Open source software security

Anatomy of Web Bugs

30 November -0001
By: Justin C. Klein Keane

A web bug is analogous to the listening devices used for eavesdropping. Web bugs use server logs to monitor who has viewed certain images and pages. Web bugs can easily be placed inside an HTML encoded e-mail or web page in an image tag. For instance, if I were to send myself an e-mail with the following code embedded in it and encoded as HTML:

<img src=http://www.madirish.net/images/bogus.jpg" width="1" height="1"/>

My web logs would look like this:

[Mon Feb 12 12:30:10 2001] [error] [client 216.25.200.130] File does not exist: /home/httpd/html/images/bogus.jpg

Notice that the date, time, and IP address of who opened the file are noted, along with the file name. Optionally you could name the file based on the recipient of the e-mail, or even use an html page source with optional arguments to document the nature of the e-mail, when it was sent, etc. Using this method I can track who reads the e-mail (based on requests for the image) what their IP address is, and when they read the mail.

The trick to web bugs is to get clients to request certain files and pages from a server and to track the server logs to analyze the requests. All in all this is not very difficult, it is very innocuous, and all its invisible to the end viewer. After all, assuming the image is real and doesn't produce a broken image link, who is going to notice a one pixel by one pixel image, especially if it is white?