Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about IP injections?


  • Please log in to reply
10 replies to this topic

#1 auto1571

auto1571

  • Members
  • 296 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 25 October 2014 - 06:18 PM

Okay well when speaking with someone online just recently they gave me a link to a YouTube video but I noticed that the URl had been altered which I found a bit strange. When I replaced the URL with the correct one it displayed the message "Video not available."

 

Anyway I was speaking to some other people online about this and they said I gotta be careful because of IP injections what ever that is. Now I doubt that is possible in regards to Youtube URLS.

 

Also they then said that you can't confirm whether or not you have been IP injected which I also doubt for some reason given the fact that we now have diagnostic tools that can confirm most kinds of malware activity.

 

Anyway I thought I better ask here as you guys are the experts with this. So any help much appreciated.

 

Thanks.



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 25 October 2014 - 06:36 PM

I don't know what IP injection is, and Google is not helpful, this seems to be a medical procedure.

 

Okay well when speaking with someone online just recently they gave me a link to a YouTube video but I noticed that the URl had been altered which I found a bit strange. When I replaced the URL with the correct one it displayed the message "Video not available."

 

 

But if you tell me how you altered the URL, maybe I can understand what you mean.

Did you change the domain? Or the path? Or the query string?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 auto1571

auto1571
  • Topic Starter

  • Members
  • 296 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 25 October 2014 - 07:59 PM

I replaced the /v/ with the watch?v= to try and find the original video. And by IP injection I mean IP address injection.



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 25 October 2014 - 09:10 PM

if the domain was YouTube's and not an IP address, was there an IP address somewhere else in the URL?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 auto1571

auto1571
  • Topic Starter

  • Members
  • 296 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 25 October 2014 - 10:00 PM

if the domain was YouTube's and not an IP address, was there an IP address somewhere else in the URL?

 

No it was only a Youtube url. I can try and get the Youtube url if you want?



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 26 October 2014 - 05:46 AM

If it is not malicious, SPAM or offensive, feel free to post the URL.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:03 PM

Posted 26 October 2014 - 08:00 AM

If you're not sure, you can always check suspicious sites or get second opinions using various URL Link Scanners BEFORE posting:-- Use several different vendors when performing queries to confirm the results of page content. Even doing this, you still need to be cautions of other links on the page itself which can redirect to a malicious page.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 rp88

rp88

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:03 PM

Posted 26 October 2014 - 10:00 AM

Thanks for those links to sites which deobfuscate shortened URLs, now we can see where bit.ly and tinyurl links are really going.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 26 October 2014 - 12:35 PM

Thanks for those links to sites which deobfuscate shortened URLs, now we can see where bit.ly and tinyurl links are really going.

 

Several link shorteners (like bit.ly) present you with a stat page when you add a + character at the end of the link. This way you can see where the shortened link is pointing to.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 auto1571

auto1571
  • Topic Starter

  • Members
  • 296 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 29 October 2014 - 02:41 PM

Okay, it turns out it was an official YouTube url but had been altered slightly. The watch?v= in the URL had been changed to only /v/. Some people do this to try and watch videos that are blocked in their country. The video did play and was also verified by Google.Inc. So based on that I think I will conclude that it was not malicious. I was a little drunk that night and I guess I panicked a bit.

 

Thanks for you help and also to quietman for those links.



#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 29 October 2014 - 04:24 PM

I was a little drunk that night and I guess I panicked a bit.


That's still beter than not realizing/remembering you could have done something wrong ;-)

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users