Main Area and Open Discussion > General Software Discussion
A strange Hijack?
Giampy:
Hail!
Every day I see dozens of websites without inconveniences. When I instead surf into a certain website (it shows Tv programs) I am sometimes redirected to other extraneous pages. I usually see a page that claims I got a virus and that page offers the way to delete that infection. Of course it's all false.
As far as I know such behavior is typical of an Hijack (or similar) but I have a doubt: is it possible/normal that a Hijack hits one website only and that website only?
Besides: such Hijack is affecting me or that website? Who should be worried, me or the owner of that website?
Renegade:
Welcome to the world of spammy ads~! :D
Most likely it's just JavaScripted ads. It's unlikely that you have anything to worry about.
TaoPhoenix:
(Ahem) In the world of pr0n, there are a lot of page redirects similar to the one I think you are talking about. There's probably a few types of ways to code the concept, but basically one version is a kind of hot-rotator link that feeds the correct linked-to page say a third of the time, and the other two times it sends you to one of their "affiliates", presumably for ad revenue. I'm no expert so I'm probably describing it wrong but the links often look sorta like "spinbot.rotator.com?cgi="outputfeed"&affiliate="534856"&visitclickID="5428"
tomos:
[...] such Hijack is affecting me or that website?
-Giampy (August 02, 2012, 06:22 AM)
--- End quote ---
a couple of years ago (XP admin account), I was opening tabs in the background, from a google search. The antivirus blocked the webpage, but the virus (or whatever you want to call it) was able to run, IIRC it played a siren sound (!) and opened a manically flashing window telling me I had a virus. The window could not be closed normally. I'll quote from my report to the AV company:
The app was downloaded in the background and it disabled AntiVir & the
Windows firewall. It started itself, telling me I had a virus
and I should register to remove it.
I panicked at the time, so I dont remember the details exactly, but I do
remember it was difficult to kill. I removed at least one app from the
startup, found the app itself - it was installed in:
Documents and Settings\*User*\Application Data\Desktop Securities
2010\securitycenter.exe
It also had a bunch of files installed in the temp folder which I
securely erased (some of these had been running and one was in windows
startup) Unfortunately I have no record of them.
--- End quote ---
because I panicked a little, and started killing & deleting things left right and centre, I didnt keep a proper record of the url or the files.
The app also created four files within legitimate software installs (Filehamster/FARR/Softmaker/Cloudberry). It took a name from a (random?) file in the install, and created an exe file with the same name. These files were later reported by my AV (Avira AntiVir paid version) and I noticed that the created date for them all was exactly the same as the time I got the infection.
I guess my point is that you'll probably know if you have a virus. And using UAC &/or a non-admin account would probably help a lot...
f0dder:
Giampy, I wouldn't call those pop-up/pop-under advertisements hijacks, and they're not necessarily full of malware - the products they advertise are definitely snake-oil, though.
But if you visit sites of that... quality... where they use advertisements that are allowed to use those tactics? You really, really, really shouldn't be browsing without NoScript + AdBlockPlus. Heck, people who frequent that kind of warez/pr0n/stream-tv-shows sites should be doing so from a browser not just with NS+ABP, but preferably a sandboxed one, and it definitely wouldn't hurt running it from a VM.
Paranoia? Only slightly. Even if the sites themselves aren't sleazy enough to serve you malware, their banner advertisement affiliates might be - and even if they aren't, they're nice goals for hackers to inject malware into.
Navigation
[0] Message Index
[#] Next page
Go to full version