Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why All The Browser Redirects ?


  • Please log in to reply
12 replies to this topic

#1 Dennis H

Dennis H

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 18 August 2010 - 04:34 PM

Howdy,

I was reading the 'Am I Infected" forum and noticed the abundance of people that were having their browsers redirected.
Almost a third of the posts on the first 2 pages were dedicated to the problem.

Is there a new Trojan going around ? Maybe I am reading it wrong but I don't seem to remember that many folks having this much trouble at one time with their browsers being hijacked.

Maybe it is just coincidence ???

Anyone have a comment ?

Thanks,

Dennis :thumbsup:

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:22 PM

Posted 18 August 2010 - 05:55 PM

Hello.

Currently, browser redirection is simply the most prevalent method malware writers are using to accomplish their primary goal: making money. by redirecting a browser, they can make it hit a website where they get paid an affiliate commission by the hit, via ads or other means. In the past they've used popups to accomplish something similar. It's just a phase, sooner or later someone will figure out a more effective way to use malware to make money and that will become the main symptom.

Hope that answers your question.

~Blade

Edited by Blade Zephon, 18 August 2010 - 05:55 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:12:22 PM

Posted 18 August 2010 - 05:55 PM

Browser hijacks are among the oldest form of malware infections. It's not new, they (malware writers/authors/coders) make a lot of money by using this scheme. The latest types of malware infections are more apparent in the fact that they are spreading virulently and are excessively difficult to remove with normal tools... hence why you see so many requests for help.
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

#4 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 18 August 2010 - 06:58 PM

Thanks for the replies.

That explains it well.

Where are you most likely to pick up the problem ?


Typical places such as E-mail attachments, P-P sharing, Etc; ?




Dennis :thumbsup:

#5 JamesFrance

JamesFrance

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:07:22 PM

Posted 19 August 2010 - 01:31 AM

I would be interested to know which security software cannot prevent these infections?

Which Programs are most often running on computers which become infected and are failing to detect and stop installation of malware?
James

#6 scherrypoppa

scherrypoppa

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 19 August 2010 - 06:42 AM

mcaffee and norton let me down :thumbsup:

#7 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 19 August 2010 - 07:41 AM

I got redirected 2 days ago. A about a minute afterward my regularly scheduled scan by Microsoft Security Essentials started up.

It caught and deleted 3 infections. I restarted my computer and have had no trouble since. I looked up the malware it deleted and there was very little information about them on the Microsoft web site other than they seemed to be a new batch. (July 26th,10)

I am assuming that they were the cause of my redirect that day but I am not sure.

Bottom line apparently Security Essentials was able to catch them.

As a side note I had run SAS and Malwarebytes prior to the Microsoft scan and they had come up clean. Maybe they have not been added to their definitions.???

If you are interested in seeing what was removed, here is my post (Am I Infected Forum) on another matter regarding Java which shows a screen shot of what MSE caught and deleted. I did not mention redirect in the post because it was cleared up. My concern was that I was picking bad stufff up from Java somehow..

http://www.bleepingcomputer.com/forums/t/340610/is-java-infecting-my-computers/

Take Care,

Dennis :thumbsup:

Edited by Dennis H, 19 August 2010 - 07:42 AM.


#8 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:12:22 PM

Posted 19 August 2010 - 09:37 AM

Where are you most likely to pick up the problem ?
Typical places such as E-mail attachments, P-P sharing, Etc; ?

Dennis :flowers:


Those are likely places, but more often than not, they are "caught" by browing on the Internet. Most newer infections target specific vulnerabilities in many software (IE, FF, Java Runtime, Adobe Reader, Quicktime, the list goes on and on...) and actively check to see whether the computer is susceptible to those attack vectors. Some use what is called an "exploit pack" that searches through known and common vulnerabilities and will actively exploit the first one that triggers. The importance of being patched fully (and not just Windows!!!! - can't say that enough!) is even more emphasized with today's threats. You are by no means invulnerable even if you are fully patched and up to date, but the number of possible infections drops significantly by keeping on top of software versions and updates.

http://secunia.com/vulnerability_scanning/online/ <- is a good place to start. This will scan your currently installed software and show you what needs updating.

I would be interested to know which security software cannot prevent these infections?

Which Programs are most often running on computers which become infected and are failing to detect and stop installation of malware?

mcaffee and norton let me down :thumbsup:


The answer to this is two-pronged. First, no software can fully (100%) prevent ALL of the infections. Security begins with the user. ALL software will be vulnerable to specific infections, they do NOT catch everything and aren't meant to. With the speed at which the malware writers develop new variants and versions, it is impossible to keep up for antivirus/anti malware vendors.
The second part is the statistical portion... While I do not have statistics, I can tell you right now, and if you read my first point above you'll understand this, ALL brands/types of antivirus and anti malware are vulnerable and will let stuff through. There is no 100% security when it comes to a one application aspect.

<snip..>
As a side note I had run SAS and Malwarebytes prior to the Microsoft scan and they had come up clean. Maybe they have not been added to their definitions.???


That is entirely possible. It could have been a brand spanking, all shiny looking, new malware threat. There really is no way to know for sure. Also, from the looks of the report, all of the found threats by MSE were in the cache folder of Java. I am not sure if you understand the purpose of the Java cache or not, so I'll just briefly outline why you may see threats there that certain programs pick up and others don't. In short, when you visit a website that has any kind of Java content, all of the files from that content will be downloaded to the Java cache for future run. This makes Java applets/servlets run quicker. Java is an interpreted program, and as such requires the full code to be read before it is executed (this also explains why some Java programs on the web - like the chat on this site for example - take so long to launch on first run; the entire program is being read and interpreted before a single line of code is executed). It's a bit more involved than that, but you get the idea...

All this to say, that the code in those cache files might never have been executed, and their payload (if any) was never applied. Anti-malware programs tend to focus on active threats, remnants playing second fiddle. It is absolutely possible that those were just dross files from an infected website that contained an exploit pack which attempted to exploit vulnerabilities in Java. If your Java runtime was updated (as you mentioned it was), the chances of an infection through one of those is immensely reduced.

Hope this answers your questions.

Cheers,
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

#9 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 19 August 2010 - 09:52 AM

Thanks for the excellent and informative post Galadriel !!

I will run the scan you have suggested now.



Dennis :thumbsup:

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:22 PM

Posted 19 August 2010 - 10:08 AM

... excellent and informative post Galadriel !!

That's what makes Gal one of our BC All Stars. :thumbsup:


You may also want to read How Malware Spreads - How did I get infected which explains in more detail the most common ways malware is contracted and spread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 19 August 2010 - 10:26 AM

Thanks quietman7.

By the way, you also have Super Star status in my book.

You have helped me many times, I really appreciate it.


Dennis :thumbsup:

#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:22 PM

Posted 19 August 2010 - 10:55 AM

Thanks quietman7.

By the way, you also have Super Star status in my book.

You have helped me many times, I really appreciate it.


Dennis :flowers:


He's not called the Bleepin' Janitor for no reason; he cleans up a lot of crap. :thumbsup:

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 19 August 2010 - 06:06 PM

Thanks quietman7.

By the way, you also have Super Star status in my book.

You have helped me many times, I really appreciate it.


Dennis :flowers:


He's not called the Bleepin' Janitor for no reason; he cleans up a lot of crap. :thumbsup:



I have to say, a lot of seemingly crap to others (knowledgeable computer folks) but not so much to a guy like me has been cleared up by quietman7. All good !


Dennis :trumpet:

Edited by Dennis H, 19 August 2010 - 06:07 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users