Sins of The Internet: Mousetraps (and worse)

Feb 16
22:00

2002

Richard Lowe

Richard Lowe

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

One common ... web ... is called mouse ... which is often used in ... with another highly immoral practice called page jacking. In it's simplest form, mouse trapping merely c

mediaimage

One common unethical web technique is called mouse trapping,Sins of The Internet: Mousetraps (and worse) Articles which
is often used in conjunction with another highly immoral practice
called page jacking. In it's simplest form, mouse trapping merely
consists of redefining the back function so that it does not return
to the previous page. Instead, some other function is performed.

A mousetrap is extremely simple to create. You've seen the simple
ones all over the place. You click on a link, say from a search
engine, and you go to a page. This only displays for a second, then
you are directed to another page. Now, if you hit the back key, you
go back to the redirect page, which effectively prevents you from
using the back key to get out.

The idea is to make it a little more difficult to leave the site.
Personally, I take offense at these kinds of tactics and will
virtually never return to sites which do this little trick. My
opinion is web sites should never, ever modify the browser
controls. Do what you want on the page - but don't mess with my
browser or my system.

Some sites raise the ante a little and pop up a window or send
you off to a third site. The idea here is always one of
deception - you think you are backing up out of the site, but
what you are really doing is something else. Honest sites with
valuable information do not need such tricks.

Very dishonest people carry these mousetraps to the extreme.
Here's what could happen to you - click an interesting link in a
search engine and you find yourself on a site which does not
appeal to you (these are virtually always pornographic sites). So
you click the back key to get out.

Now the fun starts. The back key simply reloads the current page,
but also pops up a couple more windows as well as a pop-under
window. You start closing these annoying things, cursing under
your breath, only to find that clicking the close button actually
pops up yet another window. In these instances, the back button
has been redefined and a javascript has been set to be called when
the windows is closed. This javascript opens up yet another
window.

Ah, this gets even more insidious when mouse trapping is combined
with page jacking. Here's the sequence of events. Let's say you
are one of these scum. You look around the web until you find a
nice, high traffic site. You steal the page and make a copy of it
on your own site. Keep the same basic page but change the links
and set up the mousetraps on the back key and when the page is
closed. Now, submit the page to the search engines, and within a
month or so you will be getting tons of traffic.

Why do these sites go through all of this trouble? It's a matter
of money. You see, these sites want you to click links, look at
banners and, best of all, buy something.

You'll notice that the popup windows all have banners. Someone is
paying to display those banners. They might pay if you click on
them or they might pay if they are simply displayed. In any event,
the banner has to get right in your face (and everyone else's for
that matter) to collect money. If it's a "pay per click" banner,
who knows, you might click on one or two accidentally as you
frantically attempt to close windows. Bam, the scum who created
the site makes a penny or two.

So the point is to get as much traffic to the site as fast as
possible, which is why the page from a proven high-traffic site
is stolen. It already works and no development is needed. Once the
traffic arrives, as many banners, links and other advertisements
must be shown as quickly as possible (but not so quickly as to
crash the system or prevent them from being viewed or clicked).
This gives your poor trapped visitors plenty of opportunity to see
banners, click on them or even possible buy something (you never
know).

Ah, but wait, it can get even worse. Up until this point the site
has been playing with the browser, which has some reasonable
security (usually) and must follow a set of rules. But what if the
site tries to download an ActiveX control or an executable file?
Yes, the browser will ask you if it's okay (unless you've had a
serious case of the stupids and turned off ALL security) and only
install or run it if you say yes.

But if you do say yes, then you've potentially added, willingly I
might add because the browser did ask for permission, a totally
unknown element to your system. There is absolutely no telling
what this could do. In fact, it might do anything at all.

This program does not usually destroy anything. No, what it wants
to do is dial up a phone number - a 900-type number. You know, one
of those phone lines which charges by the minute.

Now you are really in trouble and you will not even know it until
you get your phone bill. Something on your computer, something
over which you have no control, can do anything it wants,
including charging you money on your phone bill. And heaven help
you if you, in some moment of insanity, give this program your
credit card number or numbers. (And, of course, it could
theoretically scan your hard drive for such things).

So what do you do to protect yourself from mousetraps or worse?
Number one, set reasonable security. What I like to do is define
the internet as high security (this is done using the "security"
tab of "Internet Options"). This prevents javascript and other
dangers from running at all. When I find a site which I trust
which requires these features, I add it to the trusted sites list.
Thus, it's not possible (baring a browser bug) for a site to even
begin to cause me trouble.

If you don't want to go through those lengths, you can examine the
security tab and set things to "prompt" instead of "enable". Be
especially sure all ActiveX controls at least prompt (never, ever
allow ActiveX controls to install themselves without at least your
permission).

If you do go to a site which traps you, don't panic. Close
windows, trying not to click on any links or banners (why give
them any more money) as quickly as you can. Then make a mental not
to never, ever come back. You might also shoot an email off to the
webmaster and perhaps some of their advertisers protesting their
use of these tactics. This way you make your feelings known and
perhaps produce a change.