Unsolicited ad inserted behind main browser window (pop-under) every time TheBlaze.com is visited.
ENVIRONMENT
Win7 SP1
Firefox 34.0 (Pop-up windows are blocked)
DESCRIPTION OF PROBLEM
Once the requested home page, from theBlaze.com server, is received by Firefox on your PC, your first mouse click will trigger the pop-under creation process. Pop-under ads are similar to pop-up ads, but the ad window appears hidden behind the main browser window rather than superimposed in front of it. The ad window is located in a new copy of Firefox. Additional mouse clicks may produce cumulative pop-under ad window creations. So, you may end up with multiple pop-under ad windows, each in a new copy of Firefox. According to many marketing “genius” this method of presenting unsolicited ads is much less abrasive than pop-ups used to be, and now recommend the use of pop-unders.
The HTML source file received from TheBlaze.com server contains (in clear) between line 158 and line 202 , the JavaScript code needed to generate the pop-under windows and also contain the URL of the advertiser.
Line numbers may vary from user to user, but look in the source file and locate the beginning and the end of the script at:
BEGIN ADSUPPLY →
the script is located here (approx 44 lines of code)
Unsolicited ad inserted behind main browser window (pop-under) every time TheBlaze.com is visited.
ENVIRONMENT
Win7 SP1
Firefox 34.0 (Pop-up windows are blocked)
DESCRIPTION OF PROBLEM
Once the requested home page, from theBlaze.com server, is received by Firefox on your PC, your first mouse click will trigger the pop-under creation process. Pop-under ads are similar to pop-up ads, but the ad window appears hidden behind the main browser window rather than superimposed in front of it. The ad window is located in a new copy of Firefox. Additional mouse clicks may produce cumulative pop-under ad window creations. So, you may end up with multiple pop-under ad windows, each in a new copy of Firefox. According to many marketing “genius” this method of presenting unsolicited ads is much less abrasive than pop-ups used to be, and now recommend the use of pop-unders.
The HTML source file received from TheBlaze.com server contains (in clear) between line 158 and line 202 , the JavaScript code needed to generate the pop-under windows and also contain the URL of the advertiser.
Line numbers may vary from user to user, but look in the source file and locate the beginning and the end of the script at:
BEGIN ADSUPPLY →
the script is located here (approx 44 lines of code)
<!-- END ADSUPPLY →
The fact that the advertiser URL is contained in the source file indicates that, this is a well organized advertizing business. In the examined case the advertiser was "gorgonkil.com".
SOLUTIONS TO STOP POP-UNDERS
This pop-under unsolicited ad plague can originate from any Web site, not only from TheBlaze.com. This is not hidden malware, but highly visible in the HTML page received from the unscrupulous Web site. Be aware that using the “block pop-up windows” parameter in Firefox > Tools > Options > Content > will not solve this problem.
InternetExplorer 11 also falls victim of the pop-under unsolicited ads. SlimBrowser7 survives elegantly and no pop-under windows are opened.
In the proposed 2 solutions, you will need to receive a first unsolicited ad, then take note of the advertiser URL and insert it in the Win7 Firewall or in the BlockSite Firefox extension.
If the unscrupulous Web site sends a large number of new and different advertiser URLs during one browsing session, then you will need to find a more elegant solution to the problem.
WIN7 Firewall
The received ad normally contains the advertiser URL (e.g. gorgonkil.com).
The Win7 firewall has the capability to block IP addresses.
The fact that Win7 Firewall requires IP addresses be expressed in dotted-decimal notation (e.g. 172.16.254.1) makes it less attractive. But, should you decide to use the dotted-decimal notation, it should work perfectly
Block Site 1.1.8 Firefox extension
Install Firefox extension “Block Site 1.1.8”. It is working very well for me.
You need to go to Block Site “Options” and “add” the URL (e.g. gorgonkil.com) you want to block.
Once enabled, the Block Site extension will display a small window for 3-4 seconds (lower right position) every time a pop-under creation is attempted by any unscrupulous offender and the pop-under will not be created.
My own “Options” file now contains more then 18 advertiser URLs (over 3-4 months).
I have stopped visiting TheBlaze.com Web site as of yesterday.
WEB SITE REPUTATION & REVIEW SERVICE
You may obtain a reputation rating for many Web sites by installing a Fiirefox extension: Web of Trust - WOT
WOT adds intuitive traffic light-style icons next to search results and URLs to help you make informed decisions about whether to visit a site or not.
A review has been submitted to WOT (12-19-2014) pertaining to TheBlaze.com. The rating is in bright red “I don't trust” (Ads/Pop-ups).
deBeaujeu