Solved

Fascinating browser redirect query

Posted on 2013-01-26
4
375 Views
Last Modified: 2013-02-05
I just came across this interesting request hijack (maybe). This link in Bytes.com
http://bytes.com/topic/c-sharp/answers/236079-can-we-pass-delegate-parameter
I think bytes.com is a reputable site, but when i click on the link in IE7 (i know i'm the only one still using it) the request gets redirected to a russian porn site and probably an attempt at bufferoverflow + ransomeware. On later chrome + later IE it doesn't so i guess either the buffer overflow doens't work on these browsers so they don't bother, or my IE7 somehow has got infected, but this seems to be the only site that's jumping, if the browser were infected it would jump all the time i would think.
Fiddler's showing a request to 37.9.53.204 immediately after bytes.com??? its bytes.com doing the redirect, or who?
0
Comment
Question by:Silas2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 38823689
most likely you have a infected system, where either the website gets injected or DNS is manipulated
general recommendation: install your OS from a 101% clean media (and don't use any data from current system without being 102% sure that it is not infected)
0
 

Author Comment

by:Silas2
ID: 38824633
How could it be dns because its only happening on one browser version? I'm not looking for solutions, I'm trying to work out how the http is getting hijacked.
Surely, if it were a browser infection it wouldn't only happen on this link.
However, why would the request hijack be browser version specific?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
ID: 38824769
> How could it be dns because its only happening on one browser version?
browsers handle name resolution differently and it depends on browser configuration

> ...  work out how the http is getting hijacked
did you check all your autostart folders, registry entries, etc.?

> However, why would the request hijack be browser version specific?
most exploits are programmed to target the "best browser" ;-)
0
 

Author Comment

by:Silas2
ID: 38830616
Actually, i think you might have hit the nail on the head with "most exploits are programmed to target the "best browser" ;-) "
I thought that maybe an advert on bytes.com was infected with a malicious jscript which only worked on IE7 would be an explanation.
I can't beleive the DNS infection as why would it only happen on one post on one site? surely if the dns mechanism was infected it would be happening all ove the shop wouldn't it?
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
Introduction A frequent question goes something like this, "How can I show an introductory page to my clients on the first site visit, but not show it again on every visit?"  The answer is by using a cookie.  This article shows the design pattern f…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question