It’s happening again with Photobucket. We’ve posted your instructions to use Fiddler to get a network capture, but since Photobucket isn’t cooperative about removing the ads, we’ve also posted instructions on using a HOSTS file or the flash blocking feature in SpywareBlaster.

Can I have the URL for the chat where the Fiddler advice is given? I’ll see what I can do about tracking down the malvertizement.

It was a nice host to show your images online, so sorry they get greedy.
I would move all my images but they’re a lot and my account is 2 years old, luckly I use Firefox with a script blocker.
Thx for the info, sandi.

@ Mary who says

“luckly [sic] I use Firefox with a script blocker”

I take a broader view than whether or not I, personally, am protected. My concern is, dare I say it, the greater good. If you can use Fiddler, IE and the standard protocols described on this blog to help us capture evidence proving which advertisement(s) are causing the browser hijack, then you will be doing great good.

Sandi

Why do I feel that you took my Firefox comment in a criticism way? I wasn’t attacking you. Is well known that if you use a buggy browser to surf the web, you will get infect sooner or later. There are others options, safer and more reliable than IE, i.e. Firefox, Opera, Konqueror(GNU/Linux), etc.

Unfortunately my knowledges about internet protocols are weak right now, otherwise I would be more than happy collaborating with Bluetack.

Oh! And sorry about my english, I am from Argentina, english is not my homeland language, but there.. I give you the i that is missing in the word luckly.

This said, keep doing the greater good.

@Mary,

I did not take your comments as a personal criticism :o)

In fact, your comments about IE would have received no argument from me, back in the days of IE5 and even IE6.  Those who know me well know that I promoted, and advertised, alternative web browsers on inetexplorer.mvps.org and I still recommend non-Microsoft products if I consider it appropriate – for example, I don’t tell people to “get Linux” without reassuring myself that they are technically capable.. and I don’t recommend alternative web browsers if their favorite web sites will not work with IE.

I am tired of IE7 and IE8 being spoken of in the same way as IE5 and IE6, and I am tired of Firefox, Opera, Konqueror etc being held up as some sort of security panacea – they are not.

I am tired of the Firefox and Linux fanboys posting personally abusive comments – comments that do not get approved for publication but which I still see – for what it’s worth, the Microsoft fanbase is not known for such abusive behaviour – I wish the same could be said of the vocal fans of Firefox, Linux and Apple.

You do not need to collaborate with Bluetack or have any especial skills to get the information that we need to track down the problem at Photobucket and get it shut down.  All you need to do is install Fiddler on a Windows machine, fire up IE, use Fiddler to capture evidence of a redirect or malicious behaviour, save all sessions as a SAZ file and then send it to me – I can take care of the rest.

I prefer Fiddler because, unlike products such as Wireshark or Microsoft Network Monitor, it does not capture potentially personally sensitive information (such as email usernames and passwords that might be transmitted using an email client) because it captures *only* HTTP traffic.  Fiddler can decrypt HTTPS traffic, but I have never asked anybody to enable that option.

I am sure that I am not wrong in assuming that you have access to a Windows machine and Internet Explorer and that you use them regularly and can therefore do what I ask – after all, you wouldn’t make judgments about IE and Windows, or compare IE and Windows to Firefox/Opera and Linux unless you were very familiar with the latest versions of the Microsoft products, would you…  after all, I can honestly say that I use, on a daily basis, the latest versions of IE *and* Firefox *and* Opera and (shudder) even Safari.  I even experiment with lesser known browsers such as Deepnet and Kopassa.  This is because I have always said that I cannot provide a balanced opinion unless I am familar not only with Microsoft products, but with the competition.

Sandi, you have mail. It’s not only Photobucket, MSN groups are hosting them as well, along with the clipboard exploit. I’ve sent details to you.

Hi JudyC,

I have not received anything. Can you contact me using the Contact link below, and I will send you anemail address:

http://msmvps.com/blogs/spywaresucks/contact.aspx

Sandi

I believe that is the form I used to contact you, but I have just resent the information. Again, it indicated that it had been sent.