RE: Google-jacking?

["Eric Pylko" <eric () infinitenetworks us>]

> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
> Dave Temkin
> Sent: Monday, December 01, 2003 3:08 PM
> To: nanog () merit edu
> Subject: Re: Google-jacking?
>
>
> FWIW, it's not a virus, it's something infrastructure related.  All of the
> systems that I've seen this on have all the latest DAT's and the proxy
> servers it sits behind are virus scanning as well (for both email and web)
> and use alternate vendors

This is an Active-X exploit.  It makes changes to your registry and DNS
which is why you can't get to google.  There are some other sites it munges
too.

If you can get to google on a working machine, search for the site that the
infected machines are redirecting to and you'll find out how to fix your
systems.  Here's one of the URLs it returns:
http://www.imilly.com/google.htm

-Eric

> On Mon, 1 Dec 2003, Dave Temkin wrote:
>
> > Has anyone seen a situation on their internal networks where going to a
> > (non-Google) page "Hijacks" them and they end up with either the Google
> > front page or a broken link page?
> >
> > This happens on machines both with the toolbar and without, and we've
> > seen it on machines on different networks/running different OS's.
> >
> > Just curious.
> > Thanks,
> > -Dave