Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Fascinating browser redirect query

Posted on 2013-01-26
4
373 Views
Last Modified: 2013-02-05
I just came across this interesting request hijack (maybe). This link in Bytes.com
http://bytes.com/topic/c-sharp/answers/236079-can-we-pass-delegate-parameter
I think bytes.com is a reputable site, but when i click on the link in IE7 (i know i'm the only one still using it) the request gets redirected to a russian porn site and probably an attempt at bufferoverflow + ransomeware. On later chrome + later IE it doesn't so i guess either the buffer overflow doens't work on these browsers so they don't bother, or my IE7 somehow has got infected, but this seems to be the only site that's jumping, if the browser were infected it would jump all the time i would think.
Fiddler's showing a request to 37.9.53.204 immediately after bytes.com??? its bytes.com doing the redirect, or who?
0
Comment
Question by:Silas2
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 38823689
most likely you have a infected system, where either the website gets injected or DNS is manipulated
general recommendation: install your OS from a 101% clean media (and don't use any data from current system without being 102% sure that it is not infected)
0
 

Author Comment

by:Silas2
ID: 38824633
How could it be dns because its only happening on one browser version? I'm not looking for solutions, I'm trying to work out how the http is getting hijacked.
Surely, if it were a browser infection it wouldn't only happen on this link.
However, why would the request hijack be browser version specific?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
ID: 38824769
> How could it be dns because its only happening on one browser version?
browsers handle name resolution differently and it depends on browser configuration

> ...  work out how the http is getting hijacked
did you check all your autostart folders, registry entries, etc.?

> However, why would the request hijack be browser version specific?
most exploits are programmed to target the "best browser" ;-)
0
 

Author Comment

by:Silas2
ID: 38830616
Actually, i think you might have hit the nail on the head with "most exploits are programmed to target the "best browser" ;-) "
I thought that maybe an advert on bytes.com was infected with a malicious jscript which only worked on IE7 would be an explanation.
I can't beleive the DNS infection as why would it only happen on one post on one site? surely if the dns mechanism was infected it would be happening all ove the shop wouldn't it?
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Where do I find and how can I make changes to time outs parameter on a Web Server? 14 453
HTTP Polling 3 181
BAD ADDRESS on DHCP server 15 639
How to create an HTTP Streaming Receiver 8 148
Introduction and Prerequisites This article describes methods for detecting whether a client browser accepts and returns HTTP cookies and whether the client browser runs JavaScript.  Most client browsers will, by default, be configured to use cooki…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question