usually load from a different web server.

Web bugs are used for:

This technique is used by advertisers to determine which sites people visit. The ad network's browser cookie identifies the user's profile. The advertising company stores this personal profile on its database servers. This determines which banner or ad will be displayed.

Web bugs can also be used to determine how many people have visited a particular webpage.

Statistics about web browser usage are also collected by web bugs.

Emailing web bugs:

  • You can use a web bug to see if a message has been read and when it was read.
  • If the email recipient wishes to remain anonymous, a web bug can provide an IP address.
  • A web bug can be deployed in an organization to track how often messages are forwarded.

Use of web bugs in the "junk" folder:

  • They measure how many people have received the same email message.
  • You can use them to determine if a message has been viewed in the junk folder. In that case, the messages are removed from the mailing list.
  • They also sync browser cookies with email addresses. In this way, websites can identify visitors at a later date and time.

Web bugs and privacy:

  • Controversial web bugs. People can be monitored by third parties because of web bugs. When they read their email, most people are concerned that someone is tracking them.
  • Privacy policies rarely mention web bugs. It is also pertinent to mention the general practice of online profiling by third parties.
  • Privacy advocates see an insidious side to the tiny tags.

"The danger is that if you navigate to a site about yeast infections, before the screen loads, the fact that you visited the site is now registered somewhere in the world. It's the evil of web bugs," said Ira Rothken, a lawyer at San Rafael, California's technology-oriented Rothken Law Firm.

Whenever a company links your cookie number to your phone number or street address, the problem is magnified.

Web bugs, like cookies, can also be useful. Cookies can store passwords and other sign-in information. Website bugs can help you manage content more effectively. Furthermore, they help online ad agencies track campaigns without banners.

Based on documents disclosed in 2011, the FBI has been using web bugs since 2005 to gather a computer's internet protocol address, list of programs installed, and other information. In 2007, the FBI used a similar tool to track a person convicted of emailing bomb threats in Washington.

Measures to prevent:

Look in your email client's documentation for how to disable HTML email or block external images to prevent web bugs in email. Gmail, for example, disables external images by default. Newer mail clients also refuse to load outside images by default.

Unless you disable images altogether, it is nearly impossible to completely block web bugs. By choosing to block known web buggers, Bugnosis ( http://www.bugnosis.org ) and Ad Block ( http://adblock.mozdev.org/ ) can be helpful. Spybot Search and Destroy and Ad Aware can help find and destroy cookies left by some web bugs.

Creating your own PHP web bug:

The PHP script is webbug.php. In a MYSQL database, the script stores OS, IP address, user agent, port address, language, and encoding type.

Tables and scripts need to be modified.

[php]
‘Win95’ => ‘(Windows 95)|(Win95)|(Windows_95)’,
‘WinME’ => ‘(Windows 98)|(Win 9x 4.90)|(Windows ME)’,
‘Win98’ => ‘(Windows 98)|(Win98)’,
‘Win2000’ => ‘(Windows NT 5.0)|(Windows 2000)’,
‘WinXP’ => ‘(Windows NT 5.1)|(Windows XP)’,
‘WinServer2003’ => ‘(Windows NT 5.2)’,
‘WinVista’ => ‘(Windows NT 6.0)’,
‘Windows 7’ => ‘(Windows NT 6.1)’,
‘Windows 8’ => ‘(Windows NT 6.2)’,
‘WinNT’ => ‘(Windows NT 4.0)|(WinNT4.0)|(WinNT)|(Windows NT)’,
‘OpenBSD’ => ‘OpenBSD’,
‘SunOS’ => ‘SunOS’,
‘Ubuntu’ => ‘Ubuntu’,
‘Android’=>’Android’,
‘Linux’ => ‘(Linux)|(X11)’,
‘iPhone’=>’iPhone’,
‘iPad’=>’iPad’,
‘MacOS’ => ‘(Mac_PowerPC)|(Macintosh)’,
‘QNX’ => ‘QNX’,
‘BeOS’ => ‘BeOS’,
‘OS2’ => ‘OS/2’,
‘SearchBot’=>'(nuhk)|(Googlebot)|(Yammybot)|(Openbot)|(Slurp)|(MSNBot)|(Ask Jeeves/Teoma)|(ia_archiver)’
);
$uagent = strtolower($uagent ? $uagent : $_SERVER[‘HTTP_USER_AGENT’]);
foreach($oses as $os=>$pattern)
if (preg_match(‘/’.$pattern.’/i’, $uagent))
return $os;
return ‘Unknown’;
}
$osman=os_info($uagent);
//SQL connection
$con=mysql_connect(“localhost”,””,””);
if(!con)
{ die(‘Could not connect ‘.mysql_error());
} mysql_query(“use test;”);
$sql=”insert into test values(‘$ip’,’$osman’,’$port’,’$encode’,’$lang’)”;
mysql_query($sql,$con);
mysql_close($con);
?> [/php]

Inserting the web bug into your webpage:

The following tag can be used to insert the web bug into your website. Here is the HTML code that you can paste into your website.

<[ img src=’webbug.php’ width=’1′ height=’1′ ]>