[WEB4LIB] RE: Browser Hijackings

[P. Michael McCulley]

Thanks, Andrew and ratz :<... I thought we'd hit it.
You might want to look at this ZDNET article on home page hijacking:

	Online battleground--has your home page been hijacked?
	http://www.zdnet.com/zdnn/stories/news/0,4586,2689655,00.html

Perhaps this is some variation on the PassThisOn.com tricks noted.

Since it has seemingly ended, and mysteriously, some variant of DNS spoofing or hacking is perhaps involved after all. The name servers can be poisoned with false cache data in some cases. If some DNS admin has flushed or re-set the cache, it (the redirects) would "disappear" mysteriously as you describe.

It still is puzzling about the box that pops up, and what "happens" when the user selects to re-set their homepage (opt-in?).

Anyway, glad that has ended for now. Onward, through the fog....

Best,
Michael

P. Michael McCulley
Email: mcculley at best.com

Quote of the Moment:
The world is full of apathy and complacency, and no one cares. - George Will

>-----Original Message-----
>From: web4lib at webjunction.org
>[mailto:web4lib at webjunction.org]On Behalf Of Andrew I. Mutch
>Sent: Thursday, June 21, 2001 08:54 PM
>To: Multiple recipients of list
>Subject: [WEB4LIB] RE: Browser Hijackings
>
>
>Michael,
>
>This was actually my first guess at what was causing this problem.
>However, I was able to eliminate this possibility for several reasons:
>
>1) The browser startup and search pages had not been changed in most
>cases but the browsers still were diverted to "bigred.com".
>
>2) I've removed Windows Scripting Host from all of our staff and public
>machines to avoid problems related to WSH-related viruses.
>
>3) Our AV scans did not detect any viruses and they would have detected
>the "Seeker" application.
>
>The clincher is that the problem has now stopped as mysteriously as it
>started.  
>
>Andrew Mutch
>Library Systems Technician
>Waterford Township Public Library
>Waterford, MI

[remainder snipped]