Spyware :: Threats :: Web Bugs
What are WebBugs?
A web bug is normally a graphic placed within a webpage or email message. They are typically 1 pixel by 1 pixel transparent image (clear gif) hence making them invisible to the user, they do this to hide the fact the there is some monitoring going on. The monitoring can be carried out because the image is required from an external server. Whereas this may seem like not much of a privacy issue, it is possible to use web bug to find out if an how many times an email was read, at what time, the IP address and further information. This is particularly worrying with the increase in Spam (unsolicited email) messages being sent. Spammers can use Web Bugs to their advantage to find out immediately which of their bulk messages have been read, therefore revealing if the email address is being used (active). Active emails are usually sold in bulks to other spammers and are valuable to them.
The graphic used doesn't need to be invisible on the page, it could be any image if it's used for monitoring. However they are not only used within email, websites can make use of web bugs for many reasons. Typically, because the graphic is obtained from an external server, This means this server will have access to it's cookies stored on the users system (using 3rd party cookies). Therefore some advertising companies can make use of Web Bugs to find out what site you've visited. Web Bugs may also be used within websites to provide an independent counter.
In theory it would also be possible to place a web bug within a Word Document as it allows html within a document and also allows images to be retrieve from an external server. This could be useful maybe if the document was supposed to be kept private. You could in theory find out if the document had 'leaked' by finding out how many different ip addresses had looked at it.
Web Bug Example
Below is an example of a web bug I found simply searching though my Spam email for a few minutes.
<IMG SRC="http://www.rd00.com/rd.php?amp;sid=GMP30198306&lid=10324" WIDTH=1 HEIGHT=1 target="_blank">
It can be seen that the 'image' to loaded comes from an external server. www.rd00.com. No doubt that the sid and the lid arguments that get transmitted along with the image using PHP can be used to uniquely identify my email address. So the spammer could easily find out that I have indeed read the message and therefore mark me as active and send me more messages in the future.
To examine just how easy it is to send a Web Bug within an email I'm going to send an email to myself and check to see if the time accessing the Web Bug actually corresponds to the time I opened and read the message.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD></HEAD> <BODY> <IMG height=1 src="http://www.adoko.com/mybug.gif" width=1 target="_blank"> This email tests the use of a Web Bug. </BODY> </HTML>
The body of the email contained the code given above. I used a 1x1 gif file (although is could have been a visible image). I sent the email at 9:00am and viewed the email twice once at 9:40am and again at 9:45am. All I have to do next was to search though my log files for my domain, to see exactly what information I can find out about mybug.gif. Here are the results;
2003-06-02 09:39:13 W3SVC110 NTXPW04 126.96.36.199 GET /mybug.gif - 80 – 188.8.131.52 HTTP/1.0 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) - -
The log file gave plenty of information, the first line contained the time I read a mail, the 3rd line give the location of the image and the image name requested of my server, although if this was used for mass mailing you could use php or asp send back the image and append a unique number as an argument. The fourth line gives my IP address along with my browser and operating system info. Immediately you can see just how useful this could be for spammers, or for someone wanting to find out my ip address without the recipient even needing to reply to the message. It could also be used by an organisation to find out how many time an email address has been opened and forwarded.
Web bugs are difficult to protect against for a number for reasons, the very nature of html code allows linking of content from external servers. Linking between pages is partly what has made html so successful. So preventing content from external servers would seriously restrict your browsing. Also most servers have the facility for creating log files, normally these files log every request from the server by stating the time, destination ip, file requested, and browser/operation system information. Web Bugs really make use of a system that's already in place. Also invisible gifs do have a valid use as they can be used for alignment purposes, sometimes called spacers to correctly position text or images accurately on a webpage. Normally these gifs are easy to differentiate from a web bug because a web bug will come from an external server.
Ways to Prevent Web bugs
- You could use proxy servers when browsing the Internet. This will only prevent the Web Bugs from "knowing" your IP address but this would not stop them being able to detect if you've read an email (it would just record you've read it but with the proxy server IP address instead of your own)
- It's advisable to set your email client to only view email messages as text rather than html. Most email clients should have this facility. His would prevent the request for the image on an external server from even taking place.
- If you believe the email message is spam, because so many spam messages contain web bugs to record which email addresses are active, you shouldn't open the email. Instead delete it which will stop the web bug code signalling to the "attacker" that you've read the mail.
- There are programs available which can check the html code before it's interpreted by the browser. Any obvious web bugs (ie. 1x1 images from external servers) will be ignored. A good program which displays whenever a web bug is seen is called Bugnosis, which displayed a small graphic every time a web bug was detected.
- Turn off image loading on your browser. This will prevent the web bug image from being requested.
Find out what information about my system is sent by my browser?.