My browser has been hijacked

RPG Advocate · 21st September 2003, 03:16 PM

The default "not found" page that Internet Explorer uses when a URL is typed incorrectly has been hijacked by a company called "VeriSign". Spybot, Ad-Aware, and HijackThis can't seem to find any spyware that is causing the problem.

Anyone know where the spyware/malware that could have caused this came from?

roger · 21st September 2003, 03:41 PM

Actually, this is not a browser hijack. It's more sinister than that.
Verisign has actually implemented a wildcard search that captures any mistaken URL that you typed in and redirects it to their site. There ain't nuttin to be done about it (on a personal level), as far as I can tell.

You can read more about it here and here

ShowMe · 22nd September 2003, 07:17 AM

Quote:

Originally posted by roger
Actually, this is not a browser hijack. It's more sinister than that.
Verisign has actually implemented a wildcard search that captures any mistaken URL that you typed in and redirects it to their site. There ain't nuttin to be done about it (on a personal level), as far as I can tell.

Not on a personal level, but if you run your own DNS you can update your BIND.

Or complain to your ISP and see if you can ge tthem to update. With a small service it shouldn't be much of a problem, but there more people you have using the DNS the messier it can become, so some ISP's may shy away from any upgrades unless it's absolutely required.

It's not really going to be "sinister" to most folks. Instead of getting a "not found" error they will be redirected to a Verisign web site that lists names that are close. The web site also has paid advertisements on it, which generate revenue for Verisign, which seems to be the biggest point of contention.

For the *average* user it's not going to make a bit of difference, other than some folks being initially concerned (such as the original poster).

roger · 22nd September 2003, 12:54 PM

Well, the IAB has posted an extensive list of problems that this can cause. I'm not knowledgeable enough in this area of computers to judge all aspects of it. I stick to C++, and don't dabble in networks much.

LFTKBS · 22nd September 2003, 03:48 PM

ShowMe - for the average user, it can cause quite a few problems, notably a) that spam with a forged domain will resolve, bypassing a method that antispam software uses, and b) any mail that you send to an incorrect domain can potentially be 'harvested' by Verisign's servers.

Things that are bad for admins are usually bad for end users.

I now consider Versign's site certificates worthless. They are very, very bad people.

ShowMe · 22nd September 2003, 06:17 PM

Quote:

Originally posted by LFTKBS
ShowMe - for the average user, it can cause quite a few problems, notably a) that spam with a forged domain will resolve, bypassing a method that antispam software uses, and b) any mail that you send to an incorrect domain can potentially be 'harvested' by Verisign's servers.

Things that are bad for admins are usually bad for end users.

I now consider Versign's site certificates worthless. They are very, very bad people.

The average user (ie, my mom) will never notice this.

Don't get me wrong...from a technical perspective what Verisign has done is incomprehensible. It's no wonder they did it in secret.

But my Aunt Patricia will never notice any difference in her day to day using of the Internet.

I'm willing to bet Verisign is going to get slapped pretty hard for this.

Eos of the Eons · 24th September 2003, 08:30 PM

I posted a link for my site for my daughter's pictures, but it was missing something. I posted it on a mommy site. Everyone got directed to porn

I fixed it right away, but I think the other ladies were wondering what I was up to for a few minutes.

The Fool · 25th September 2003, 11:28 PM

can you PM me the porn URL?

Eos of the Eons · 26th September 2003, 06:04 PM

lol! Just type in something wrong when using explorer and

http://www.hostultra.com/....

Checkmite · 27th September 2003, 06:06 AM

Quote:

Originally posted by Eos of the Eons
lol! Just type in something wrong when using explorer and

http://www.hostultra.com/....

Not enough pop ups!

Eos of the Eons · 27th September 2003, 01:06 PM

Not enough porn pop ups you mean?

I don't remember the exact mistake that lead to all the porn spam.

21st September 2003, 03:16 PM	#1
RPG Advocate Critical Thinker Join Date: Sep 2002 Posts: 279	My browser has been hijacked The default "not found" page that Internet Explorer uses when a URL is typed incorrectly has been hijacked by a company called "VeriSign". Spybot, Ad-Aware, and HijackThis can't seem to find any spyware that is causing the problem. Anyone know where the spyware/malware that could have caused this came from?

22nd September 2003, 07:17 AM	#3
ShowMe Graduate Poster Join Date: Jul 2001 Posts: 1,201	Quote: Originally posted by roger Actually, this is not a browser hijack. It's more sinister than that. Verisign has actually implemented a wildcard search that captures any mistaken URL that you typed in and redirects it to their site. There ain't nuttin to be done about it (on a personal level), as far as I can tell. Not on a personal level, but if you run your own DNS you can update your BIND. Or complain to your ISP and see if you can ge tthem to update. With a small service it shouldn't be much of a problem, but there more people you have using the DNS the messier it can become, so some ISP's may shy away from any upgrades unless it's absolutely required. It's not really going to be "sinister" to most folks. Instead of getting a "not found" error they will be redirected to a Verisign web site that lists names that are close. The web site also has paid advertisements on it, which generate revenue for Verisign, which seems to be the biggest point of contention. For the average user it's not going to make a bit of difference, other than some folks being initially concerned (such as the original poster).
ShowMe Graduate Poster Join Date: Jul 2001 Posts: 1,201	__________________ "One wonders how one augur may pass another in the street without laughing." -Marcus Porcius Cato, 2nd Century B.C. referring to the fortune tellers of his time "I could tell you that it is because I don't want The Language Award to appear too cliqueish. But I won't. 'Cause you're not one of the cool people." - Tricky

22nd September 2003, 03:48 PM	#5
LFTKBS Muse Join Date: Aug 2003 Posts: 977	ShowMe - for the average user, it can cause quite a few problems, notably a) that spam with a forged domain will resolve, bypassing a method that antispam software uses, and b) any mail that you send to an incorrect domain can potentially be 'harvested' by Verisign's servers. Things that are bad for admins are usually bad for end users. I now consider Versign's site certificates worthless. They are very, very bad people.
LFTKBS Muse Join Date: Aug 2003 Posts: 977

22nd September 2003, 06:17 PM	#6
ShowMe Graduate Poster Join Date: Jul 2001 Posts: 1,201	Quote: Originally posted by LFTKBS ShowMe - for the average user, it can cause quite a few problems, notably a) that spam with a forged domain will resolve, bypassing a method that antispam software uses, and b) any mail that you send to an incorrect domain can potentially be 'harvested' by Verisign's servers. Things that are bad for admins are usually bad for end users. I now consider Versign's site certificates worthless. They are very, very bad people. The average user (ie, my mom) will never notice this. Don't get me wrong...from a technical perspective what Verisign has done is incomprehensible. It's no wonder they did it in secret. But my Aunt Patricia will never notice any difference in her day to day using of the Internet. I'm willing to bet Verisign is going to get slapped pretty hard for this.
ShowMe Graduate Poster Join Date: Jul 2001 Posts: 1,201	__________________ "One wonders how one augur may pass another in the street without laughing." -Marcus Porcius Cato, 2nd Century B.C. referring to the fortune tellers of his time "I could tell you that it is because I don't want The Language Award to appear too cliqueish. But I won't. 'Cause you're not one of the cool people." - Tricky

24th September 2003, 08:30 PM	#7
Eos of the Eons Mad Scientist Join Date: Jul 2003 Location: Alberta Posts: 13,894	I posted a link for my site for my daughter's pictures, but it was missing something. I posted it on a mommy site. Everyone got directed to porn I fixed it right away, but I think the other ladies were wondering what I was up to for a few minutes.
	__________________ Motion affecting a measuring device does not affect what is actually being measured, except to inaccurately measure it. the immaterial world doesn't matter, cause it ain't matter-Jeff Corey my karma ran over my dogma-vbloke The Lateral Truth: An Apostate's Bible Stories by Rebecca Bradley, read it!

21st September 2003, 03:41 PM	#2
roger Penultimate Amazing Join Date: May 2002 Location: Mountain View, CA Posts: 11,021	Actually, this is not a browser hijack. It's more sinister than that. Verisign has actually implemented a wildcard search that captures any mistaken URL that you typed in and redirects it to their site. There ain't nuttin to be done about it (on a personal level), as far as I can tell. You can read more about it here and here

22nd September 2003, 12:54 PM	#4
roger Penultimate Amazing Join Date: May 2002 Location: Mountain View, CA Posts: 11,021	Well, the IAB has posted an extensive list of problems that this can cause. I'm not knowledgeable enough in this area of computers to judge all aspects of it. I stick to C++, and don't dabble in networks much.

25th September 2003, 11:28 PM	#8
The Fool Penultimate Amazing Join Date: Jul 2002 Location: Australia Posts: 11,558	can you PM me the porn URL?
	__________________ And what is good, Phaedrus,and what is not good. Need we ask anyone to tell us these things? R. M. Pirsig. (Zen and the art of motorcycle maintenance) Lose half your IQ....Ask me how.

26th September 2003, 06:04 PM	#9
Eos of the Eons Mad Scientist Join Date: Jul 2003 Location: Alberta Posts: 13,894	lol! Just type in something wrong when using explorer and http://www.hostultra.com/....
	__________________ Motion affecting a measuring device does not affect what is actually being measured, except to inaccurately measure it. the immaterial world doesn't matter, cause it ain't matter-Jeff Corey my karma ran over my dogma-vbloke The Lateral Truth: An Apostate's Bible Stories by Rebecca Bradley, read it!

27th September 2003, 06:06 AM	#10
Checkmite Skepticifimisticalationist Join Date: Jun 2002 Location: Third in line Posts: 14,875	Quote: Originally posted by Eos of the Eons lol! Just type in something wrong when using explorer and http://www.hostultra.com/.... Not enough pop ups!
	__________________ "¿WHAT KIND OF BIRD? ¿A PARANORMAL BIRD?" --- Carlos S., 2002

27th September 2003, 01:06 PM	#11
Eos of the Eons Mad Scientist Join Date: Jul 2003 Location: Alberta Posts: 13,894	Not enough porn pop ups you mean? I don't remember the exact mistake that lead to all the porn spam.
	__________________ Motion affecting a measuring device does not affect what is actually being measured, except to inaccurately measure it. the immaterial world doesn't matter, cause it ain't matter-Jeff Corey my karma ran over my dogma-vbloke The Lateral Truth: An Apostate's Bible Stories by Rebecca Bradley, read it!