Re: http requests getting redirected to coolsavings.com

["Raghu Chinthoju" <chraghu_ml () mailcan com>]

Sonika,

Your user's PC seems to be infected by a adware. Please visit the link
below to find out more details about the infection and removal
instructions.

http://www.spywareguide.com/spydet_653_coolsavings.html

regards,
Raghu

On Wed, 19 May 2004 10:39:26 +0530, "Sonika Malhotra"
<sonikam () magnum barc ernet in> said:
> Hello List,
>
> I have a user-network which access the Internet through a proxy server
> (squid - 2.5-stable )
> We are facing a problem since few days. Any request for commonly accessed
> sites like www.google.com,www.rediff.com, www.yahoo.com gets redirected
> to the
> www.coolsavings.com
>
> The TCPdump for a session is attached for reference.kindly give some
> pointers to How is this happening?
>
> The following attached file is client-pc to proxy-server
> communication.The extra contents( packet data contents) have been removed
> considereing the file size.(still it is 51K). From the client PC the site
> www.google.com is hit and the traffic dump is taken using the ngrep tool.
>
> Regards
> Sonika

-- 
http://www.fastmail.fm - And now for something completely different…

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------