?
Solved

Fascinating browser redirect query

Posted on 2013-01-26
4
Medium Priority
?
384 Views
Last Modified: 2013-02-05
I just came across this interesting request hijack (maybe). This link in Bytes.com
http://bytes.com/topic/c-sharp/answers/236079-can-we-pass-delegate-parameter
I think bytes.com is a reputable site, but when i click on the link in IE7 (i know i'm the only one still using it) the request gets redirected to a russian porn site and probably an attempt at bufferoverflow + ransomeware. On later chrome + later IE it doesn't so i guess either the buffer overflow doens't work on these browsers so they don't bother, or my IE7 somehow has got infected, but this seems to be the only site that's jumping, if the browser were infected it would jump all the time i would think.
Fiddler's showing a request to 37.9.53.204 immediately after bytes.com??? its bytes.com doing the redirect, or who?
0
Comment
Question by:Silas2
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 38823689
most likely you have a infected system, where either the website gets injected or DNS is manipulated
general recommendation: install your OS from a 101% clean media (and don't use any data from current system without being 102% sure that it is not infected)
0
 

Author Comment

by:Silas2
ID: 38824633
How could it be dns because its only happening on one browser version? I'm not looking for solutions, I'm trying to work out how the http is getting hijacked.
Surely, if it were a browser infection it wouldn't only happen on this link.
However, why would the request hijack be browser version specific?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1000 total points
ID: 38824769
> How could it be dns because its only happening on one browser version?
browsers handle name resolution differently and it depends on browser configuration

> ...  work out how the http is getting hijacked
did you check all your autostart folders, registry entries, etc.?

> However, why would the request hijack be browser version specific?
most exploits are programmed to target the "best browser" ;-)
0
 

Author Comment

by:Silas2
ID: 38830616
Actually, i think you might have hit the nail on the head with "most exploits are programmed to target the "best browser" ;-) "
I thought that maybe an advert on bytes.com was infected with a malicious jscript which only worked on IE7 would be an explanation.
I can't beleive the DNS infection as why would it only happen on one post on one site? surely if the dns mechanism was infected it would be happening all ove the shop wouldn't it?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
Introduction HyperText Transfer Protocol (http://www.ietf.org/rfc/rfc2616.txt) or "HTTP" is the underpinning of internet communication.  As a teacher of web development I have heard many questions, mostly from my younger students who have come to t…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses
Course of the Month14 days, 19 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question