The other day, while I was going about my browsing, a pop-under ad stopped by.
These nasty little ads are widely despised by Internet users, and typically I just filter them out, but sometimes it's necessary to disable the filter for a moment to let someone's animation-ridden site do its thing, and that's when it came along.
Much as I dislike pop-unders (and -overs, for that matter), this particular visitor was an especially obnoxious example of its nasty little clique. While it purported to be political propaganda, I suspect it was something very different.
At first glance the ad was simple enough - an exhortation to join the GOPTeamLeader, an online service for U.S. Republican Party activists. It invited me to fill in my name and a couple of personal details - email and physical addresses - and offered a button to join the service.
So we follow the link to the ad sponsor's homepage, and see what they have to say for themselves, right? Wrong - there's no such link. No link of any sort in fact, aside from the form's "submit" button.
For all I know, this might not be an ad for the Republican Party at all. It could be a spam agent out gathering personal data. The URL of the page (not visible on the actual window, since the status bar and title bar were obfuscated) was an on-line ad-host - not promising but not necessarily incriminating. There's no reason why a political party shouldn't hire a commercial ad provider to offer a service.
More interesting was the form's submit target - an IP address unrelated to either the ad-host or any of the GOP sites ("Grand Old Party" is an historical appellation for the Republicans). Now that's starting to look suspicious. More so was the fact that the site doesn't identify itself - no web homepage (just the hosting script for form submission), an ftp service that doesn't name the server, and so on. Reverse DNS, nothing. Traceroute showed me where it's hosted, but no answer to my queries in that direction as yet.
In conclusion, I was presented with a pop-under ad that was either a particularly insidious attempt at harvesting personal details for a nameless commercial entity, or it was a woefully inadequate example of ignorant propaganda. My money's on the former, although the GOP web admins have as yet not deigned to answer my queries.
All the anti-virus, web-filter, firewall and IDS tools in the world won't protect innocent users from social engineering attacks. For if not GOP propaganda, that's exactly what it was. I'd love to be proved wrong, even if that would mean putting Republican web efforts in my bad books, but I suspect not.
Every time I start to sympathize with web advertisers or mailing services which do seem to be trying to make a difference, something like this happens. The net result (if you'll pardon the pun) is the undercurrent of distrust and suspicion evinced by so many web users, to the detriment of those offering legitimate services. How much business are you losing because customers simply distrust every service by default? Hopefully, not much - yet. But I don't see that problem getting any smaller, quite the opposite in fact. Regulations and controls are well-meaning but badly coordinated, and not making a whole lot of difference. Perhaps when the online revolution comes, this lot will be first against the wall, and the world will be a happier place. Or not - but a man can dream, can't he?
Jon Tullett is U.K. editor for SC Magazine (www.scmagazine.com).