Malware link pasted into post September 13, 2004 8:49 PM   Subscribe

What the heck is with the link on this thread?!
http://master.mx-targeting.com/mx/servlet/MXTarget?
adcontext=http://www.metafilter.com/guidelines.mefi
&contextpeak=0&contextcount=0&countrycodein=US
&lastAdTime=1095099974|1095030164|1095010854|0|10950 posted by tss to Etiquette/Policy at 8:49 PM (8 comments total)

it's broken. Windigo apparently put a bad link in the post.

why, what did you think it was?
posted by bob sarabia at 8:58 PM on September 13, 2004


I think he screwed up and pasted the wrong thing from the clipboard. Perhaps he has this piece of malware.

Uh... oh dear. It looks like he definitely does. Look here:

I am not able to copy and paste anything within my windows XP..
it always pastes this:

http://master.mx-targeting.com/mx/servlet/MXTarget?adcontext=...


So that would explain it. Windigo might want to run Ad-aware/Spybot...
posted by reklaw at 9:26 PM on September 13, 2004


Um, appears to be some kind of clickthrough tracker to me. Seems deliberately tailored to mefi given the Metafilter guidelines in the URL. I have a hard time thinking this was a mistake.

Note the text at http://www.mx-targeting.com/:
MX-Targeting is a software development company. We have developed a series of ad
targeting applications such as MX-Targeting.dll that help advertisers deliver targeted
ads. In addition to our software development, we also provide certain support services
to the distributors of our software.
Hmm, very interesting! It almost seems as if this company makes spyware that surreptitiously winds up on people's computers. Perhaps some spyware mangled Windigo's URL after they hit the MeFi submit button.

(On preview---reklaw's got it.)

A friend of mine just told me that if a vast number of people wanted to put nonsense data into a clickthrough tracker's logs, they could hypothetically run a script like this on their Linux boxes:

you@a_unix:~$ perl -mLWP -e '$"="";@chars=a..z;$ua=LWP::UserAgent->new;$ua->requ
est(HTTP::Request->new(GET=>"http://master.mx-targeting.com/mx/servlet/MXTarget?
adcontext=http://www."."@chars[map(rand@chars,1..rand 15)]".".com/guidelines.mef
i&contextpeak=0&contextcount=0&countrycodein=".uc("$chars[rand@chars]$chars[rand
@chars]")."&lastAdTime=".join("|",map(int rand 1000000000,1..5))))'

posted by tss at 9:30 PM on September 13, 2004


Well, they're not all bad... there's a removal page right there. Their adware's probably quite badly-written, storing things on the clipboard without thinking of the potential side-effects. I can't see why they'd deliberately want to link people to the odd page we ended up with.
posted by reklaw at 9:36 PM on September 13, 2004


And why was this link deleted instead of fixed?
posted by seanyboy at 11:58 PM on September 13, 2004


It would have been nice had Matt fixed it instead of deleting it. Did he think it was intentional? It sounds like it's not...and it was a first post, too.
posted by Ethereal Bligh at 12:46 AM on September 14, 2004


Well, by the time I found it I'd already seen it fifty or so odd times on IRC, so I don't think it's a big loss.
posted by angry modem at 7:14 AM on September 14, 2004


Don't see how matt could have fixed this without searching out his own source. I sure can't figure out what the actual target is supposed to be. Seems like that would be a lot of work for a weak newsfilter post.
posted by Mitheral at 9:45 AM on September 14, 2004


« Older NewsFilter posts could be shorter   |   When not logged in, the date header appears twice Newer »

You are not logged in, either login or create an account to post comments