: Are you aware of any client-side malware that sends lots of junk requests for .gifs? I am getting dozens of 404 errors on my site that are requests for gif's with apparently random names,
I am getting dozens of 404 errors on my site that are requests for gif's with apparently random names, like 4273uaqa.gif and 5pwowlag.gif.
I see that most of them are coming from one user. I assume something is happening in the background on her machine without her knowledge -- a malware thing on the client.
Have you seen this behavior before, and do you know what sort of malware might cause it?
Would love to advise my customer that s/he has an issue. I'd also like to stop getting these 404 reports.
(reposted from main Stack Overflow)
More posts by @Gonzalez347
2 Comments
Sorted by latest first Latest Oldest Best
It's new crimeware related to exploiting facebook.
eg,
<script>
function fbs_click() {
u=location.href;
t=document.title;
window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');
return false;
}
</script>
<a href="http://www.facebook.com/share.php?u=<url>" onclick="return fbs_click()" target="_blank"><img src="http://b.static.ak.fbcdn.net/rsrc.php/zAB5S/hash/4273uaqa.gif" alt="" /></a>
They're looking for some facebook images that are hashed names for stuff. If you look at that link it's the same namesake as a facebook gif. The crimeware is poorly written.
edit: it may not all be crimeware, just cruddy browser plugins. At any rate, more of these file names are on facebook dev sites. forum.developers.facebook.net/viewtopic.php?pid=254475
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.