Spyware Warrior

[mallen1]

I recently signed up with an on-line gaming site. Apparently, a cookie on my system hooked itself to my account application, establishing itself as an "affiliate" for which it receives a monetary commission from the on-line gaming site.

My first question is this: would an entity with the computer savvy to pull off this stunt, to compromise my account application without my knowledge, likely possess the ability to hack into my password account at the said gaming site? I'm concerned about the security of my account as I debate whether or not to permanently close it.

My second question is this: does this fraudulent behavior constitute Internet fraud?
_________________
HARDWARE
CoolerMaster WaveMaster TAC-T01 Mid-Tower, Intel D975XBX2KR Bad Axe 2 Mobo, Intel® Core™2 Quad 2.4GHz Q6600 Processor, Corsair 4GB [2(2 x 1GB kit)] 5300 DDR2 SDRAM, eVGA e-GeForce 8800GT AKIMBO 512MB SC, Hauppauge HVR-1600, PreSonus Firebox Firewire audio interface/sound card recording system, 4 Seagate 320GB 7200.10 16MB cache HDDs. Seagate FreeAgent XTreme 1TB External Backup.

[roger_m]

Cookies are completely harmless, I have well over 5,000 cookies on my computer and that number grows daily.

Cookies are simply text files and can not be used to hack into your account so don't worry about that.

[suzi]

mallen1, that sounds a bit like "cookie stuffing" Take a look at this article.

http://www.benedelman.org/cookiestuffing/

There's also cookie hijacking:
http://en.wikipedia.org/wiki/HTTP_cookie
http://en.wikipedia.org/wiki/Session_hijacking
http://fscked.org/blog/fully-automated-active-https-cookie-hijacking

Cookies are text files, but they can be manipulated. What you describe might constitute internet fraud, but I'm not sure. But who will receive the monetary commission and how did you figure out what happened? Do you know what cookie on your system was used?

If it were me, I'd close the account, or at least contact the site and see if there's anything they can do.

Cookies may be harmless, but they can also be a privacy issue. I don't worry about cookies too much, but there are some apps you can use to select what cookies you want to keep and then delete all the rest. WinPatrol and CCleaner are good for managing cookies.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[mallen1]

suzi, thanks for taking the time to write.

I sincerely appreciate the links you sent. I have read them all and they certainly haven't allayed my concerns. Information can be a double edged sword.

I've been in an extensive email dialog with the merchant. In a nutshell, I've asked them to either:
1. provide me the name/website of the "affiliate",
2. close my account and allow me to reopen it cleanly, or
3. close my account permanently.

They have refused all three requests.

The are a Native American consortium, bound by US Federal Indian Law and Tribal Law. I'm not sure if they have to do anything I request, no matter how reasonable.

But I wish to returning to the pressing issue: my security. Is it conceivable that the "affiliate" has access to my account? If I were to fund my account, is it conceivable that the "affiliate" would have access to my money within my account?

suzi, I would sincerely appreciate your thoughts and suggestions.
_________________
HARDWARE
CoolerMaster WaveMaster TAC-T01 Mid-Tower, Intel D975XBX2KR Bad Axe 2 Mobo, Intel® Core™2 Quad 2.4GHz Q6600 Processor, Corsair 4GB [2(2 x 1GB kit)] 5300 DDR2 SDRAM, eVGA e-GeForce 8800GT AKIMBO 512MB SC, Hauppauge HVR-1600, PreSonus Firebox Firewire audio interface/sound card recording system, 4 Seagate 320GB 7200.10 16MB cache HDDs. Seagate FreeAgent XTreme 1TB External Backup.

[mallen1]

suzi, I forgot to answer your question. You'll love this. You asked how I figured out that this happened. I didn't. The merchant account told me.
_________________
HARDWARE
CoolerMaster WaveMaster TAC-T01 Mid-Tower, Intel D975XBX2KR Bad Axe 2 Mobo, Intel® Core™2 Quad 2.4GHz Q6600 Processor, Corsair 4GB [2(2 x 1GB kit)] 5300 DDR2 SDRAM, eVGA e-GeForce 8800GT AKIMBO 512MB SC, Hauppauge HVR-1600, PreSonus Firebox Firewire audio interface/sound card recording system, 4 Seagate 320GB 7200.10 16MB cache HDDs. Seagate FreeAgent XTreme 1TB External Backup.

[suzi]

I would not think the affiliate has your account info, but I can't say with complete certainty.

One thing you could do is delete all your cookies. Before deleting them, however, I would locate the cookie, or cookies, for that site and look at their contents. It might tell you something.

If it were me, I think I'd find a different gaming site, too.

I don't exactly understand what you mean by this:

[mallen1]

Yep, by email. I've been fighting with them for days and days after they informed me that I was "affiliated" with another business to whom they were bound by their "Standard Affiliate Agreement".

They said I either clicked on a banner ad or had a cookie on my system from a previous visit to the affiliate's site. Since I know what HTTP address I was on when I linked off to establish my account. The address is a place I've been a member for years and claims not to be the affiliate (a fact confirmed by the merchant site). That limits the options as to what happened.

Also, they (the affiliate) modified my account application by somehow entering a referral code onto it. The merchant site told me what the referral code was and it was a string of letters I had never heard of.
_________________
HARDWARE
CoolerMaster WaveMaster TAC-T01 Mid-Tower, Intel D975XBX2KR Bad Axe 2 Mobo, Intel® Core™2 Quad 2.4GHz Q6600 Processor, Corsair 4GB [2(2 x 1GB kit)] 5300 DDR2 SDRAM, eVGA e-GeForce 8800GT AKIMBO 512MB SC, Hauppauge HVR-1600, PreSonus Firebox Firewire audio interface/sound card recording system, 4 Seagate 320GB 7200.10 16MB cache HDDs. Seagate FreeAgent XTreme 1TB External Backup.

[suzi]