Curiosity. How do they hijack pages?

R

richard

You may have noticed that when you do searches on google, and you
click on what appears to be an interesting link, you get whisked away
to the glorious "Anti virus 2009" website.

I was just wondering just how do they do this?

In an attempt to try and find if the source domain, such as
university.edu actually had that page or not, I find it does not.
Somewhere in the link might be another website. I checked that out
too. One of those sites only had the word, "hello" on the page.

Is this done somehow in the .htacess file or by some fancy scripting
or what?
 
T

Tim Greer

richard said:
You may have noticed that when you do searches on google, and you
click on what appears to be an interesting link, you get whisked away
to the glorious "Anti virus 2009" website.

I was just wondering just how do they do this?

In an attempt to try and find if the source domain, such as
university.edu actually had that page or not, I find it does not.
Somewhere in the link might be another website. I checked that out
too. One of those sites only had the word, "hello" on the page.

Is this done somehow in the .htacess file or by some fancy scripting
or what?
Click to expand...

Likely, the site owner either got a page indexed and then changed it, or
they simply used something like an .htaccess file or a script (index
CGI pr PHP script, for example) to show any user agant's that are
search engines one page, and non search engine's another page (or
redirect).
 
A

Andy Dingley

you get whisked away to the glorious "Anti virus 2009" website.
Click to expand...

When you were surfing pr0n sites the other night, that helpful site
that offered to install a "new ActiveX control" for you in your other
posting actually installed a trojan and now your PC is infested with
cooties. These have stolen control of your surfing navigation, your
email account for spamming, and will have your bank details too as
soon as they work out how to open the Folgers can.

Burn your computer.
 
S

Sherm Pendley

Andy Dingley said:
When you were surfing pr0n sites the other night, that helpful site
that offered to install a "new ActiveX control" for you in your other
posting actually installed a trojan and now your PC is infested with
cooties. These have stolen control of your surfing navigation, your
email account for spamming, and will have your bank details too as
soon as they work out how to open the Folgers can.
Click to expand...

Humor noted, but that's actually a likely scenario. Except for the pr0n
part anyway - there are lots of "cute kittens," "funny kids," and other
family-friendly trojan sites out there too.

All it takes to avoid being infected is a tiny bit of common sense - but
then, this *is* richard we're talking about here.

sherm--
 
R

Raymond SCHMIT

When you were surfing pr0n sites the other night, that helpful site
that offered to install a "new ActiveX control" for you in your other
posting actually installed a trojan and now your PC is infested with
cooties. These have stolen control of your surfing navigation, your
email account for spamming, and will have your bank details too as
soon as they work out how to open the Folgers can.

Burn your computer.
Click to expand...


Or ... manual remove this "Antivirus 2009" using the info found here :

http://www.removal-instructions.com/removeAntivirus2009.html
 
D

DLU

Raymond said:
On Thu, 20 Nov 2008 08:21:34 -0800 (PST), Andy Dingley
Click to expand...
Or ... manual remove this "Antivirus 2009" using the info found here :

http://www.removal-instructions.com/removeAntivirus2009.html
Click to expand...

Get Spybot Search and Destroy
spybot.com

Adaware
www.Lavasoft.com

Be careful, there are downloads with similar names but these are the
corrct ones.

You can also go to:
pcworld.com and get spyware removal programs that have been vetted.
--
***************************************
* This is the Spammish Inquisition *
* Not Lumber Cartel Unit 75 [TINLC] *
* I am not SPEWS.ORG *
***************************************
 
R

richard

When you were surfing pr0n sites the other night, that helpful site
that offered to install a "new ActiveX control" for you in your other
posting actually installed a trojan and now your PC is infested with
cooties. These have stolen control of your surfing navigation, your
email account for spamming, and will have your bank details too as
soon as they work out how to open the Folgers can.

Burn your computer.
Click to expand...


Two seperate issues. AV2009 has apparently painstakingly devised a
scheme by which a page or pages is dedicated to tricking search engine
robots thinking it has located a legitimate response to the search
string. The result is then posted and the poor sucker thinks he's
about to find gold, when it turns out to be fool's gold.

I've seen many sites load pages with nothing but search terms just to
get hits.
 
R

richard

Humor noted, but that's actually a likely scenario. Except for the pr0n
part anyway - there are lots of "cute kittens," "funny kids," and other
family-friendly trojan sites out there too.
Click to expand...

Such as google, yahoo, msn, alt.html.

All it takes to avoid being infected is a tiny bit of common sense - but
then, this *is* richard we're talking about here.

sherm--
Click to expand...

Oooh and you are so pathetically politically correct always?
You think I don't know how to run anti-virus programs and spyware
stuff. Hell, I've had AVG for years and only maybe one or two things
slipped by it but not for long.


Where's your website smart boy? I've got one up and running with all
kinds of stuff on it and soon to be opening a full fledged server no
less.
 
A

Adrienne Boswell

You may have noticed that when you do searches on google, and you
click on what appears to be an interesting link, you get whisked away
to the glorious "Anti virus 2009" website.

I was just wondering just how do they do this?

In an attempt to try and find if the source domain, such as
university.edu actually had that page or not, I find it does not.
Somewhere in the link might be another website. I checked that out
too. One of those sites only had the word, "hello" on the page.

Is this done somehow in the .htacess file or by some fancy scripting
or what?
Click to expand...

Richard, you have probably been infected with Antivirus 2009 - please
see [http://www.bleepingcomputer.com/malware-removal/uninstall-
antivirus-2009] - watch wrapping.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Curiosity on hover tooltips 31
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Why they cut big pics 6
How do they do this? 13
How do I clone website ? Via httrack, F12 or wget [closed] 1
How Do I Set text on an Image and use the image as a border? 7
How do I set the default content page) on a Classic ASP file? 0
How do I load my "Hello World" ASP in a browser? 1

Members online

No members online now.
Total: 27 (members: 2, guests: 25)
Robots: 167

Forum statistics

Threads
473,755
Messages
2,569,534
Members
45,008
Latest member
Rahul737

Latest Threads

Top