Results 1 to 6 of 6
  1. #1

    cookiejar.txt does this belong to IC?

    I found this delicious file on my system while doing some housekeeping (windows 7 x 64)

    C:\Users\(mycomputer)\AppData\Local\Turbine\Infini teCrisis\cookiejar.txt

    It's full of lovely stuff like ad cookies and all sorts of lovely trackers. It looks like something IC might have created to bypass the "NO COOKIES" option on my browser/system. Of course we all know that no software has to conform to the NO COOKIES mandate and I can only think that if this belongs to IC, it's done precisely to a by-pass the browser setting.

    So, does this thing belong to IC? Is it a Turbine requirement? If so, how does it get there and can I remove it permanently?


    Some samples of whats inside the present:

    • infinitecrisis.com
    • scorecardresearch.com
    • fastclick.net
    • domdex.com
    • doubleclick.net
    • atdmt.com
    • serving-sys.com
    • turn.com
    • and a lot more of the same


    Well, I think you get the picture here or rather the cookie crumbs...
    "C'est magnifique, mais ce n'est pas la guerre. C'est de la folie."
    ("It is magnificent, but it is not war. It is madness.")

    ~ French Marshal Pierre Bosquet ~

  2. #2
    Turbine Customer Support IC_Mirthgar's Avatar
    Join Date
    May 2013
    Posts
    66

    Re: cookiejar.txt does this belong to IC?

    It is used by the game but it doesn't have those other sites in it under normal circumstances (case in point on my system the only references are to InfiniteCrisis {.com} launcher/game browser URL's even after loading the store and making some purchases etc).

    Looking at the ones you listed, some of those are general website search/advertisement based sites so they may be just logged by the activity that occurs when the game initiates a browser or http (via Internet Options in the control panel) connection but that's doubtful and I agree their appearance where they shouldn't be is suspicious of itself.

    I'd go in there (internet options) and see about whether use a proxy or the other settings are active (Control Panel > Network and internet > internet options > connections tab > LAN Settings button) and if so deactivate them.

    You should also run an adware scan just in case with something like Malwarebytes/Spybot S&D or similar. If it is local basic ad serving malware usually they aren't rated with a high enough threat priority for A/V apps to remove them and you need something more specific to run them down.

    From what you're seeing in that file it sounds like possibly any browser connection initiated may be just be getting fed advertisements and local proxy host adware loves to do so. For example if you load http://support.infinitecrisis.com and see ad's on it, there aren't any and when that happens it's a local adware injecting them via being a local proxy 'host'. (Not saying this is happening, just that it sounds plausible given that the file shouldn't normally have those sites listed and does on your system.)
    Last edited by IC_Mirthgar; 07-13-2014 at 02:58 PM.

  3. #3

    Re: cookiejar.txt does this belong to IC?

    Quote Originally Posted by IC_Mirthgar View Post
    I'd go in there (internet options) and see about whether use a proxy or the other settings are active (Control Panel > Network and internet > internet options > connections tab > LAN Settings button) and if so deactivate them.
    I checked this option and there are no settings for proxy. The LAN setting in IE is set to "automatically detect settings". I think this is the default? The LAN settings in Firefox are No Proxy.

    I am pretty sure I saw this file download recently. I use dawnbase.com for reference and it may have come from there as they have a bucket load of advertising on their system.

    I will investigate this more and post what I find. Do you want a copy of the file before it vaporizes to see how they hijacked your file? Evidently someone knows that you use this and piggybacked in on your setting.

    fwiw: I have attempted to block nearly all ads on my system using browser privacy options (block sites, no cookies etc). I use only Firefox to access IC and dawnbase.com. I use IE to access LOTRO and have the same lock downs. Doesn't mean anything in reality as they can bypass these setting easily enough as is evident here.
    Last edited by Chrysalis; 07-14-2014 at 02:19 AM. Reason: more details
    "C'est magnifique, mais ce n'est pas la guerre. C'est de la folie."
    ("It is magnificent, but it is not war. It is madness.")

    ~ French Marshal Pierre Bosquet ~

  4. #4

    Re: cookiejar.txt does this belong to IC?

    I've been checking this file carefully and I think all of it comes from Infinite Crisis because nearly every cookie set references infinitecrisis.com as the domain attribute.

    There's cloudflare cookies and more from googleanayltics and scorecardresearch although the latter seem to be gathering data on the age of your visitors/players.

    What actually is this file for if it is only supposed to have 1 line in it? What's the purpose? I'm interested in trying to protect this file from being hijacked if that's what's happening.

    What else is interesting is that if this file is being hijacked then how did the bad-guys find it? IC isn't a big name site like others. The location of the file isn't prominent and if though "security by obscurity" isn't any security at all but you'd have to omit it's pretty obscure file. But if someone is hijacking it it's rather clever that they found it and are using Turbine to harvest information for them.

    fwiw: the results of virus check are all-clear but that means nothing too as a persistent virus/persistent nasty cookie that is FUD (fully undetectable) is just that: undetectable.
    "C'est magnifique, mais ce n'est pas la guerre. C'est de la folie."
    ("It is magnificent, but it is not war. It is madness.")

    ~ French Marshal Pierre Bosquet ~

  5. #5
    Turbine Customer Support IC_Mirthgar's Avatar
    Join Date
    May 2013
    Posts
    66

    Re: cookiejar.txt does this belong to IC?

    To clear up I don't think it (the system) has been affected by anything malicious since none of the sites you detailed are generally considered such.

    I think because the game and it's browser needs to have access to cookies to function properly its using the file to handle them instead of referring to them via IO for its functions and loading. I think if you allowed internet options to accept cookies that the file should revert to just ensuring that it can get to the ones it needs for its functionality through that. Turning off cookies entirely is whats triggering this essentially by having the game log all cookies as any browsing occurs in the game browser.

  6. #6

    Re: cookiejar.txt does this belong to IC?

    Quote Originally Posted by IC_Mirthgar View Post
    To clear up I don't think it (the system) has been affected by anything malicious since none of the sites you detailed are generally considered such.

    I think because the game and it's browser needs to have access to cookies to function properly its using the file to handle them instead of referring to them via IO for its functions and loading. I think if you allowed internet options to accept cookies that the file should revert to just ensuring that it can get to the ones it needs for its functionality through that. Turning off cookies entirely is whats triggering this essentially by having the game log all cookies as any browsing occurs in the game browser.
    LOL well malicious software is tracking software. An unsecured file is unsecured. If it's an unsecured text file, any malware can access it and use it. Turbine may not be the biggest fish in the pond but malware writers of all sorts just love to piggyback into systems via games. It's a rather notorious aspect of gaming. But that's fact and philosophy from my end.

    As far as turning on cookies: NEVER.

    Only the bare minimum number of cookies are allowed. If you are reading anything at all on security you will know there is absolutely no longer any cookie that is considered "harmless". They are all harmful. If they don't provide pathways for malware, they are tracking and logging personal information. They can track you regardless of if you are on IC or another site. They can be created in persistent modes which can not be removed: ever. Cookies are no longer "innocent" files that do nothing. They do a great deal of harm.

    Pervasive tracking and monitoring is now considered a "seriously bad" practice and once the IETF finishes with their proposals, software that engages in this will be considered malware itself. I truly hope IC will not fall into that category.

    I have the file locked down and so far I have seen nothing attempting to access it. I'll let you know if I see any activity.

    While I do hope that IC becomes a "clean" game, I recognize that Marketing and Sales play an important role in demanding cookies and ad-ware and trackers and loggers be placed in games and websites beyond the game mechanic matrices needed and that they negotiate financial agreements with Facebook, Twitter, twitch.tv for which Turbine gets a kick-back on every player that uses those services. That players who's systems hold cookies from IC redirect such revenue to Turbine from on-going activities long after game play has ended. It would not be untoward for someone who knows what's what in the this area to sit down with them and say: We won't do this anymore.

    If your marketing folks are not familiar with the current state of things, try the following search words:
    TAO, ANT, MUSCULAR, JTRIG, RSA Boleto Malware and IETF 7258

    If nothing else, it will open a few eyes to how cookies are re-purposed beyond what their creators intended and how malware has moved beyond those early DOS programs. Mikko Hypponen TED talk is very entertaining.
    "C'est magnifique, mais ce n'est pas la guerre. C'est de la folie."
    ("It is magnificent, but it is not war. It is madness.")

    ~ French Marshal Pierre Bosquet ~

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •