The Alexa registry entry is created by an IE 6 install or installation of an IE Service Pack. It is nothing to worry about. It is simply a registry key that creates a menu item that points to a local web page that points to an MSN search page that uses the Alexa engine. The issue is the 'related links' feature of IE which appears as the 'Tools'/'Show Related Links' menu item, and a corresponding toolbar button if you added it (from the 'Customize...' link on the toolbar).

If you have removed this registry entry, it will be restored the next time you add a service pack for IE. Its absence does not cause any harm to IE's operation; its presence causes no real benefit. If you use 'related links', IE will contact the Alexa servers to obtain information about other web pages which might be  related. But you will not be spied on UNLESS you intentionally install other Alexa software, in which case PestPatrol will find and report a possible problem.

">


Alexa

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Recommendations ·
· Detection and Removal ·
· Research ·

Overview

Summary:

Your use of \%windir%\web\related.htm, which helps you located pages related to those found in a search, transmits the complete url of your search result to both "msn.com" and "alexa.com". In some cases this could contain sensitive information such as username, password, session id, search string, "secret paths", and more. The vulnerability has been confirmed for Internet Explorer 6 on Windows 2000 and Windows XP with all Service Packs and hotfixes.

The Alexa registry entry is created by an IE 6 install or installation of an IE Service Pack. It is nothing to worry about. It is simply a registry key that creates a menu item that points to a local web page that points to an MSN search page that uses the Alexa engine. The issue is the 'related links' feature of IE which appears as the 'Tools'/'Show Related Links' menu item, and a corresponding toolbar button if you added it (from the 'Customize...' link on the toolbar).

If you have removed this registry entry, it will be restored the next time you add a service pack for IE. Its absence does not cause any harm to IE's operation; its presence causes no real benefit. If you use 'related links', IE will contact the Alexa servers to obtain information about other web pages which might be  related. But you will not be spied on UNLESS you intentionally install other Alexa software, in which case PestPatrol will find and report a possible problem.

Alias:

 Alexa-MSN Vulnerability

Category:

Exploit: A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service.

Browser Helper Object: (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.

Search Hijacker: Any software that resets your browser's settings to point to other sites when you perform a search. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search results when such a hijacker is running will sometimes differ from non-hijacked results.

Similar Pests:

 Exploit · Browser Helper Object · Search Hijacker

Origins

Group:

 Alexa

By This Group:

 Alexa Toolbar ·

URL:

 www.alexatoolbar.com

Date of Origin:

 October, 2000

Distribution

Prevalence:
  • Alexa: 0.0%
    • More Info

    Clot Factor:
  • Alexa: 35

    • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Growth:
  • Alexa: Insufficient data to report growth
    		•

    Operation

    Storage Required:
  • Alexa: at least 201 KB
    		•

    Browser Performance:

    		 Likely to slow performance of Internet Explorer.

    Risks

    Privacy Policy:

    		 http://pages.alexa.com/help/privacy.html

    Recommendations

    Other Solutions:
    • Filter traffic at your perimeter so that no data may be sent to "msn.com" and "alexa.com".
    • Don't use the "Show Related Links" feature of IE.
    • Remove the registry entry
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    • Close your browser after you have used it.
    • Delete the page \%windir%\web\related.htm

    WorkAround:

    Locate the file %windir%\web\related.htm.

    Open with notepad, and replace this line:

    userURL=external.menuArguments.location.href;
    RelatedServiceURL="http://www.msn.com/search?as_rq=";

    with this:

    userURL=external.menuArguments.location.href;
    RelatedServiceURL="http://www.google.com/search?as_rq=";

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove Alexa from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Unregister DLLs:

    Unregister these DLLs with Regsvr32, then reboot:

    Clean Registry:

    Remove these registry items (if present) with RegEdit:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Restore Settings:

    After following the instructions above, you will still need to restore your original settings and prevent this from happening again. Here''s how.

    Research

    File Analyses:

    More Info:
  • Is Alexa Spying On You?
  • Internet Explorer Exposes Sensitive Information
  • ALEXA'S BROWSER COMPANION SOFTWARE ("TOOLBAR SERVICE") COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS, AND, WITH VERSIONS 5.0 AND HIGHER, THE PRODUCTS YOU PURCHASE ONLINE WHILE USING THE TOOLBAR SERVICE. ALTHOUGH ALEXA DOES NOT ATTEMPT TO ANALYZE WEB USAGE DATA TO DETERMINE THE IDENTITY OF ANY ALEXA USER, SOME INFORMATION COLLECTED BY THE TOOLBAR SERVICE IS PERSONALLY IDENTIFIABLE. ALEXA AGGREGATES AND ANALYZES THE INFORMATION IT COLLECTS TO IMPROVE ITS SERVICE AND TO PREPARE REPORTS ABOUT AGGREGATE WEB USAGE AND SHOPPING HABITS.
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • Mike Shepherd
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 25, 2005