If You Use Chrome and the Hoverzoom Extension, Please Read This.

By on December 26, 2013 9:12:47 AM from JoeUser Forums JoeUser Forums

DrJBHL

Join Date 04/2002
+2162

 

Several days ago, a thread on Reddit claimed Hoverzoom was malware. Apparently this was also seen several months ago. Apparently it sent info back to some ad agency (if that was indeed an ad agency). It was claimed that only ‘unusual domain names’ were ‘tested’, and that the data collected was ‘anonymous’. Sure. Then it was claimed that a script to disable that would be added.

Testing of the extension revealed:

  1. Hoverzoom injects code unto some or all of the web pages you visit while the extension is running.
  2. Hoverzoom modifies "certain Amazon links" on all websites you visit, adding its own affiliate ID.
  3. The extension sends the browsing habits that it collects to a third party website (webovernet.com and jsl.blankbase.com)
  4. It sends domain misspellings to another third party website (advisormedia.cz).
  5. All monetization schemes are active by default.
  6. On December 17, version 4.27 was released which submits what you type into web forms to a third party website (qp.rhlp.co)
  7. On December 18, version 4.28 was released that removed the script again that was added on December 17.

Unethical at best, creepy at worst. Supposedly the script was also injected to any site you visited. This dev think he’s the NSA?

Anyway, I have divested Chrome of this extension. Chrome Web Store (or the extension’s author) has removed Hoverzoom as well. I’m now using Imagus.

Ghacks recommends keeping an eye on the extensions you use…they could well be spying on you. I wish I could recommend one that works well with WC.

Perhaps Kryo might know one which works with Firefox and chrome and WC as well.

Noscript and extensions like it prevent browsers from making automatic connections. Unfortunately, NoScript does not interact well with WC.

My thanks to Martin Brinkmann at Ghacks.net for reviewing this topic.

Source:

http://www.ghacks.net/2013/12/26/hoverzooms-malware-controversy-imagus-alternative/?_m=3n%2e0038%2e1106%2ehj0ao01hy5%2e154q

9 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
December 26, 2013 10:37:23 AM from WinCustomize Forums WinCustomize Forums

WC has embedded the image link on,I doubt there is any extension would work;yet this only constrained on forum,gallery is fine though as I used alternative extension:Hover Free.  

Reason for Karma (Optional)
Successfully updated karma reason!
December 26, 2013 10:38:51 AM from Stardock Forums Stardock Forums

From looking over that article and glancing at the code in question, I don't think that noscript would be effective against that sort of attack. In this case the script is not being hosted externally and referenced in the actual page, but hosted in memory and injected by the browser itself, so it really depends on how/when it does that (I'm not familiar with chrome extensions, and that appears to be native functionality of the chrome extension API). I could be wrong though since I can only assume based on the way it works in firefox.

Noscript would only be able to stop it if it actually injects a script tag referencing some URI that can be blocked to the page content itself before it hits the rendering engine. But I would suspect it works more like Greasemonkey does where scripts are just run in the page context after they are rendered (at which point noscript does not even know about it). And noscript has never been able to block anything directly embedded in the page (in case it does it that way), only external references.

Certainly noscript could have some special functionality just for scenarios like this (I believe it does stuff like block cross-domain form posts to prevent XSS, but this particular case was using GETs). They did use to have support for blocking external references into packaged files in extensions in firefox but that was since removed. Assumably there is some base feature for that now but I'm not familiar with it--haven't written firefox extensions in a long time.

Reason for Karma (Optional)
Successfully updated karma reason!
December 26, 2013 10:50:14 AM from WinCustomize Forums WinCustomize Forums

Thanks for the fast response, kryo. I'll direct Martin Brinkmann's attention to your thoughts. My only purpose was to alert folks using the extension that their info was being taken without express consent...which is not ethical, imo.

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
December 26, 2013 11:13:02 AM from Stardock Forums Stardock Forums

Noscript is pretty handy in general to preemptively protect against ad-borne attacks (which represent a substantial number of them these days) though. But part of living with it is being able to deal with whitelisting sites you trust so that they work fully/correctly. And it can be a tough decision when your own security is pitted against your favorite sites' income stream because of ads.

Fortunately, I believe we only run locally-hosted ads for our own products here nowadays, so there is no risk or concern for users to whitelist us if they are using such extensions. It would be nice if more sites did the same, though.

Reason for Karma (Optional)
Successfully updated karma reason!
December 26, 2013 12:37:28 PM from JoeUser Forums JoeUser Forums

Noscript and extensions like it prevent browsers from making automatic connections. Unfortunately, NoScript does not interact well with WC.

Not sure in what way it doesn't interact well, Doc.  Can you elaborate?

I've never run into any issues with WC and NoScript, but then I've trusted WC.

Reason for Karma (Optional)
Successfully updated karma reason!
December 26, 2013 1:20:49 PM from WinCustomize Forums WinCustomize Forums

When I used NoScript, I had to whitelist the site, same with Adblock/Adblock Plus... the problem I encountered was with the Gallery and responses.

Reason for Karma (Optional)
Successfully updated karma reason!
December 26, 2013 4:41:33 PM from WinCustomize Forums WinCustomize Forums

I use Chrome exclusively now and this is the first time I'm hearing about this Hoverzoom. I only have two extensions...the one ASC puts there and Hitman Pro. That's it.

Reason for Karma (Optional)
Successfully updated karma reason!
December 26, 2013 9:32:39 PM from JoeUser Forums JoeUser Forums

Unless you are the most patient person on the planet, whitelisting is the only way to use NoScript effectively.  I know any site can be compromised, but sometimes ya just gotta have a little faith. 

Reason for Karma (Optional)
Successfully updated karma reason!
December 28, 2013 5:59:10 AM from WinCustomize Forums WinCustomize Forums

Only 'addon' I have in Chrome is donottrackplus.

Only 'addons' I have in IE9 [cannot use 10 or 11...fucks FSX you moron Microsoft] are donottrackplus and tineye.

 

Always work on the idea you don't NEED addons....

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #108431  walnut1   Server Load Time: 00:00:00.0000297   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.