Google-jacking?

Eric Pylko eric at infinitenetworks.us
Mon Dec 1 20:45:31 UTC 2003


> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> Dave Temkin
> Sent: Monday, December 01, 2003 3:08 PM
> To: nanog at merit.edu
> Subject: Re: Google-jacking?
> 
> 
> FWIW, it's not a virus, it's something infrastructure related.  All of the
> systems that I've seen this on have all the latest DAT's and the proxy
> servers it sits behind are virus scanning as well (for both email and web)
> and use alternate vendors

This is an Active-X exploit.  It makes changes to your registry and DNS
which is why you can't get to google.  There are some other sites it munges
too.

If you can get to google on a working machine, search for the site that the
infected machines are redirecting to and you'll find out how to fix your
systems.  Here's one of the URLs it returns:
http://www.imilly.com/google.htm

-Eric

> 
> On Mon, 1 Dec 2003, Dave Temkin wrote:
> 
> > Has anyone seen a situation on their internal networks where going to a
> > (non-Google) page "Hijacks" them and they end up with either the Google
> > front page or a broken link page?
> >
> > This happens on machines both with the toolbar and without, and we've
> > seen it on machines on different networks/running different OS's.
> >
> > Just curious.
> > Thanks,
> > -Dave
> >




More information about the NANOG mailing list