[TriLUG] Is this a hijack?

bak bak at picklefactory.org
Sat Aug 16 15:38:07 EDT 2008


Probably clever use of a redirect based on the referrer your browser is 
sending.  Coming from google?  Then you get the trojan page.

If you're curious you could probably install the TamperData Firefox 
plugin to see what's going back and forth and eyeball the headers.

--bak

James Jones wrote:
> All,
>
> Not sure if I understand what a hijacked web page is, but I have run
> into something that is baffling me.
>
> Recently, I need some battery information so I use my favorite search
> engine, Google on my favorite browser, Firefox 2.0.0.14, with the key
> search being "battery reference chart" ( without the quotes ). As
> usual, Google responds quickly with  "Results 1 - 10 of about 307,000
> for battery reference chart. (0.07 seconds) ". Not finding exactly
> what I was looking for in the first 10, I went to the second page ( 11
> - 20 ).
>
> Number 13 was listed as follows:
> ==========================================================
>
> Battery cross reference chart, toshiba laptop battery, acid ...
> Submenu Item A; Submenu Item B. Nice battery cross reference chart ...
> Battery cross reference chart, how to test a battery isolator, lawn
> mower battery, ...
> www.scottsimmons.tv/media/cpdky/battery-cross-reference-chart.html - 10k -
> Cached - Similar pages
>
> ==========================================================
>
> As I usually do when going to links on google, I clicked on the first
> line -- "Battery cross reference chart...." I am sent to:
>
> http://scan.free-antispyware-scanner.com/100627/3/
>
> The page that popped up was designed to look like winxp as if you had
> clicked on "My Computer". For C and D hard drives, red lettering was
> underneath it "Hardware error". A horizontal progress bar with
> indication of "scanning". Of course, my browser is now locked so I
> have to open a terminal window and kill Firefox.
>
> If I use the link at the bottom of Number 13 :
>
> www.scottsimmons.tv/media/cpdky/battery-cross-reference-chart.html
>
> I go to the website without interference from the "hijacker".
>
> How did they do this????
>
> jcj
>   




More information about the TriLUG mailing list