Scary dubious Javascript evil



It wasn't until after I uploaded that picture that I realised how BIG it was. My sincerest apologies for absorbing an excessive amount of your screen real estate. But she looked scared right, and this post is about scary stuff, right? Right?

With all the talk these days about phishing and non-trustworthy websites that contain all kinds of evil, I really haven't come across that many of them. Perhaps what I search for on the intertubes or the material that I download just doesn't take me to shady areas. Plus given the fact I don't use Microsoft Windows on any production machines (or any machine with a network connection!) I tend to feel fairly safe.

Today though I was given a rude reminder that I still need to be assertive when it comes to intertube nasties: I typed a URL incorrectly and after several bizarre redirects ended up at the website of Face Software Inc at (I'm not linking directly to them for obvious reasons):


ASIDE: Does look funny having fake Windows alert dialog boxes on a clean install of Mac OS X Leopard!

So I took a look at the source code: nearly the entire page is generated with Javascript, and many other dubiously titled scripts are linked to within that code. That really is fishy, because there is really no reason for static material like headings or paragraphs to be generated by Javascript unless it was designed to either spoof something or execute code on other servers automagically when you load their page. And I didn't even dare click on the fake dialog boxes!

Scary stuff. Gives at least some credence to Steve Gibson's tireless argument that you should disable Javascript in your browsers and only approve sites that you trust. Any good selective blockers for Camino or Konqueror anyone?

Author bio and support


Ruben Schade is a technical writer and infrastructure architect in Sydney, Australia who refers to himself in the third person. Hi!

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite bespoke cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or send a comment. Thanks ☺️.