Google-jacking?
Eric Pylko
eric at infinitenetworks.us
Mon Dec 1 20:45:31 UTC 2003
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> Dave Temkin
> Sent: Monday, December 01, 2003 3:08 PM
> To: nanog at merit.edu
> Subject: Re: Google-jacking?
>
>
> FWIW, it's not a virus, it's something infrastructure related. All of the
> systems that I've seen this on have all the latest DAT's and the proxy
> servers it sits behind are virus scanning as well (for both email and web)
> and use alternate vendors
This is an Active-X exploit. It makes changes to your registry and DNS
which is why you can't get to google. There are some other sites it munges
too.
If you can get to google on a working machine, search for the site that the
infected machines are redirecting to and you'll find out how to fix your
systems. Here's one of the URLs it returns:
http://www.imilly.com/google.htm
-Eric
>
> On Mon, 1 Dec 2003, Dave Temkin wrote:
>
> > Has anyone seen a situation on their internal networks where going to a
> > (non-Google) page "Hijacks" them and they end up with either the Google
> > front page or a broken link page?
> >
> > This happens on machines both with the toolbar and without, and we've
> > seen it on machines on different networks/running different OS's.
> >
> > Just curious.
> > Thanks,
> > -Dave
> >
More information about the NANOG
mailing list