The invaluable Wesley Brandi brings us his latest cookie-stuffing scammer or as he puts it, “Today’s featured fraudster”
CouponsUniversity is allegedly defrauding multiple merchants while using javascript to try and conceal what is happening:
What CouponsUniversity is doing a little different in their scheme, is that they pick up on the error event raised by the browser when it cannot render this image. It goes something like this:
- Browser tries to load the image using the affiliate link
- The content cannot be used to load an image so the browser raises an error event
- CouponsUniversity tells the browser to remove the img tag from the site
The result is that an investigator trying to get to the bottom of this will not see the image tag at all once the site has been rendered, for it was removed (after loading the affiliate link!).
Read the whole thing, complete with code extracts.