Chris White's Blog

Software developer from Edinburgh. I mainly do PHP stuff with Laravel and Angular stuff with TypeScript. I like to pair APIs to SPAs while drinking IPAs.

Live HTTP Headers (and other Chrome extensions) distributing adware

November 10, 2016 in #live http headers #adware | | | Share on Google+

In the last couple of days I've had an in-page modal window pop up on some websites with the title "Sponsored by [website address]". At first I didn't think anything of it, but this is the second time I've seen it now so I did some digging. The modal window looks like the below, except in your case it's probably showing an advert.

I have uBlock Origin installed so this took me by surprise. It was either malware that had been introduced to my macOS system (unlikely), or something I've installed in Chrome that had decided to go rogue and inject advertisements into pages, bypassing uBlock Origin.

With not a lot of information to go on, I opened up developer tools to look at the markup of the modal window, hoping that I could find a vendor-specific element name that I could Google for. While that wasn't the case, I did find a somewhat unique element name for the modal.

Googling the term "asgds_modal" (in quotes) turned up this reddit thread, where a lot of users are reporting that Chrome extensions are the culprit. In my case, it was Live HTTP Headers.

Luckily the fix to this is quick and simple. Just remove the Chrome extension. Make sure you also tick the report abuse flag.

Even after removing the extension, as one last-ditch attempt to advertise to me, I got redirected to a liposuction landing page.

Some other extensions that have been reported to cause this issue are:

  • Inject jQuery
  • W3Schools Hider
  • HTTP Headers

As if to confirm the theory, all of the Chrome web store links for these extensions now return a 404 page. Good riddance.

November 10, 2016 in #live http headers #adware | | | Share on Google+