The sheep on the Neopets site are bleating very loudly at the moment about cookie grabbers again. I have always asserted that one has nothing to fear from the turd burglars who write these things if one uses a bit of common sense:
1) Don’t use IE for browsing. It is an electronic trainwreck.
2) Use NoScript in Firefox and CONFIGURE IT PROPERLY. Whitelist neopets.com and don’t let any even marginally questionable sites run script.
3) Don’t bother with stupid IM programs, silly add-ins for social networking sites, or P2P software.
4) If you are going so surf for porn, expect keylogging/spyware installs.
5) Don’t share passwords between sites…especially for your email accounts (which are often the weak link and gateway for people to get into your account).
6) Install and keep your antivirus software up to date.
7) Don’t choose easily guessed PINs or passwords.
I’m putting my Neopoints where my mouth is, too. I have had a board up on BDChat for over two days now challenging anyone to send me a link from which I can get cookie grabbed. I’ve tried over a dozen so far…nothing. Zip, zilch, nada.
It makes one wonder which of the 7 things above people are doing wrong to have their accounts lifted. 
I’ll extend the challenge to here while I am at it. Drop me a link. What is the worst that could happen? You might walk away with my account!
Or…if you have some CG code that you have seen, feel free to post it. I am quite curious about how this latest variant works. I don’t buy for a minute that I am in any danger, but I would like to see what the unwashed masses using IE are up against.
http://h1.ripway.com/Hecate/54_32.txt
^
Comment by Hecate — June 30, 2009 @ 7:49 pm
It’s gone now, but thanks for sharing. Very interesting code there, but it was rendered inert by NoScript.
Comment by goofyspouse — June 30, 2009 @ 10:45 pm
Oh, did you get a response from NoScript with that code? NoScript didn’t seem to notice anything at all in that shop when I went, but I don’t know if that was because something or other had disabled it already.
Comment by Hecate — July 1, 2009 @ 1:45 pm
I manually loaded the code by creating a small HTML file on my PC and launching it in FF. Nuffin.
Comment by goofyspouse — July 1, 2009 @ 7:51 pm
http://dothejive.110mb.com/usergoeshere.html?type=shop&obj_type=83
Try this one. It looks to be something in an iframe with a src starting as images.neopets.com, and a script that looks like it redirects you to an actual tarla link. One of the fake tarla links is redirecting to here.
Comment by Hecate — July 6, 2009 @ 2:17 pm
Yep…that is the same location most of them have been attempting to redirect me to. Key word: TRYING. NoScript stops it dead in its tracks.
Thanks for the link!
Comment by goofyspouse — July 6, 2009 @ 3:54 pm
http://www.neopets.com/gallery/index.phtml?gu=androboi
http://www.neopets.com/gallery/index.phtml?gu=fyoras_favorites
Two gallery CGers.
http://kafir.arabs.ps/dongs/shitbin/vinko.js
This appears to be the javascript that does it.
Comment by Farmerluk — July 9, 2009 @ 4:15 pm
So you know Spanky is in 3rd place!! I couldn’t believe it when I checked the other night! Are you slacking?
Comment by danniegurl4388 — August 14, 2009 @ 9:59 am
i wanna make luv to goofyspouse. He is the sexiest thing in the face of the earth! I want 2 have ur babies goofy!
Comment by Urs Truely — August 14, 2009 @ 11:48 am