Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > New malware

Reply
Thread Tools

New malware

 
 
Fred Dagg
Guest
Posts: n/a
 
      12-02-2006
I've just come across some nasty new malware infecting several
independent machines.

It redirects websites (google, etc) to advertising sites. Whilst not
particularly new or exciting, the interesting thing is that it happens
on any browser.

HOSTS and DNS are fine, and NSLOOKUP returns the correct IP address.
Just visiting the site redirects it.

None of the usual tools knew anything about it.

We managed to clean them all by clearing out lots of suspicious
things, but the techie who worked on them didn't keep good records,
and hence we're none the wiser on what it was or which specific
processes/temp files etc were causing it.

Anyone come across this before?
 
Reply With Quote
 
 
 
 
David Empson
Guest
Posts: n/a
 
      12-02-2006
Fred Dagg <(E-Mail Removed)> wrote:

> I've just come across some nasty new malware infecting several
> independent machines.
>
> It redirects websites (google, etc) to advertising sites. Whilst not
> particularly new or exciting, the interesting thing is that it happens
> on any browser.
>
> HOSTS and DNS are fine, and NSLOOKUP returns the correct IP address.
> Just visiting the site redirects it.


Perhaps the malware set up a web proxy (probably running on the same
computer). Does your OS (presumably Windows) have system-wide
configuration for this, which is recognised by all web browsers?

A proxy server can do anything it likes to redirect an HTTP request to
different servers or ports, or it can service a request itself (e.g. a
web cache). DNS isn't affected.

Some firewalls might also be configurable in a similar way to redirect
outgoing requests to a specific port so they are serviced by a process
on the computer, which can then do anything it likes.

--
David Empson
http://www.velocityreviews.com/forums/(E-Mail Removed)
 
Reply With Quote
 
 
 
 
jasen
Guest
Posts: n/a
 
      12-02-2006
On 2006-12-02, Fred Dagg <(E-Mail Removed)> wrote:
> I've just come across some nasty new malware infecting several
> independent machines.
>
> It redirects websites (google, etc) to advertising sites. Whilst not
> particularly new or exciting, the interesting thing is that it happens
> on any browser.
>
> HOSTS and DNS are fine, and NSLOOKUP returns the correct IP address.
> Just visiting the site redirects it.
>
> None of the usual tools knew anything about it.
>
> We managed to clean them all by clearing out lots of suspicious
> things, but the techie who worked on them didn't keep good records,
> and hence we're none the wiser on what it was or which specific
> processes/temp files etc were causing it.
>
> Anyone come across this before?


not I,

Could be it intercepted outbound HTTP connects and gave fake
redirect responses to specific requests.



--

Bye.
Jasen
 
Reply With Quote
 
Fred Dagg
Guest
Posts: n/a
 
      12-02-2006
On 2 Dec 2006 07:50:23 GMT, jasen <(E-Mail Removed)> exclaimed:

>On 2006-12-02, Fred Dagg <(E-Mail Removed)> wrote:
>> I've just come across some nasty new malware infecting several
>> independent machines.
>>
>> It redirects websites (google, etc) to advertising sites. Whilst not
>> particularly new or exciting, the interesting thing is that it happens
>> on any browser.
>>
>> HOSTS and DNS are fine, and NSLOOKUP returns the correct IP address.
>> Just visiting the site redirects it.
>>
>> None of the usual tools knew anything about it.
>>
>> We managed to clean them all by clearing out lots of suspicious
>> things, but the techie who worked on them didn't keep good records,
>> and hence we're none the wiser on what it was or which specific
>> processes/temp files etc were causing it.
>>
>> Anyone come across this before?

>
>not I,
>
>Could be it intercepted outbound HTTP connects and gave fake
>redirect responses to specific requests.


That seems to be the case. Everything seemed to check out, though.

Very odd.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASUS ships malware with new PCs Max Wachtel Computer Support 3 10-15-2008 04:27 PM
Digest : MySQL Security Updates & McAfee's New Mac OS X Malware Whitepaper MacSecurityNews Computer Security 2 05-05-2006 02:30 AM
Malware Echuca Firefox 1 10-26-2004 07:09 AM
Malware Jaypie Computer Support 5 04-17-2004 03:43 AM
anti malware software EDWARD DOYLE Computer Support 3 04-15-2004 04:35 PM



Advertisments