COOKIE_PROFILING

 Analysis by: Jaime Benigno Reyes

 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:
 INFORMATION EXPOSURE:

  • Threat Type: Adware

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

What is a cookie?

Cookies are small text files that are created on a user’s system whenever they visit a web site. It’s a way for that website to remember its visitors and all that they do on it, so the next time they visit, the website automatically recognizes them and lets them see and continue where they left off. It’s such a subtle process that, by default, users don’t even notice it.

Cookies are also used to track users’ browsing activity through multiple sites for marketing purposes. This lets internet advertisers figure out what sort of ads that the user would be more interested in, and display them accordingly.

Do cookies pose as threats?

By themselves, cookies are harmless, and are there simply for the ease and convenience of the user’s browsing experience. However, they can be considered as a threat to your privacy, as the cookies from certain ad networks can keep track of your online activities. This in itself can be considered a violation of a user’s privacy.

Cybercriminals can also utilize malware and browser attacks in the past to steal cookies. They do this to impersonate users on the websites they frequent, ‘fooling’ the website into automatically providing the compromised user’s personal information. WORM_KOOBFACE, for example, did exactly this to hijack users’ Facebook accounts and post on people’s walls without their authorization.

  TECHNICAL DETAILS

File Size:

Varies

File Type:

TXT

NOTES:

This tracking cookie is installed on a system when an affected user visits the following websites:

  • {BLOCKED}.{BLOCKED}.70.236
  • {BLOCKED}.{BLOCKED}.130.83
  • {BLOCKED}.{BLOCKED}.57.2
  • {BLOCKED}.{BLOCKED}.104.232
  • BLOCKED}.{BLOCKED}.67.154
  • BLOCKED}.{BLOCKED.136.32
  • ad.{BLOCKED}ka.com
  • adads.{BLOCKED}y.com
  • {BLOCKED}v.com
  • ad-{BLOCKED}w.com
  • ad-{BLOCKED}s.com
  • ads.{BLOCKED}g.com
  • ads.{BLOCKED}a.com
  • ads.{BLOCKED}onsor.com
  • ads.{BLOCKED}icpop.com
  • ads.{BLOCKED}s.com
  • ads.{BLOCKED}adtech.com
  • {BLOCKED}k.com
  • {BLOCKED}orserve.com adserv.{BLOCKED}l.com
  • adserv.{BLOCKED}l.com
  • adserv.{BLOCKED}nhancement.com
  • adserv.{BLOCKED}nhancement.com
  • {BLOCKED}er.com
  • {BLOCKED}er.news.com
  • {BLOCKED}ingcentral.com
  • {BLOCKED}h.de
  • {BLOCKED}a.com
  • {BLOCKED}ldnetwork.com
  • {BLOCKED}x.com
  • {BLOCKED}x.net
  • {BLOCKED}et.com
  • {BLOCKED}media.com
  • {BLOCKED}s.com
  • {BLOCKED}r.hitlinks.com
  • {BLOCKED}t.com
  • {BLOCKED}seads.com
  • {BLOCKED}nation.com
  • {BLOCKED}nk.com
  • {BLOCKED}ocessor.com
  • {BLOCKED}adela.uol.com
  • {BLOCKED}ount.com
  • {BLOCKED}racker.com
  • {BLOCKED}t.com
  • {BLOCKED}onsor.com
  • {BLOCKED}as.com
  • {BLOCKED}ptimizer.com
  • {BLOCKED}nter.com
  • {BLOCKED}m-offers.com
  • {BLOCKED}yads.com
  • {BLOCKED}e.net
  • {BLOCKED}4.com
  • {BLOCKED}t.com
  • {BLOCKED}cker.com
  • {BLOCKED}it.com
  • {BLOCKED}icpop.com
  • {BLOCKED}g.com
  • {BLOCKED}ort.com
  • {BLOCKED}icmp.com
  • {BLOCKED}lfusion.com
  • {BLOCKED}0.com

Note that tracking cookies (data miners) are cookies used by two or more websites to track the affected user's web browsing habits and display advertisement or other material the users might be interested in. Similar to adware, tracking cookies collect user information for third-party recipients.

  SOLUTION

Minimum Scan Engine:

9.300

Step 1

Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.

Step 2

Scan your computer with your Trend Micro product to delete files detected as COOKIE_PROFILING If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

NOTES:

What should we do with cookies?

  • Delete cookies regularly. The browser you use should have this feature. Consult your browser’s product manual or help guide to see how to do this.
  • Consider private browsing. Browsers have modes where they disable cookies automatically. Once again, consult your browser’s product manual or help guide to see how to do this.

For more information about cookies and your privacy online, you can check out our e-book on the subject here.


Did this description help? Tell us how we did.