[65537] in North American Network Operators' Group
RE: Google-jacking?
daemon@ATHENA.MIT.EDU (Eric Pylko)
Mon Dec 1 15:49:00 2003
From: "Eric Pylko" <eric@infinitenetworks.us>
To: <nanog@merit.edu>
Date: Mon, 1 Dec 2003 15:45:31 -0500
In-Reply-To: <Pine.LNX.4.50.0312011503300.5905-100000@ordinaryworld.com>
Errors-To: owner-nanog-outgoing@merit.edu
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf =
Of
> Dave Temkin
> Sent: Monday, December 01, 2003 3:08 PM
> To: nanog@merit.edu
> Subject: Re: Google-jacking?
>=20
>=20
> FWIW, it's not a virus, it's something infrastructure related. All of =
the
> systems that I've seen this on have all the latest DAT's and the proxy
> servers it sits behind are virus scanning as well (for both email and =
web)
> and use alternate vendors
This is an Active-X exploit. It makes changes to your registry and DNS
which is why you can't get to google. There are some other sites it =
munges
too.
If you can get to google on a working machine, search for the site that =
the
infected machines are redirecting to and you'll find out how to fix your
systems. Here's one of the URLs it returns:
http://www.imilly.com/google.htm
-Eric
>=20
> On Mon, 1 Dec 2003, Dave Temkin wrote:
>=20
> > Has anyone seen a situation on their internal networks where going =
to a
> > (non-Google) page "Hijacks" them and they end up with either the =
Google
> > front page or a broken link page?
> >
> > This happens on machines both with the toolbar and without, and =
we've
> > seen it on machines on different networks/running different OS's.
> >
> > Just curious.
> > Thanks,
> > -Dave
> >
