-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Dave Temkin Sent: Monday, December 01, 2003 3:08 PM To: nanog@merit.edu Subject: Re: Google-jacking?
FWIW, it's not a virus, it's something infrastructure related. All of the systems that I've seen this on have all the latest DAT's and the proxy servers it sits behind are virus scanning as well (for both email and web) and use alternate vendors
This is an Active-X exploit. It makes changes to your registry and DNS which is why you can't get to google. There are some other sites it munges too. If you can get to google on a working machine, search for the site that the infected machines are redirecting to and you'll find out how to fix your systems. Here's one of the URLs it returns: http://www.imilly.com/google.htm -Eric
On Mon, 1 Dec 2003, Dave Temkin wrote:
Has anyone seen a situation on their internal networks where going to a (non-Google) page "Hijacks" them and they end up with either the Google front page or a broken link page?
This happens on machines both with the toolbar and without, and we've seen it on machines on different networks/running different OS's.
Just curious. Thanks, -Dave