Popups / Ads - Sneaky Scripting
Javascript is one of the Web's most annoying little offspring. Well, it's
not supposed to be that way...Javascript was originally intended as a useful and
powerful tool to make the Web more dynamic and useful. Unfortunately, the DMS
have discovered it is also a useful tool for pushing excessive quantities of
intrusive and unwanted advertising on an ungrateful public. That, combined with
the millions of clueless newbies who don't know how to use it properly (you
know, the ones who see a scrolling message on another clueless newbie's page and
just have to copy it for their own site...or those Alert boxes that are just so coool!)
have turned it into another Web annoyance like the "under construction" logo and
the endless-looping MIDI embedded in the page. Javascript (and other scripting
languages like Jscript and VBscript, for that matter) presents an impressive
number of ways for a Dirty Marketing SOB to scam and spam you at your own
expense.
Popup Ads / Console Popping
Once relegated to the seediest porn- and warez-laden backalleys of
cyberspace, the shameful Web cash-cow commonly known as the popup ad is rearing
its ugly application errors all over the once-free locales of the Web. The popup
ad is a separate browser window loaded by exploiting Javascript's
window.open() function that contains ugly, hideous advertising that
interrupts your surfing and generally serves to piss you off. Popup ads are
unstable and can cause your browser software to crash. Additionally, popup ads
suck up GDI resources under Windows 95 (with or without the kernel upgrade), in
the spawning of new application windows, that are not fully recovered even when
the ad window is closed--this can lead to crashes, scrambled screens or other weird errors. The people (can
we call 'em that?) that serve these types of ads from their servers don't give a
rats patootie that they made your surfing unpleasurable or that they crashed
your computer, so long as their getting their money from slimymarketer
advertising in the popup window.
Serving popup ads is sometimes
referred to as "console popping", particularly on porn sites (the first to use
popups); each surfer's computer that connects to their website is referred to as
a "console", and ad payments are given based on how many "consoles" are spammed
with an ad.
Popup Ad example - What to look
for
Click Farming / Spawning
Click farming is the involuntary loading of a slimy marketer's page when you
visit another, completely unrelated page. This is also a Javascript exploit
using window.open(). Usually the idea here is to trick the advertiser
into thinking that you clicked on their ad, hence a larger kickback or referral
money to the slimeball who simulated your click. To the advertiser looking at
his server logs, it appears that 90% of the surfers who see the ad are clicking
on it! In a world where a 5% click-through rate is considered solid gold, 90% is
truly amazing. In this case the slimeball who is forging your clicks is making
out like a bandit (he gets lots of referral cash), the advertiser whose page is
magically appearing out of nowhere is doing good too (pretty much everybody
winds up at his products page for the hard sell; little money is blown on ads a
user never responds to), it's just the surfer who gets screwed over.
While this involuntary browser vacation is usually a single slimeball page,
if the webmaster is particularly rude you can find yourself on a rollercoaster
of five or even 10+ sequentially auto-loading pages that you get sucked into one
after another as you attempt to leave or close each--think of it as an
all-expenses paid (not to you) DMS joyride. Click farming and spawning are very
similar in nature; in each case a foreign webpage is loaded without the surfer's
consent. In plain old spawning though, instead of being duped by the jerkoff
webmaster, the advertiser is in on it too--advertiser and webmaster work
hand-in-hand to assault the user with unwanted crapmedia; think of it as a
fullscreen billboard instead of a relatively small (468x60 pixel) banner.
Demonstration
Trapping
Trapping is an extremely underhanded
(though thankfully seldom-used) method of assaulting surfers with down-and-dirty
in-your-face advertisements. A trapping page exploits JavaScript in such
a way that it reloads itself everytime you close it down--in other words, you
can't close the damn thing. This pretty much means that once you are served this
page, the only way to get rid of it is to disable your browser's JavaScript (a
difficult undertaking for those unfamiliar with some browsers'
cryptically-organized menus) or reset your computer. In the meanwhile, this
uncloseable window will focus itself (pop itself up on top of all other
open windows and make itself the topmost, active window) every ten seconds or so
and continue to display a neverending stream of ads until you reset your
computer (or disable JS) and get rid of it.
This example of a trap ad will give you a taste
of the real, unpleasurable experience (Do Not visit this link unless you know
what you're doing!). To get rid of it you can disable JavaScript or rapidly
close the window as it reloads...kill it fast enough and it won't come back.
"AdFarce" and other JavaScript Includes
The "AdFarce" include gets its name from a buggy implementation of
IMGIS'
AdForce software (nice name, huh?) found on some unfortunate sites. JS Includes
are where JavaScript-based ad-delivery scripts are embedded or included
into a page with a SCRIPT SRC tag. When the actual page loads up to this tag,
the browser has to stop to load and then execute the included JavaScript ad-code
in its entirety before the page can continue loading. This means you
always have to wait for the ad, which gets maximun priority over the rest
of the page. See below about the page-timeout for more on this. One of
the worst things about JS includes, besides waiting for the ad, is bugs in the
JavaScript. Depending on where you surf, you can have the privilege of being
assaulted by not only popup ads but JavaScript error boxes too!
Page timeout
Have you ever gone to a site and
noticed that everytime you request a page, you get just an ad first and the page
itself comes in later? This is a page timeout. The idea is to show you the ad
first, wait awhile, then give you the page, in the hope that you won't be
distracted away from the ad by that nuisance actual page content that you
were actually looking for. This can be accomplished in several ways, including
the JavaScript include (mentioned above), putting the ads and content in
separate tables (tables can't usually be displayed until the entire tableset has
loaded), or the server actually timing out during page transfer, refusing to
send the majority of the requested page until a banner ad on it has loaded in
its entirety and often gone through 5-7 seconds of animated annoyance. Yuck.
|
