nanog mailing list archives
RE: Google-jacking?
From: "Eric Pylko" <eric () infinitenetworks us>
Date: Mon, 1 Dec 2003 15:45:31 -0500
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Dave Temkin Sent: Monday, December 01, 2003 3:08 PM To: nanog () merit edu Subject: Re: Google-jacking? FWIW, it's not a virus, it's something infrastructure related. All of the systems that I've seen this on have all the latest DAT's and the proxy servers it sits behind are virus scanning as well (for both email and web) and use alternate vendors
This is an Active-X exploit. It makes changes to your registry and DNS which is why you can't get to google. There are some other sites it munges too. If you can get to google on a working machine, search for the site that the infected machines are redirecting to and you'll find out how to fix your systems. Here's one of the URLs it returns: http://www.imilly.com/google.htm -Eric
On Mon, 1 Dec 2003, Dave Temkin wrote:Has anyone seen a situation on their internal networks where going to a (non-Google) page "Hijacks" them and they end up with either the Google front page or a broken link page? This happens on machines both with the toolbar and without, and we've seen it on machines on different networks/running different OS's. Just curious. Thanks, -Dave
Current thread:
- Google-jacking? Dave Temkin (Dec 01)
- Re: Google-jacking? Dave Temkin (Dec 01)
- RE: Google-jacking? Eric Pylko (Dec 01)
- Re: Google-jacking? Dave Temkin (Dec 01)