AVG 2011 – Surf Shield Bug – avg_ls_dom.js

Recently I faced issues loading webpages in Chrome. Many websites failed to load including my Blog. Websites that have a lot of java scripts especially Adsense units (Image and Text) took a lot of time to load. I tested the page elements load time with firefox browser with firebug and Google Page speed addon and found a mysterious Java Script ‘/A2EB891D63C8/avg_ls_dom.js’

It looks like the problem is due to Surf Shield a part of Link Scanner module of AVG 2011. "AVG Surf-Shield actively checks web pages in real-time every time you click a link or enter a web address directly into your browser". This is done by adding a script element to the very beginning of every HTML page rendered inside the browser. This element loads a local JavaScript file called ‘avg_ls_dom.js’.

The script is injected in a non-standard way, right after the document definition and outside of the <head> element, where such resources are normally defined. This technique is most likely used to ensure that avg_ls_dom.js is loaded before any other script possibly injected by attackers into the original page. The JavaScript code inside the file is supposed to create a buffer with the content of the page and submit it via POST to another relative URL called /CC0227228D62/CheckData.

httpRequest.open("POST", "/CC0227228D62/CheckData", false);
httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
httpRequest.send(params);

This request should again be intercepted by the AVG module, which should inspect the code and give the go-ahead to display the page or tell the script to throw an error instead. However, it seems that a bug causes the proxy-like component to let requests through and get sent to the server from where the page was loaded.

Once I disabled the Surf Shield option in Link Scanner the issue got resolved.

Ref: http://news.softpedia.com/news/AVG-2011-Bug-Affects-Browsing-Experience-Could-Also-Hurt-Websites-160515.shtml

Share