Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Malicious websites

Reply
Thread Tools

Malicious websites

 
 
bjones
Guest
Posts: n/a
 
      12-08-2003
Don't know much about these but one seemed to pop up out of nowhere on my pc
this morning while surfing cnn.com

http://object.passthison.com/console/home.html

It showed in an IExplore browser window, no tool bars, all red screen with a
small window in the middle which said "Hold down your enter key for 10
seconds to see a neat trick". I didn't do it. Couldn't close the window
normally, had to use task manager to do it.

Ring any bells with anyone? TIA




 
Reply With Quote
 
 
 
 
Boomer
Guest
Posts: n/a
 
      12-08-2003
bjones, <(E-Mail Removed)> wrote:

> Don't know much about these but one seemed to pop up out of
> nowhere on my pc this morning while surfing cnn.com
>
> http://object.passthison.com/console/home.html
>
> It showed in an IExplore browser window, no tool bars, all red
> screen with a small window in the middle which said "Hold down
> your enter key for 10 seconds to see a neat trick". I didn't do
> it. Couldn't close the window normally, had to use task manager
> to do it.
>
> Ring any bells with anyone? TIA


http://www.google.com/groups?as_epq=...om&safe=images
&ie=ISO-8859-1&as_scoring=d&lr=&num=100&hl=en


Your shorter link is: http://makeashorterlink.com/?P29622EB6
 
Reply With Quote
 
 
 
 
░Mike░
Guest
Posts: n/a
 
      12-08-2003
It's a home page hijacker, which tricks you into holding down
the ENTER key, thus pressing "Yes" when asked to change
your home page. Of course, you probably won't see this, as
it happens so fast.

This is the "neat trick" - not a trick, at all, and quite safe:
http://object.passthison.com/console/Starfield3D.htm


This is (part of) the raw code for the home hijack page:

Header Information
-------------------------
HTTP/1.1 200 OK
Age: 16841
Accept-Ranges: bytes
Date: Sun, 07 Dec 2003 20:01:50 GMT
Content-Length: 3781
Content-Type: text/html
Server: Apache/1.3.26 (Unix)
Last-Modified: Sat, 06 Dec 2003 21:47:21 GMT
ETag: "a2406-ec5-3fd24e69"
Via: 1.1 webcacheB03 (NetCache NetApp/5.2.1R3)

Page Data
-------------------------
<HTML XMLNS:IE>
<head>
<title>Windows</title>
<STYLE>
@media all {
IE\:HOMEPAGE {behavior:url(#default#homepage)}
}
</STYLE>
<IE:HOMEPAGE ID="homepage" />
<script language=Javascript>
function pop(){
var expdate = new Date((new Date()).getTime() + 172800000);
if (-1 == -1) {
document.cookie="home=general; expires=" + expdate.toGMTString() + "; path=/;";

if(ie){ homepage.setHomePage("http://xxxxxxx-xxxxxxxx-xxxxxxx.xxx/xxxxx.xxx?xxxxxxxx");
}
}
//self.close();
}
var ie = false;
var ns = false;
if(parseInt(navigator.appVersion) >= 4){
if(navigator.appName.indexOf("crosoft") != -1) ie = true;
if(navigator.appName.indexOf("etscape") != -1) ns = true;
}
</script>
</head>
<body bgcolor=red leftborder=0 topborder=0 borderleft=0 bordertop=0>
<script language=javascript>
<!--
var agt=navigator.userAgent.toLowerCase();
var is_ie = (agt.indexOf("msie") != -1);
var is_aol = (agt.indexOf("aol") != -1);
if (!is_aol) {
self.moveTo(0,0);
self.resizeTo(screen.availWidth,screen.availHeight );
}
//-->
</script>

<Script snipped>

window.open('Starfield3D.htm');
self.close();
</script>
</body>
</html>


On Sun, 7 Dec 2003 19:35:56 -0500, in
<vGPAb.11066$(E-Mail Removed)>
bjones scrawled:

>Don't know much about these but one seemed to pop up out of
>nowhere on my pc this morning while surfing cnn.com
>
>http://object.passthison.com/console/home.html
>
>It showed in an IExplore browser window, no tool bars, all red
>screen with a small window in the middle which said "Hold down
>your enter key for 10 seconds to see a neat trick". I didn't do it.
>Couldn't close the window normally, had to use task manager to
>do it.
>
>Ring any bells with anyone? TIA
>
>
>


--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
Tim Weaver
Guest
Posts: n/a
 
      12-08-2003
Boomer wrote:
> bjones, <(E-Mail Removed)> wrote:
>
>> Don't know much about these but one seemed to pop up out of
>> nowhere on my pc this morning while surfing cnn.com
>>
>> http://object.passthison.com/console/home.html
>>
>> It showed in an IExplore browser window, no tool bars, all red
>> screen with a small window in the middle which said "Hold down
>> your enter key for 10 seconds to see a neat trick". I didn't do
>> it. Couldn't close the window normally, had to use task manager
>> to do it.
>>
>> Ring any bells with anyone? TIA

>
> http://www.google.com/groups?as_epq=...om&safe=images
> &ie=ISO-8859-1&as_scoring=d&lr=&num=100&hl=en
>
>
> Your shorter link is: http://makeashorterlink.com/?P29622EB6


I like TinyURL better because you don't pitstop at their stie.

<snerk>

Boy, this problem seems nasty. Not destructive, just a pain in the
hignie.

--
Tim Weaver
PGP Public Key - http://home.comcast.net/~tweaver2000/public_key.html
"I know you think you understand what you thought I said,
but I am not sure that what you heard is not what I meant."
 
Reply With Quote
 
Boomer
Guest
Posts: n/a
 
      12-08-2003
Tim Weaver, <tim_m_weaver(REMOVE_THIS)(E-Mail Removed)> wrote:

> Boomer wrote:
>> bjones, <(E-Mail Removed)> wrote:
>>
>>> Don't know much about these but one seemed to pop up out of
>>> nowhere on my pc this morning while surfing cnn.com
>>>
>>> http://object.passthison.com/console/home.html
>>>
>>> It showed in an IExplore browser window, no tool bars, all red
>>> screen with a small window in the middle which said "Hold down
>>> your enter key for 10 seconds to see a neat trick". I didn't
>>> do it. Couldn't close the window normally, had to use task
>>> manager to do it.
>>>
>>> Ring any bells with anyone? TIA

>>
>> http://www.google.com/groups?as_epq=...son.com&safe=i
>> mages &ie=ISO-8859-1&as_scoring=d&lr=&num=100&hl=en
>>
>>
>> Your shorter link is: http://makeashorterlink.com/?P29622EB6

>
> I like TinyURL better because you don't pitstop at their stie.


Hush!
>
> <snerk>
>
> Boy, this problem seems nasty. Not destructive, just a pain in
> the hignie.


Why do you think I stay on usenet! Some weird stuff out there on the
www! Scary!

BTW did you get my e-mail?

 
Reply With Quote
 
░Mike░
Guest
Posts: n/a
 
      12-08-2003
On 8 Dec 2003 01:16:17 GMT, in
<(E-Mail Removed)-berlin.de>
Tim Weaver <tim_m_weaver(REMOVE_THIS)(E-Mail Removed)> scrawled:

>Boomer wrote:
>> bjones, <(E-Mail Removed)> wrote:
>>
>>> Don't know much about these but one seemed to pop up out of
>>> nowhere on my pc this morning while surfing cnn.com
>>>
>>> http://object.passthison.com/console/home.html
>>>
>>> It showed in an IExplore browser window, no tool bars, all red
>>> screen with a small window in the middle which said "Hold down
>>> your enter key for 10 seconds to see a neat trick". I didn't do
>>> it. Couldn't close the window normally, had to use task manager
>>> to do it.
>>>
>>> Ring any bells with anyone? TIA

>>
>> http://www.google.com/groups?as_epq=...om&safe=images
>> &ie=ISO-8859-1&as_scoring=d&lr=&num=100&hl=en
>>
>>
>> Your shorter link is: http://makeashorterlink.com/?P29622EB6

>
>I like TinyURL better because you don't pitstop at their stie.


That is why TinyURL is open to abuse, and precisely the reason
why I won't use it. I won't click on a TinyURL link without checking
the raw code first, unless I can *absolutely* trust the person
providing the link.

><snerk>
>
>Boy, this problem seems nasty. Not destructive, just a pain in the
>hignie.


--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
=?ISO-8859-1?Q?R=F4g=EAr?=
Guest
Posts: n/a
 
      12-08-2003
bjones wrote:
> Don't know much about these but one seemed to pop up out of nowhere on my pc
> this morning while surfing cnn.com
>
> http://object.passthison.com/console/home.html
>
> It showed in an IExplore browser window, no tool bars, all red screen with a
> small window in the middle which said "Hold down your enter key for 10
> seconds to see a neat trick". I didn't do it. Couldn't close the window
> normally, had to use task manager to do it.
>
> Ring any bells with anyone? TIA


Okay, I went there, tried holding down the enter key for ten seconds but
could tell it was paging through a series of messages. At the end
nothing happened. So I went there again and pressed the enter button
just once and the message changed to "You must hold the Enter button for
10 seconds or this won't work" and it then went through various other
nonsense messages. Nothing whatsoever happened. Well, my beer seemed a
little warmer when I was done but I'm not convinced there is a direct
link. My homepage is still www.google.com by the way. But I'm betting
░Mike░ is right.

 
Reply With Quote
 
░Mike░
Guest
Posts: n/a
 
      12-08-2003
On Sun, 07 Dec 2003 21:13:33 -0500, in
<(E-Mail Removed)>
R˘gŕr scrawled:

>bjones wrote:
>> Don't know much about these but one seemed to pop up out of nowhere on my pc
>> this morning while surfing cnn.com
>>
>> http://object.passthison.com/console/home.html
>>
>> It showed in an IExplore browser window, no tool bars, all red screen with a
>> small window in the middle which said "Hold down your enter key for 10
>> seconds to see a neat trick". I didn't do it. Couldn't close the window
>> normally, had to use task manager to do it.
>>
>> Ring any bells with anyone? TIA

>
>Okay, I went there, tried holding down the enter key for ten seconds but
>could tell it was paging through a series of messages. At the end
>nothing happened. So I went there again and pressed the enter button
>just once and the message changed to "You must hold the Enter button for
>10 seconds or this won't work" and it then went through various other
>nonsense messages. Nothing whatsoever happened. Well, my beer seemed a
>little warmer when I was done but I'm not convinced there is a direct
>link. My homepage is still www.google.com by the way. But I'm betting
>░Mike░ is right.


If you've got SpyBot S&D, or Spyware Blaster installed, and/or
have your home page protected from change, that's why nothing
happened.

I tested the script with my home page not protected. I have
Startup Monitor installed, which caught it in it's tracks trying to
change the home page.

--
STGP, OGPE24HSHD
 
Reply With Quote
 
Donald
Guest
Posts: n/a
 
      12-08-2003
By chance do you use icq 2003b? happend to me every time I opend my icq
went back to icq 2003a it stoped
"bjones" <(E-Mail Removed)> wrote in message
news:vGPAb.11066$(E-Mail Removed).. .
> Don't know much about these but one seemed to pop up out of nowhere on my

pc
> this morning while surfing cnn.com
>
> http://object.passthison.com/console/home.html
>
> It showed in an IExplore browser window, no tool bars, all red screen with

a
> small window in the middle which said "Hold down your enter key for 10
> seconds to see a neat trick". I didn't do it. Couldn't close the window
> normally, had to use task manager to do it.
>
> Ring any bells with anyone? TIA
>
>
>
>



 
Reply With Quote
 
Tim Weaver
Guest
Posts: n/a
 
      12-08-2003
Boomer wrote:
> Tim Weaver, wrote:
>
>> Boomer wrote:

<chop>

>>> Your shorter link is: http://makeashorterlink.com/?P29622EB6

>>
>> I like TinyURL better because you don't pitstop at their stie.

>
> Hush!


Haaa...

>> <snerk>
>>
>> Boy, this problem seems nasty. Not destructive, just a pain in the
>> hignie.

>
> Why do you think I stay on usenet!


You're a fradiecat?

> Some weird stuff out there on the
> www! Scary!


Yep, I was right.

> BTW did you get my e-mail?


I did, thanks. I've been meaning to reply, but was too lazy. Yes, it's
true; I suck.

--
Tim Weaver
PGP Public Key - http://home.comcast.net/~tweaver2000/public_key.html
"I know you think you understand what you thought I said,
but I am not sure that what you heard is not what I meant."
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
malicious script? Jack Mahon HTML 3 03-28-2006 02:05 AM
Malicious TAGS adyda HTML 3 09-25-2005 10:04 AM
ActiveX apologetic Larry Seltzer... "Sun paid for malicious ActiveX code, and Firefox is bad, bad bad baad. please use ActiveX, it's secure and nice!" (ok, the last part is irony on my part) fernando.cassia@gmail.com Java 0 04-16-2005 10:05 PM
preventing malicious user input Stimp ASP .Net 1 09-15-2004 03:25 AM
malicious forged posts in my name miss calm Computer Support 13 08-10-2003 03:18 AM



Advertisments