Solved

Fascinating browser redirect query

Posted on 2013-01-26
4
376 Views
Last Modified: 2013-02-05
I just came across this interesting request hijack (maybe). This link in Bytes.com
http://bytes.com/topic/c-sharp/answers/236079-can-we-pass-delegate-parameter
I think bytes.com is a reputable site, but when i click on the link in IE7 (i know i'm the only one still using it) the request gets redirected to a russian porn site and probably an attempt at bufferoverflow + ransomeware. On later chrome + later IE it doesn't so i guess either the buffer overflow doens't work on these browsers so they don't bother, or my IE7 somehow has got infected, but this seems to be the only site that's jumping, if the browser were infected it would jump all the time i would think.
Fiddler's showing a request to 37.9.53.204 immediately after bytes.com??? its bytes.com doing the redirect, or who?
0
Comment
Question by:Silas2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 38823689
most likely you have a infected system, where either the website gets injected or DNS is manipulated
general recommendation: install your OS from a 101% clean media (and don't use any data from current system without being 102% sure that it is not infected)
0
 

Author Comment

by:Silas2
ID: 38824633
How could it be dns because its only happening on one browser version? I'm not looking for solutions, I'm trying to work out how the http is getting hijacked.
Surely, if it were a browser infection it wouldn't only happen on this link.
However, why would the request hijack be browser version specific?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
ID: 38824769
> How could it be dns because its only happening on one browser version?
browsers handle name resolution differently and it depends on browser configuration

> ...  work out how the http is getting hijacked
did you check all your autostart folders, registry entries, etc.?

> However, why would the request hijack be browser version specific?
most exploits are programmed to target the "best browser" ;-)
0
 

Author Comment

by:Silas2
ID: 38830616
Actually, i think you might have hit the nail on the head with "most exploits are programmed to target the "best browser" ;-) "
I thought that maybe an advert on bytes.com was infected with a malicious jscript which only worked on IE7 would be an explanation.
I can't beleive the DNS infection as why would it only happen on one post on one site? surely if the dns mechanism was infected it would be happening all ove the shop wouldn't it?
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction One of the frequent application design questions goes something like this: "How can I confirm when a client registers on my web site?" The registration might be for general use of a self-administered site like a forum, or for attend…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question