• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
quirkasaurus

hacked domain names - hosts file

5 posts in this topic

SWI-community--

 

I accidentally stumbled across:

 

www . neoptes . com

 

... obviously mistyping www . neopets . com.

 

What happened was, I was suddenly on a re-directed search engine page

that felt eerily similar to the CWS hacks!! complete with miriads of pop-ups.

 

Fortunately, I had my Sun Java thing installed and, if it tried, I wasn't infected.

 

However, I hadn't heard this method used before,

I always see a lot of "HOW DID THIS HAPPEN ?!?!!"

 

Maybe one of you brave admin souls can visit this site and

confirm this suspicion and we can get this site included in

the spy-bot hosts file, and others like it.

 

Thanks!

Share this post


Link to post
Share on other sites

Hi and welcome to SWI

 

Okay, I don't care cos I'm at a Library

 

Upon reaching the page www.neoptes.com...

 

Popup 1 -

http://ads1.revenue.net/load/206359/dialas...FBC_720x300.gif

 

Popup 2 -

Source code shows several references to

http://search.domainsponsor.com

 

Popup 3 -

This site was blocked by restriction list: RM Offensive Material Filter List

http://www.games-factory.com/freepolyringtonen1.htm

 

Regards

Edited by Mere_Mortal

Share this post


Link to post
Share on other sites

So... You're concurring that it contained the CWS virus ?

 

or... You're saying that the redirected links should already be blocked

by the S&D hosts file ?

 

Or... You're saying that the popups were blocked by the Library's own

RM filter program ?

 

All of the above ?

 

Thanks for answering!

Share this post


Link to post
Share on other sites

I find any spyware going there on my test system. 2 popups and a popup on exiting the site asking to set your homepage to a lame search engine.

 

I used hjt and cws to examine the system before and after.

Share this post


Link to post
Share on other sites

I wouldn't know if it's CWS, or at least it doesn't seem to be. Don't quote me there, mind.

 

Or... You're saying that the popups were blocked by the Library's own RM filter program ?

Only one of them was.

 

The library host won't allow any such changes to the homepage or registry in any case, so I can't conclude whether the address and/or the popups are malicious.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0