Malicious websites

Discussion in 'Computer Support' started by bjones, Dec 8, 2003.

  1. bjones

    bjones Guest

    Don't know much about these but one seemed to pop up out of nowhere on my pc
    this morning while surfing cnn.com

    http://object.passthison.com/console/home.html

    It showed in an IExplore browser window, no tool bars, all red screen with a
    small window in the middle which said "Hold down your enter key for 10
    seconds to see a neat trick". I didn't do it. Couldn't close the window
    normally, had to use task manager to do it.

    Ring any bells with anyone? TIA
    bjones, Dec 8, 2003
    #1
    1. Advertising

  2. bjones

    Boomer Guest

    bjones, <> wrote:

    > Don't know much about these but one seemed to pop up out of
    > nowhere on my pc this morning while surfing cnn.com
    >
    > http://object.passthison.com/console/home.html
    >
    > It showed in an IExplore browser window, no tool bars, all red
    > screen with a small window in the middle which said "Hold down
    > your enter key for 10 seconds to see a neat trick". I didn't do
    > it. Couldn't close the window normally, had to use task manager
    > to do it.
    >
    > Ring any bells with anyone? TIA


    http://www.google.com/groups?as_epq=object.passthison.com&safe=images
    &ie=ISO-8859-1&as_scoring=d&lr=&num=100&hl=en


    Your shorter link is: http://makeashorterlink.com/?P29622EB6
    Boomer, Dec 8, 2003
    #2
    1. Advertising

  3. bjones

    °Mike° Guest

    It's a home page hijacker, which tricks you into holding down
    the ENTER key, thus pressing "Yes" when asked to change
    your home page. Of course, you probably won't see this, as
    it happens so fast.

    This is the "neat trick" - not a trick, at all, and quite safe:
    http://object.passthison.com/console/Starfield3D.htm


    This is (part of) the raw code for the home hijack page:

    Header Information
    -------------------------
    HTTP/1.1 200 OK
    Age: 16841
    Accept-Ranges: bytes
    Date: Sun, 07 Dec 2003 20:01:50 GMT
    Content-Length: 3781
    Content-Type: text/html
    Server: Apache/1.3.26 (Unix)
    Last-Modified: Sat, 06 Dec 2003 21:47:21 GMT
    ETag: "a2406-ec5-3fd24e69"
    Via: 1.1 webcacheB03 (NetCache NetApp/5.2.1R3)

    Page Data
    -------------------------
    <HTML XMLNS:IE>
    <head>
    <title>Windows</title>
    <STYLE>
    @media all {
    IE\:HOMEPAGE {behavior:url(#default#homepage)}
    }
    </STYLE>
    <IE:HOMEPAGE ID="homepage" />
    <script language=Javascript>
    function pop(){
    var expdate = new Date((new Date()).getTime() + 172800000);
    if (-1 == -1) {
    document.cookie="home=general; expires=" + expdate.toGMTString() + "; path=/;";

    if(ie){ homepage.setHomePage("http://xxxxxxx-xxxxxxxx-xxxxxxx.xxx/xxxxx.xxx?xxxxxxxx");
    }
    }
    //self.close();
    }
    var ie = false;
    var ns = false;
    if(parseInt(navigator.appVersion) >= 4){
    if(navigator.appName.indexOf("crosoft") != -1) ie = true;
    if(navigator.appName.indexOf("etscape") != -1) ns = true;
    }
    </script>
    </head>
    <body bgcolor=red leftborder=0 topborder=0 borderleft=0 bordertop=0>
    <script language=javascript>
    <!--
    var agt=navigator.userAgent.toLowerCase();
    var is_ie = (agt.indexOf("msie") != -1);
    var is_aol = (agt.indexOf("aol") != -1);
    if (!is_aol) {
    self.moveTo(0,0);
    self.resizeTo(screen.availWidth,screen.availHeight);
    }
    //-->
    </script>

    <Script snipped>

    window.open('Starfield3D.htm');
    self.close();
    </script>
    </body>
    </html>


    On Sun, 7 Dec 2003 19:35:56 -0500, in
    <vGPAb.11066$>
    bjones scrawled:

    >Don't know much about these but one seemed to pop up out of
    >nowhere on my pc this morning while surfing cnn.com
    >
    >http://object.passthison.com/console/home.html
    >
    >It showed in an IExplore browser window, no tool bars, all red
    >screen with a small window in the middle which said "Hold down
    >your enter key for 10 seconds to see a neat trick". I didn't do it.
    >Couldn't close the window normally, had to use task manager to
    >do it.
    >
    >Ring any bells with anyone? TIA
    >
    >
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Dec 8, 2003
    #3
  4. bjones

    Tim Weaver Guest

    Boomer wrote:
    > bjones, <> wrote:
    >
    >> Don't know much about these but one seemed to pop up out of
    >> nowhere on my pc this morning while surfing cnn.com
    >>
    >> http://object.passthison.com/console/home.html
    >>
    >> It showed in an IExplore browser window, no tool bars, all red
    >> screen with a small window in the middle which said "Hold down
    >> your enter key for 10 seconds to see a neat trick". I didn't do
    >> it. Couldn't close the window normally, had to use task manager
    >> to do it.
    >>
    >> Ring any bells with anyone? TIA

    >
    > http://www.google.com/groups?as_epq=object.passthison.com&safe=images
    > &ie=ISO-8859-1&as_scoring=d&lr=&num=100&hl=en
    >
    >
    > Your shorter link is: http://makeashorterlink.com/?P29622EB6


    I like TinyURL better because you don't pitstop at their stie.

    <snerk>

    Boy, this problem seems nasty. Not destructive, just a pain in the
    hignie.

    --
    Tim Weaver
    PGP Public Key - http://home.comcast.net/~tweaver2000/public_key.html
    "I know you think you understand what you thought I said,
    but I am not sure that what you heard is not what I meant."
    Tim Weaver, Dec 8, 2003
    #4
  5. bjones

    Boomer Guest

    Tim Weaver, <tim_m_weaver(REMOVE_THIS)> wrote:

    > Boomer wrote:
    >> bjones, <> wrote:
    >>
    >>> Don't know much about these but one seemed to pop up out of
    >>> nowhere on my pc this morning while surfing cnn.com
    >>>
    >>> http://object.passthison.com/console/home.html
    >>>
    >>> It showed in an IExplore browser window, no tool bars, all red
    >>> screen with a small window in the middle which said "Hold down
    >>> your enter key for 10 seconds to see a neat trick". I didn't
    >>> do it. Couldn't close the window normally, had to use task
    >>> manager to do it.
    >>>
    >>> Ring any bells with anyone? TIA

    >>
    >> http://www.google.com/groups?as_epq=object.passthison.com&safe=i
    >> mages &ie=ISO-8859-1&as_scoring=d&lr=&num=100&hl=en
    >>
    >>
    >> Your shorter link is: http://makeashorterlink.com/?P29622EB6

    >
    > I like TinyURL better because you don't pitstop at their stie.


    Hush! ;)
    >
    > <snerk>
    >
    > Boy, this problem seems nasty. Not destructive, just a pain in
    > the hignie.


    Why do you think I stay on usenet! Some weird stuff out there on the
    www! Scary!

    BTW did you get my e-mail?
    Boomer, Dec 8, 2003
    #5
  6. bjones

    °Mike° Guest

    On 8 Dec 2003 01:16:17 GMT, in
    <-berlin.de>
    Tim Weaver <tim_m_weaver(REMOVE_THIS)> scrawled:

    >Boomer wrote:
    >> bjones, <> wrote:
    >>
    >>> Don't know much about these but one seemed to pop up out of
    >>> nowhere on my pc this morning while surfing cnn.com
    >>>
    >>> http://object.passthison.com/console/home.html
    >>>
    >>> It showed in an IExplore browser window, no tool bars, all red
    >>> screen with a small window in the middle which said "Hold down
    >>> your enter key for 10 seconds to see a neat trick". I didn't do
    >>> it. Couldn't close the window normally, had to use task manager
    >>> to do it.
    >>>
    >>> Ring any bells with anyone? TIA

    >>
    >> http://www.google.com/groups?as_epq=object.passthison.com&safe=images
    >> &ie=ISO-8859-1&as_scoring=d&lr=&num=100&hl=en
    >>
    >>
    >> Your shorter link is: http://makeashorterlink.com/?P29622EB6

    >
    >I like TinyURL better because you don't pitstop at their stie.


    That is why TinyURL is open to abuse, and precisely the reason
    why I won't use it. I won't click on a TinyURL link without checking
    the raw code first, unless I can *absolutely* trust the person
    providing the link.

    ><snerk>
    >
    >Boy, this problem seems nasty. Not destructive, just a pain in the
    >hignie.


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Dec 8, 2003
    #6
  7. bjones wrote:
    > Don't know much about these but one seemed to pop up out of nowhere on my pc
    > this morning while surfing cnn.com
    >
    > http://object.passthison.com/console/home.html
    >
    > It showed in an IExplore browser window, no tool bars, all red screen with a
    > small window in the middle which said "Hold down your enter key for 10
    > seconds to see a neat trick". I didn't do it. Couldn't close the window
    > normally, had to use task manager to do it.
    >
    > Ring any bells with anyone? TIA


    Okay, I went there, tried holding down the enter key for ten seconds but
    could tell it was paging through a series of messages. At the end
    nothing happened. So I went there again and pressed the enter button
    just once and the message changed to "You must hold the Enter button for
    10 seconds or this won't work" and it then went through various other
    nonsense messages. Nothing whatsoever happened. Well, my beer seemed a
    little warmer when I was done but I'm not convinced there is a direct
    link. My homepage is still www.google.com by the way. But I'm betting
    °Mike° is right.
    =?ISO-8859-1?Q?R=F4g=EAr?=, Dec 8, 2003
    #7
  8. bjones

    °Mike° Guest

    On Sun, 07 Dec 2003 21:13:33 -0500, in
    <>
    Rôgêr scrawled:

    >bjones wrote:
    >> Don't know much about these but one seemed to pop up out of nowhere on my pc
    >> this morning while surfing cnn.com
    >>
    >> http://object.passthison.com/console/home.html
    >>
    >> It showed in an IExplore browser window, no tool bars, all red screen with a
    >> small window in the middle which said "Hold down your enter key for 10
    >> seconds to see a neat trick". I didn't do it. Couldn't close the window
    >> normally, had to use task manager to do it.
    >>
    >> Ring any bells with anyone? TIA

    >
    >Okay, I went there, tried holding down the enter key for ten seconds but
    >could tell it was paging through a series of messages. At the end
    >nothing happened. So I went there again and pressed the enter button
    >just once and the message changed to "You must hold the Enter button for
    >10 seconds or this won't work" and it then went through various other
    >nonsense messages. Nothing whatsoever happened. Well, my beer seemed a
    >little warmer when I was done but I'm not convinced there is a direct
    >link. My homepage is still www.google.com by the way. But I'm betting
    >°Mike° is right.


    If you've got SpyBot S&D, or Spyware Blaster installed, and/or
    have your home page protected from change, that's why nothing
    happened.

    I tested the script with my home page not protected. I have
    Startup Monitor installed, which caught it in it's tracks trying to
    change the home page.

    --
    STGP, OGPE24HSHD
    °Mike°, Dec 8, 2003
    #8
  9. bjones

    Donald Guest

    By chance do you use icq 2003b? happend to me every time I opend my icq
    went back to icq 2003a it stoped
    "bjones" <> wrote in message
    news:vGPAb.11066$...
    > Don't know much about these but one seemed to pop up out of nowhere on my

    pc
    > this morning while surfing cnn.com
    >
    > http://object.passthison.com/console/home.html
    >
    > It showed in an IExplore browser window, no tool bars, all red screen with

    a
    > small window in the middle which said "Hold down your enter key for 10
    > seconds to see a neat trick". I didn't do it. Couldn't close the window
    > normally, had to use task manager to do it.
    >
    > Ring any bells with anyone? TIA
    >
    >
    >
    >
    Donald, Dec 8, 2003
    #9
  10. bjones

    Tim Weaver Guest

    Boomer wrote:
    > Tim Weaver, wrote:
    >
    >> Boomer wrote:

    <chop>

    >>> Your shorter link is: http://makeashorterlink.com/?P29622EB6

    >>
    >> I like TinyURL better because you don't pitstop at their stie.

    >
    > Hush! ;)


    Haaa...

    >> <snerk>
    >>
    >> Boy, this problem seems nasty. Not destructive, just a pain in the
    >> hignie.

    >
    > Why do you think I stay on usenet!


    You're a fradiecat?

    > Some weird stuff out there on the
    > www! Scary!


    Yep, I was right.

    > BTW did you get my e-mail?


    I did, thanks. I've been meaning to reply, but was too lazy. Yes, it's
    true; I suck.

    --
    Tim Weaver
    PGP Public Key - http://home.comcast.net/~tweaver2000/public_key.html
    "I know you think you understand what you thought I said,
    but I am not sure that what you heard is not what I meant."
    Tim Weaver, Dec 8, 2003
    #10
  11. bjones

    Richard Guest

    bjones! wrote:

    > Don't know much about these but one seemed to pop up out of nowhere on my
    > pc this morning while surfing cnn.com


    > http://object.passthison.com/console/home.html


    > It showed in an IExplore browser window, no tool bars, all red screen
    > with a small window in the middle which said "Hold down your enter key
    > for 10 seconds to see a neat trick". I didn't do it. Couldn't close the
    > window normally, had to use task manager to do it.


    > Ring any bells with anyone? TIA



    Got the same thing the other night. Probably comes from one of those things
    that gives you a bunch of spam on exit or on a click.
    Used my "crazy browser" on the same site and was not effected.

    By the way, passthison.com is owned and operated by none other than the
    "king of spam", Sanford "spamford" Wallace. He is the one credited with
    giving junk e-mail the name "spam".

    www.crazybrowser.com
    plugin for IE which stops ALL popups and stuff like that.
    No need to keep or maintain a list, it just does the job.
    Richard, Dec 8, 2003
    #11
  12. bjones

    Richard Guest

    °Mike°! wrote:

    > It's a home page hijacker, which tricks you into holding down
    > the ENTER key, thus pressing "Yes" when asked to change
    > your home page. Of course, you probably won't see this, as
    > it happens so fast.


    > This is the "neat trick" - not a trick, at all, and quite safe:
    > http://object.passthison.com/console/Starfield3D.htm


    I could care less. www.crazybrowser.com install the plug in and say goodbye
    to popups and thieves.
    BTW, it failed to take over my homepage. And I have JS turned on.
    Even if they manage to do that, it'll be gone once I clean it out.
    Richard, Dec 8, 2003
    #12
  13. bjones

    Richard Guest

    Rôgêr! wrote:

    > bjones wrote:
    >> Don't know much about these but one seemed to pop up out of nowhere on
    >> my pc this morning while surfing
    >>cnn.com http://object.passthison.com/console/home.html It showed in an
    >>IExplore browser window, no tool bars, all red screen with a small window
    >>in the middle which said "Hold down your enter key for 10 seconds to see
    >>a neat trick". I didn't do it. Couldn't close the window normally, had to
    >>use task manager to do it. Ring any bells with anyone? TIA


    > Okay, I went there, tried holding down the enter key for ten seconds but
    > could tell it was paging through a series of messages. At the end
    > nothing happened. So I went there again and pressed the enter button
    > just once and the message changed to "You must hold the Enter button for
    > 10 seconds or this won't work" and it then went through various other
    > nonsense messages. Nothing whatsoever happened. Well, my beer seemed a
    > little warmer when I was done but I'm not convinced there is a direct
    > link. My homepage is still www.google.com by the way. But I'm betting
    > °Mike° is right.


    Tonight was different. Clicked the link above and got met with the expected
    "trick".
    All of a sudden I get a bunch of windows, notepad opens, and even the cd
    tray opens.
    Ok. That's actually ancient stupid tricks department.
    So it takes over your homepage. No BFD. Reset your homepage as you had it.

    Plugged the same link into my "crazy browser" version of IE, and zapped it
    all.
    Absolutely nothing worked after holding the enter key down for 10 seconds.
    It just wound up at a blank page.

    www.crazybrowser.com
    Richard, Dec 8, 2003
    #13
  14. bjones

    °Mike° Guest

    On Mon, 8 Dec 2003 02:08:22 -0600, in
    <>
    Richard scrawled:

    > °Mike°! wrote:
    >
    > > It's a home page hijacker, which tricks you into holding down
    > > the ENTER key, thus pressing "Yes" when asked to change
    > > your home page. Of course, you probably won't see this, as
    > > it happens so fast.

    >
    > > This is the "neat trick" - not a trick, at all, and quite safe:
    > > http://object.passthison.com/console/Starfield3D.htm

    >
    >I could care less.


    And I could care even less about what you have to say.

    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Dec 8, 2003
    #14
  15. bjones

    M Mullen Guest

    On Mon, 8 Dec 2003 02:05:19 -0600, "Richard" <anonymous@127.000> wrote:
    (E-mail sent if a reply)

    |>
    |> By the way, passthison.com is owned and operated by none other than the
    |> "king of spam", Sanford "spamford" Wallace. He is the one credited with
    |> giving junk e-mail the name "spam".

    Na he may be called SPAMford but it was a Monty Python skit that gave us Spam.
    --
    ,,
    ( "> w
    ,(> )>| Time flies like an arrow. Fruit flies like a banana.
    ( ^^ ' -- Groucho Marx
    M Mullen, Dec 8, 2003
    #15
  16. bjones

    trout Guest

    °Mike° wrote:

    > On Sun, 07 Dec 2003 21:13:33 -0500, in
    > <>
    > Rôgêr scrawled:
    >
    >> bjones wrote:
    >>> Don't know much about these but one seemed to pop up out of nowhere
    >>> on my pc this morning while surfing cnn.com
    >>>
    >>> http://object.passthison.com/console/home.html
    >>>
    >>> It showed in an IExplore browser window, no tool bars, all red
    >>> screen with a small window in the middle which said "Hold down your
    >>> enter key for 10 seconds to see a neat trick". I didn't do it.
    >>> Couldn't close the window normally, had to use task manager to do
    >>> it.
    >>>
    >>> Ring any bells with anyone? TIA

    >>
    >> Okay, I went there, tried holding down the enter key for ten seconds
    >> but could tell it was paging through a series of messages. At the end
    >> nothing happened. So I went there again and pressed the enter button
    >> just once and the message changed to "You must hold the Enter button
    >> for 10 seconds or this won't work" and it then went through various
    >> other nonsense messages. Nothing whatsoever happened. Well, my beer
    >> seemed a
    >> little warmer when I was done but I'm not convinced there is a direct
    >> link. My homepage is still www.google.com by the way. But I'm betting
    >> °Mike° is right.

    >
    > If you've got SpyBot S&D, or Spyware Blaster installed, and/or
    > have your home page protected from change, that's why nothing
    > happened.
    >
    > I tested the script with my home page not protected. I have
    > Startup Monitor installed, which caught it in it's tracks trying to
    > change the home page.


    Interesting. I have the homepage protection checked in a couple of
    programs, so it was like a little derby to see which would catch it. In
    this case, it was SpywareGuard.
    Other than that, WinPatrol told me I'd accepted a cookie; which I
    dumped.
    --
    "Although, in future, I think I'll leave these to the OGP."
    trout, Dec 8, 2003
    #16
  17. bjones

    °Mike° Guest

    On Mon, 8 Dec 2003 14:47:03 -0800, in
    <br2v21$27r4hq$-berlin.de>
    trout scrawled:

    >°Mike° wrote:


    <snip>

    >> I tested the script with my home page not protected. I have
    >> Startup Monitor installed, which caught it in it's tracks trying to
    >> change the home page.

    >
    > Interesting. I have the homepage protection checked in a couple of
    >programs, so it was like a little derby to see which would catch it. In
    >this case, it was SpywareGuard.
    > Other than that, WinPatrol told me I'd accepted a cookie; which I
    >dumped.


    Doesn't WinPatrol have a delay in checking/reporting?

    --
    "Talk about handicaps!"
    °Mike°, Dec 9, 2003
    #17
  18. bjones

    trout Guest

    °Mike° wrote:

    > On Mon, 8 Dec 2003 14:47:03 -0800, in
    > <br2v21$27r4hq$-berlin.de>
    > trout scrawled:
    >
    >> °Mike° wrote:

    >
    > <snip>
    >
    >>> I tested the script with my home page not protected. I have
    >>> Startup Monitor installed, which caught it in it's tracks trying to
    >>> change the home page.

    >>
    >> Interesting. I have the homepage protection checked in a couple of
    >> programs, so it was like a little derby to see which would catch it.
    >> In this case, it was SpywareGuard.
    >> Other than that, WinPatrol told me I'd accepted a cookie; which I
    >> dumped.

    >
    > Doesn't WinPatrol have a delay in checking/reporting?


    Yeah; it's user-defined. Mine's set for three minutes. (Or you can
    block a site, completely). Since I have IE set to prompt for cookies;
    this usually isn't a factor.
    It's usually about the right amount of time to get done whatever I'm
    doing to get connected to the few sites where I'm forced to accept
    cookies.
    --
    "Going more for the 'transparent'; rather than 'automatic' for this."
    trout, Dec 9, 2003
    #18
  19. "trout" <> writes:

    > It's usually about the right amount of time to get done whatever I'm
    > doing to get connected to the few sites where I'm forced to accept
    > cookies.


    I don't mind cookies now. I never accept 3rd-party cookies, I can get
    warned before accepting any, and if I'm so inlcined I can tell my
    browser to expire them at the end of a session. Put that together with
    cleaning my cache on bootup (in W2K), and I don'r consider them that
    much of a threat. Plus, there ain't a whole lot of spyware written for
    Linux yet, anyway.

    --
    Registered Linux User 297164
    GPG Key ID 1B1B6A1D5A2407C3
    Noho ora mai, ka kite ano
    http://maxqnz.com/References.html
    Max Quordlepleen, Dec 9, 2003
    #19
  20. bjones

    trout Guest

    Max Quordlepleen wrote:

    > "trout" <> writes:
    >
    >> It's usually about the right amount of time to get done whatever I'm
    >> doing to get connected to the few sites where I'm forced to accept
    >> cookies.

    >
    > I don't mind cookies now. I never accept 3rd-party cookies, I can get
    > warned before accepting any, and if I'm so inlcined I can tell my
    > browser to expire them at the end of a session. Put that together with
    > cleaning my cache on bootup (in W2K), and I don'r consider them that
    > much of a threat. Plus, there ain't a whole lot of spyware written for
    > Linux yet, anyway.


    It's not so much that I consider them a 'threat' so much as
    belonging to the broad category of "Stuff other people want to do with
    my machine", that I object to; on general, if vague principal.
    I also don't accept third-party cookies (IE setting); and have a
    bristling array of programs that monitor for system changes, should an
    interloper sneak through, intent on mischief.
    And yes; I *like* it that way.
    --
    "I wouldn't enjoy a car that drives itself."
    trout, Dec 9, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. miss calm

    malicious forged posts in my name

    miss calm, Aug 6, 2003, in forum: Computer Support
    Replies:
    13
    Views:
    654
    Mellowed
    Aug 10, 2003
  2. Ionizer

    Malicious JPEG vulnerability

    Ionizer, Sep 16, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    564
    Ionizer
    Sep 17, 2004
  3. boomo

    please help, malicious file, i think

    boomo, May 15, 2005, in forum: Computer Support
    Replies:
    13
    Views:
    961
    ellis_jay
    May 18, 2005
  4. John Schutkeker

    Is this a malicious e-mail?

    John Schutkeker, Jun 10, 2005, in forum: Computer Support
    Replies:
    24
    Views:
    850
    Scraggy
    Jun 18, 2005
  5. Andrew G

    Malicious Excel or Powerpoint Macros

    Andrew G, Aug 18, 2003, in forum: Computer Security
    Replies:
    1
    Views:
    1,061
    Bit Twister
    Aug 18, 2003
Loading...

Share This Page