Scary dubious Javascript evil

Scared!

It wasn't until after I uploaded that picture that I realised how BIG it was. My sincerest apologies for absorbing an excessive amount of your screen real estate. But she looked scared right, and this post is about scary stuff, right? Right?

With all the talk these days about phishing and non-trustworthy websites that contain all kinds of evil, I really haven't come across that many of them. Perhaps what I search for on the intertubes or the material that I download just doesn't take me to shady areas. Plus given the fact I don't use Microsoft Windows on any production machines (or any machine with a network connection!) I tend to feel fairly safe.

Today though I was given a rude reminder that I still need to be assertive when it comes to intertube nasties: I typed a URL incorrectly and after several bizarre redirects ended up at the website of Face Software Inc at Face.com (I'm not linking directly to them for obvious reasons):

Dubious Face.com

ASIDE: Does look funny having fake Windows alert dialog boxes on a clean install of Mac OS X Leopard!

So I took a look at the source code: nearly the entire page is generated with Javascript, and many other dubiously titled scripts are linked to within that code. That really is fishy, because there is really no reason for static material like headings or paragraphs to be generated by Javascript unless it was designed to either spoof something or execute code on other servers automagically when you load their page. And I didn't even dare click on the fake dialog boxes!

Scary stuff. Gives at least some credence to Steve Gibson's tireless argument that you should disable Javascript in your browsers and only approve sites that you trust. Any good selective blockers for Camino or Konqueror anyone?


Imprint

This is one of about 5000 posts on Rubénerd. View the home page for the latest, or related posts also tagged with:

If you liked this post, feel free to buy me a coffee, leave me a comment on Twitter, or email me at weblog2017@rubenschade.com. Thanks :).