Is your PCs browser being redirected?

For discussions about security.
Post Reply
Message
Author
User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

Is your PCs browser being redirected?

#1 Post by 8-bit »

I recently read an article on some servers that were set up to redirect web site requests for malicious purposes.
It claimed there were a lot of infected computers that may loose their internet access when the FBI takes down two servers that it set up to replace confiscated servers that were redirecting users to their sites for malicious purposes.
I have already checked out the site the FBI says one should visit to see if their PC is infected.
If you are adventurous, you can visit that site at
http://dcwg.org.

I did not post the address as a live link, so you would have to copy and past it to your address bar in your browser.

You can find the original writeup by USA Today at.

http://www.usatoday.com/tech/news/story ... 54446044/1

majorfoo
Posts: 448
Joined: Mon 07 Mar 2011, 22:27
Location: Wish I knew

Re: Is your PCs browser being redirected?

#2 Post by majorfoo »

8-bit wrote:I recently read an article on some servers that were set up to redirect web site requests for malicious purposes.
It claimed there were a lot of infected computers that may loose their internet access when the FBI takes down two servers that it set up to replace confiscated servers that were redirecting users to their sites for malicious purposes.
I have already checked out the site the FBI says one should visit to see if their PC is infected.
If you are adventurous, you can visit that site at
http://dcwg.org.

I did not post the address as a live link, so you would have to copy and past it to your address bar in your browser.

You can find the original writeup by USA Today at.

http://www.usatoday.com/tech/news/story ... 54446044/1
Interesting article - I tried http://www.dns-ok.us/ and my computer came back green, which is supposed to be ok.

Guess we will have to wait and see what happens in July.

User avatar
Monsie
Posts: 631
Joined: Thu 01 Dec 2011, 07:37
Location: Kamloops BC Canada

Is your PCs browser being redirected

#3 Post by Monsie »

Hi 8-bit,

From what I have read so far, this security breach has impacted Windows and Mac systems. I haven't found any evidence (yet) that a Linux based system has been infected with this malware.

Can anyone confirm this?

Monsie
My [u]username[/u] is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#4 Post by nooby »

8-bit thanks to taking up this subject.

I don't trust them but tested anyway and it says Green
but like Monsie above I guess it only work on Win and Apple?

So suppose I have it on WinXP or Win7 and never test
it booting into MS Windows then it is Green on Linux
and I have no idea what happens when I finally boot
into Ms Win? some months from now when I need to
update or upgrade a smartphone using Ms Win.??????
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
puppy_apprentice
Posts: 299
Joined: Tue 07 Feb 2012, 20:32

#5 Post by puppy_apprentice »

u can check if u are infected:

from this site:
http://www.publicsafety.gc.ca/prg/em/cc ... -eng.aspx.

u can find "Known Malicious DNS Server IP ranges":

Code: Select all

    85.255.112.0 through 85.255.127.25
    67.210.0.0 through 67.210.15.255
    93.188.160.0 through 93.188.167.255
    77.67.83.0 through 77.67.83.255
    213.109.64.0 through 213.109.79.255
    64.28.176.0 through 64.28.191.255
from this site u wil find how to get your current DNS servers for Linux and Windows:
http://www.cyberciti.biz/faq/how-to-fin ... ddress-is/

if your DNS IP is in one of above IP ranges u probably get infected if not everything is ok

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#6 Post by 8-bit »

That is interesting additional information.
My IP is not in the range of addresses you showed and running Puppy, the site I gave shows it as good.
I also tried my laptop that boots to Win7 64bit and it also reported clean.
I wonder if it depends on whom one uses as their IP.
Mine is through Century Link (also known as Quest).
I imagine that bigger IPs check to see that their IP address is not being hijacked/redirected.

Also, did you know that when you do a web search using Google, the link they give to the information you are searching for is not a direct link?
It is instead a Google link that takes you to the ending link.

Also, I have noticed in Windows that it seems I get a lot of pop up notices of Flash Player wanting to update itself.
I used to use a Toshiba Laptop that ran fairly fast with the factory install of Windows XP.
After a long series of Microsoft updates, XP has became so slow as to make the PC unusable.
I installed Puppy on it to get the usability back.

I could and maybe should also mention that my other Toshiba laptop that runs Windows 7 64bit from the factory screamed as to speed.
After again a number of Microsoft updates, the laptop has slowed down and it is noticeable in I now get the busy circle icon a lot more as well as desktop icons that redraw a few times before everything stabilizes.

Do you think MS is trying to force the users to update to their latest version of windows by doing updates that slow down the PC?

In my case, I am tempted to try doing a recovery factory install on my older laptop, turning off Microsoft update and all the other stuff that wants to update itself and see if the speed returns.

But.......
I have not checked that laptop for being physically clean and it just possibly could be that the processor is running at a lower mhz due to heat from being dirty.
I say this because the daughter's Acer laptop with Vista was running very slow. I disassembled it and found a genuine block of lint that was blocking 3/4 of the passage to the cooling fins as well as the blades on the cooling fan also being chocked full of lint.
After cleaning, the speed was back to what she said it used to be.

Adagio

#7 Post by Adagio »

Do you think MS is trying to force the users to update to their latest version of windows by doing updates that slow down the PC?
I thought it was well known that they do that in the months leading up to a new version.

User avatar
puppy_apprentice
Posts: 299
Joined: Tue 07 Feb 2012, 20:32

#8 Post by puppy_apprentice »

...the site I gave shows it as good.
i think this site is doing thae same that u can do manually using method from my post (it is possible to read DNS IP server), eg. on this page:

http://www.dnswatch.info/

put your IP (i think that your site is reading your IP automaticaly) in the Hostname or IP field and click ok, u should notice that one of printed IPs is your DNS server (should be two last positions) - so your site is doing something similar - is taking your IP and look for DNS server IP and chceck if it is in the bad range
I wonder if it depends on whom one uses as their IP.
yep i think that everyone retrieve DNS IP from own internet provider when login to own provider network, eg. in Windows i have 2 DNSes: one is from my provider and one is some trusted country DNS server, but i think that a virus (DNS Changer virus or whatever could easily change this)

u can try to use DNS server for free from this page:
https://www.opendns.com/

and how to change it:
http://www.techsupportalert.com/content ... server.htm
Also, did you know that when you do a web search using Google, the link they give to the information you are searching for is not a direct link?
It is instead a Google link that takes you to the ending link.
yep i've noticed this earlier, i think it was browser dependant: in IE i didn't saw redirection, but in FF with earlier version NoScript Plugin i saw it (this Google redirection stuff is JavaScript command so NoScript blocked it, i've checked this redirection stuff, because when i saw this information i clicked stop button in a browser and coud check redirection source code, it didn't send me to another location), now with new version of NoScript i don't see info about redirection, i think new version is compatible with Google code, i don't know if Google make this for safety or for their own bussines, but i think it was not virus
Do you think MS is trying to force the users to update to their latest version of windows by doing updates that slow down the PC?
maybe, i'm using Vista 32bit (but my favorites were 98 and 2000, i've got Vista with laptop and i will not go for 7 or 8, i think that if i will buy new laptop someday i will want it with Linux or without any system) with firewall, antivirus and Spy Search and Destroy app working, and i don't have problems, everytime when i uinstall something (especially big) i'm using cleaning tools to erase all files and registry entries that left and make hd/registry defragmentation (i'm doing hd defragmentation from my Vista live CD disk, i think that is quicker that doing that in system booted from hd)

User avatar
Monsie
Posts: 631
Joined: Thu 01 Dec 2011, 07:37
Location: Kamloops BC Canada

Is your PCs browser being redirected?

#9 Post by Monsie »

Adagio wrote:
Do you think MS is trying to force the users to update to their latest version of windows by doing updates that slow down the PC?
I thought it was well known that they do that in the months leading up to a new version.
This sounds like an urban myth... where is your evidence?

Respectfully,
Monsie
My [u]username[/u] is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#10 Post by 8-bit »

I do not know how well MS update cleans up after itself, but on all my PCs that do MS updates, there are empty directories left on C:\ .
Also, I do not know how well it cleans up the registry as when a reboot is required to finish an update, I assume the updating process temporarily adds to the registry to tell the PC to continue the update process.

Of course a lot of try it type games with a time limit on them also write to the registry and an uninstall of the game leaves traces to make sure the user does not try to reinstall the game with the time limit restored.
One can verify that using wine in Puppy and looking at the registry after an uninstall.
You will find that the information for the game is still in the registry and the more garbage that is left in it is overhead that possibly can slow the PC up.

User avatar
puppy_apprentice
Posts: 299
Joined: Tue 07 Feb 2012, 20:32

#11 Post by puppy_apprentice »

yep windows day by day is collecting more shit, but u can clean it a little using those tools (they not clean all shit but it is better than nothing):

numbers mean - my steps to clean shit from windows

1) this tools is good to instal on fresh windows and install all stuf using it (it monitor all registry/hd changes, if not all most of them)
http://www.ashampoo.com/en/usd/pin/0803 ... -UnInstall

2) this is for cleaning orphans, old backups, old logs etc.
http://www.piriform.com/ccleaner/download
after using this app is good to lokk into programs folder to check if nothing left + clean all cache from any browser

3) to clean registry:
http://www.auslogics.com/en/software/re ... /download/
http://www.eusing.com/free_registry_cle ... leaner.htm
http://www.glarysoft.com/products/utili ... /download/

4) to defrag registry:
http://www.auslogics.com/en/software/re ... /download/

5) to defrag hd:
http://www.auslogics.com/en/software/di ... /download/

it is not perfect solution but it is better to do something than nothing
and it is good to reinstall windows sometimes (i didn't reinstaled mine since 2 years, i have all patches etc. and it is working quite good in my opinion, it is not a rocket but i didn't exopected from Vista to be the best system, i wish Miscrosoft to return to systems like 98 or 2000)

User avatar
Monsie
Posts: 631
Joined: Thu 01 Dec 2011, 07:37
Location: Kamloops BC Canada

Is your PCs browser being redirected?

#12 Post by Monsie »

Let's go back to my original question: Can anyone confirm whether or not this malware affects users of Linux based operating systems? Is it possible that this malware could have been passed on through e-mail somehow, such that it might not matter which operating system one is running?

I think there is a danger that we can become too complacent in thinking that because we run a Linux distro that we are basically immune to malware.

Thanks,
Monsie
My [u]username[/u] is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.

User avatar
puppy_apprentice
Posts: 299
Joined: Tue 07 Feb 2012, 20:32

#13 Post by puppy_apprentice »

from http://techland.time.com/2012/04/23/dns ... s-in-july/
How did the malware work? DNSChanger targets Windows or Mac systems (Linux, iOS and Android users are in the clear) by manipulating Domain Name Servers (DNS), which translate syntax-based URLs into IP addresses.
but it is good to make a backup of /etc/resolv.conf and put in a safe place and after july form time to time check this file if the DNS adresses are the same

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#14 Post by nooby »

This disk-defrag-setup.exe would that work in wine on puppy or any other linux?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
puppy_apprentice
Posts: 299
Joined: Tue 07 Feb 2012, 20:32

#15 Post by puppy_apprentice »

nooby wrote:This disk-defrag-setup.exe would that work in wine on puppy or any other linux?
u can find some portable (zipped, do not need instalation) windows apps to defragment hard drive and run from Wine (i'm not sure because i'm not use Wine), but they are designed for windows filesystem not fo Linux, and Linux file system don't need defragmentation, there are some tools, but this is not necessary, more there: http://www.ehow.com/how_4473590_defrag-linux.html

but if u installed Puppy as frugal - all files are stored on Windows partition - it is good to defragment this Windows partition (so ur linux files will be in one "place", and acces should be quicker to those files), but u can do this from Windows only (u can use Windows own defragmentation utility)

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#16 Post by nooby »

Thanks
I use Google Search on Puppy Forum
not an ideal solution though

Post Reply