Solved

Fascinating browser redirect query

Posted on 2013-01-26
4
368 Views
Last Modified: 2013-02-05
I just came across this interesting request hijack (maybe). This link in Bytes.com
http://bytes.com/topic/c-sharp/answers/236079-can-we-pass-delegate-parameter
I think bytes.com is a reputable site, but when i click on the link in IE7 (i know i'm the only one still using it) the request gets redirected to a russian porn site and probably an attempt at bufferoverflow + ransomeware. On later chrome + later IE it doesn't so i guess either the buffer overflow doens't work on these browsers so they don't bother, or my IE7 somehow has got infected, but this seems to be the only site that's jumping, if the browser were infected it would jump all the time i would think.
Fiddler's showing a request to 37.9.53.204 immediately after bytes.com??? its bytes.com doing the redirect, or who?
0
Comment
Question by:Silas2
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
most likely you have a infected system, where either the website gets injected or DNS is manipulated
general recommendation: install your OS from a 101% clean media (and don't use any data from current system without being 102% sure that it is not infected)
0
 

Author Comment

by:Silas2
Comment Utility
How could it be dns because its only happening on one browser version? I'm not looking for solutions, I'm trying to work out how the http is getting hijacked.
Surely, if it were a browser infection it wouldn't only happen on this link.
However, why would the request hijack be browser version specific?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
Comment Utility
> How could it be dns because its only happening on one browser version?
browsers handle name resolution differently and it depends on browser configuration

> ...  work out how the http is getting hijacked
did you check all your autostart folders, registry entries, etc.?

> However, why would the request hijack be browser version specific?
most exploits are programmed to target the "best browser" ;-)
0
 

Author Comment

by:Silas2
Comment Utility
Actually, i think you might have hit the nail on the head with "most exploits are programmed to target the "best browser" ;-) "
I thought that maybe an advert on bytes.com was infected with a malicious jscript which only worked on IE7 would be an explanation.
I can't beleive the DNS infection as why would it only happen on one post on one site? surely if the dns mechanism was infected it would be happening all ove the shop wouldn't it?
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now