I have just unsubscribed from the coppercoins site due to the fact that each time I try to navigate through their site, my computer detects malicious scripts which are trying to write to my registry. When contacting coppercoins to see if this is a problem they are aware of, the only answer I got back was "it's not a virus, it's a cookie". Even when I tried to explain that my computer is NOT saying it's a virus, it's saying there is a malicious script (there is a difference) I still got the same answer. I already have this site fully enabled for cookies so this should not be the problem.
Also I have not had any similar problems (so far) with any of the other GPTR programs I use (and there are a lot of them).
I have spoken to my own technical support team, who have informed me (or rather confirmed my belief) that no legitimate cookie or website has any business accessing my registry. The only reason for a script to write to the registry is to cause malicious damage.
I cannot afford to take this risk. Can you?
[ 06-30-2002, 05:44 PM: Message edited by: princessbbf2 ]
Full Version: Malicious scripts detected in Coppercoins
you choose well princessbbf2
a cookie it's a cookie....
and a script trying to write your registry isn't good.
allways be aware
a cookie it's a cookie....
and a script trying to write your registry isn't good.
allways be aware
Hmm I went there twice, once after changing my security to High and was notified of nothing.
What OS are you using??
[ 06-30-2002, 04:15 PM: Message edited by: NetDough ]
What OS are you using??
[ 06-30-2002, 04:15 PM: Message edited by: NetDough ]
I'm using Windows 2000 Professional with Nortons Anti-Virus 2002 & Personal Firewall 2002.
It happens whether I have my security level set at high or medium.
[ 06-30-2002, 04:55 PM: Message edited by: princessbbf2 ]
It happens whether I have my security level set at high or medium.
[ 06-30-2002, 04:55 PM: Message edited by: princessbbf2 ]
Okay I have WindowsXP and I use ZoneAlarm Personal Firewall.
Still though I found nothing. I did find it curious that I couldn't do a view source on the page from my browser.
I had to save a page to my PC, open that, and then I could do a view source.
Does this happen every time you go or was it just one time?
If just one perhaps it was a banner that had the malicious code in it? I do notice that CC uses a rotation javascript for banners.
Just a thought...
Still though I found nothing. I did find it curious that I couldn't do a view source on the page from my browser.
I had to save a page to my PC, open that, and then I could do a view source.
Does this happen every time you go or was it just one time?
If just one perhaps it was a banner that had the malicious code in it? I do notice that CC uses a rotation javascript for banners.
Just a thought...
I visited CC a couple of times early today while clicking on links that didn't go through. I didn't run across any security warnings although I did run into a couple of error messages about failure to connect to the server because of too many connections. I also tried the view source (just now) and it works fine for me from my browser. I have windows ME, no firewall and use Norton AntiVirus 2000(updated).
It doesn't happen every page view, but I have had at least 8 alerts in the process of finding out if it was THIS site doing it and then trying to unsubscribe.
When I mentioned in my email to coppercoins that 'maybe a banner advert' I was told banners are not script.
Not being able to view source sounds a little fishy to me. Can you view other website's source?, I can view it in 2000 & astrangemix can view it in ME, maybe this is an XP thing?
[ 06-30-2002, 07:16 PM: Message edited by: princessbbf2 ]
When I mentioned in my email to coppercoins that 'maybe a banner advert' I was told banners are not script.
Not being able to view source sounds a little fishy to me. Can you view other website's source?, I can view it in 2000 & astrangemix can view it in ME, maybe this is an XP thing?
[ 06-30-2002, 07:16 PM: Message edited by: princessbbf2 ]
quote:I think what she meant was the script for the banners we see is not the script on the page. The banners would be stored on the server and the only script would be the command to get a banner from the server to show. When done this way I don't think the banner could have a virus.
When I mentioned in my email to coppercoins that 'maybe a banner advert' I was told banners are not script.
I also could not view the source of the CopperCoins.net site...
Same case with NetDough...
I use Windows 98 with Norton Anti Virus 2001 installed, not detect any malicious scripts.
Same case with NetDough...
I use Windows 98 with Norton Anti Virus 2001 installed, not detect any malicious scripts.
My guess is that your computer is messed up or your Norton is messed up into thinking that a cookie trying to put itself onto your computer is a virus. I'd try re-installing Norton then trying again.
I have WinXP, Norton Anti-virus 2002 (kept updated) and Norton Personal Firewall 2002.
I have no problem at coppercoins, and I can view the source just fine.
I have no idea why some people may have a problem there.
I have no problem at coppercoins, and I can view the source just fine.
I have no idea why some people may have a problem there.
If my computer is messed up, why is this the only website causing alerts?
My computer is NOT saying it's a virus, it's saying there is a malicious script (there is a difference) "Activity: RegWrite"
I already have coppercoins cookies on my computer, so they should only be accessing an existing cookie.
As mentioned in my previous post, no cookie or website has any business trying to access my registry. Legitimate cookies do not do this.
I have unsubscribed and blocked my computer from accessing this website in the future. I can't afford to take the chance.
I'm not suggesting others do the same. If you're not having problems, carry on.
Just be aware, any script causing a RegWrite or RegEdit is not acceptable.
[ 06-30-2002, 07:09 PM: Message edited by: princessbbf2 ]
My computer is NOT saying it's a virus, it's saying there is a malicious script (there is a difference) "Activity: RegWrite"
I already have coppercoins cookies on my computer, so they should only be accessing an existing cookie.
As mentioned in my previous post, no cookie or website has any business trying to access my registry. Legitimate cookies do not do this.
I have unsubscribed and blocked my computer from accessing this website in the future. I can't afford to take the chance.
I'm not suggesting others do the same. If you're not having problems, carry on.
Just be aware, any script causing a RegWrite or RegEdit is not acceptable.
[ 06-30-2002, 07:09 PM: Message edited by: princessbbf2 ]
I know in one of the norton products, there is something that detects malicious scripts but quite a few times I came up against some harmless code, that was mis-interperated. I had to take it off, because of the constant alerts.
Which page on coppercoins.net can you not get the source from? I have a browser that always has the "source" menu always enabled.
Which page on coppercoins.net can you not get the source from? I have a browser that always has the "source" menu always enabled.
quote:I have been using Nortons for 2 1/2 years, upgraded to 2002 version 3 mths ago. I have script blocking enabled. This is the first time I have had malicious script alerts.
Originally posted by Wayne:
I know in one of the norton products, there is something that detects malicious scripts but quite a few times I came up against some harmless code, that was mis-interperated. I had to take it off, because of the constant alerts.
Surely a harmless code would not be coming up as a RegWrite anyway.
Sorry, but I'm not willing to take the chance of turning it off.
quote:Wayne, I could not get the source from any page of CC unless I downloaded a copy of the page.
Originally posted by Wayne:
Which page on coppercoins.net can you not get the source from? I have a browser that always has the "source" menu always enabled.
And I can view the source with every other site in browser including NetDough.
Heidi
quote:The same case with me.
Originally posted by NetDough:
quote:Wayne, I could not get the source from any page of CC unless I downloaded a copy of the page.
Originally posted by Wayne:
Which page on coppercoins.net can you not get the source from? I have a browser that always has the "source" menu always enabled.
And I can view the source with every other site in browser including NetDough.
Heidi
FYI, I use Internet Explorer version 5.0
The things that are happening are very strange but, assuming you have the latest browser security updates, should not be in any way dangerous.
Right now there aren't any know broswer security issues that haven't been patched... and I can pretty much guarantee that CopperCoins isn't employing a hacker that just came out with a new one :-)
Don't let all this internet hacker paranoia scare you... It mostly just makes good headlines. As long as you keep your browser and email client updated there is virtually no danger without you first clicking run/accept.
Right now there aren't any know broswer security issues that haven't been patched... and I can pretty much guarantee that CopperCoins isn't employing a hacker that just came out with a new one :-)
Don't let all this internet hacker paranoia scare you... It mostly just makes good headlines. As long as you keep your browser and email client updated there is virtually no danger without you first clicking run/accept.
quote:Maybe that's the difference between those who can view the source code and those that can't. I use IE6.
Internet Explorer version 5.0
astrangemix, you are right.
When I use my other computer to browse Coppercoins.net , I can view the source.
This time I use Internet Explorer 6.0
When I use my other computer to browse Coppercoins.net , I can view the source.
This time I use Internet Explorer 6.0
move over Columbo!!
Just hope ND doesn't destroy my theory.
Just hope ND doesn't destroy my theory.
quote:Yeah but I use IE6 and going to view>source in my browser did nothing on CC but did view the source on other websites.
Originally posted by astrangemix:
quote:Maybe that's the difference between those who can view the source code and those that can't. I use IE6.
Internet Explorer version 5.0
[ 07-01-2002, 11:25 AM: Message edited by: NetDough ]
quote:
Originally posted by astrangemix:
Just hope ND doesn't destroy my theory.
Sorry I guess I did but maybe it was my PC having a memory burp. I will try again and let you know.
Hmm okay that time I was able to do a view>source and it came up normal. I guess it was a memory burp after all. I am pretty hard on this PC and I have noticed I need to upgrade my memory. Geesh you would think 128 would be enough. 
[ 07-01-2002, 11:32 AM: Message edited by: NetDough ]
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.