Security question
Hi all,
I have a question related to online security. while browsing in Firefox, sometimes when I click on a link from a google search, I am redirected to a "security firm" that purports to be running a scan of my computer. They report that it is infected. I am including a screen shot of their page.
OK, so I can't upload the image. but I can link to it here...
http://picasaweb.google.com/drbuzz77...64117603460434
They seem to report that my computer is infected with what looks like windows trojan and virus. I doubt it. I don't even have windows installed on my computer. Would someone look at this site and tell me what you think. this site has taken over my browser on several occasions. Is this legal?" How do I report them if it is not?
thanks
buzz
I have a question related to online security. while browsing in Firefox, sometimes when I click on a link from a google search, I am redirected to a "security firm" that purports to be running a scan of my computer. They report that it is infected. I am including a screen shot of their page.
OK, so I can't upload the image. but I can link to it here...
http://picasaweb.google.com/drbuzz77...64117603460434
They seem to report that my computer is infected with what looks like windows trojan and virus. I doubt it. I don't even have windows installed on my computer. Would someone look at this site and tell me what you think. this site has taken over my browser on several occasions. Is this legal?" How do I report them if it is not?
thanks
buzz
Comments
I have a question related to online security. while browsing in Firefox, sometimes when I click on a link from a google search, I am redirected to a "security firm" that purports to be running a scan of my computer. They report that it is infected. I am including a screen shot of their page.
This is Windows spam. I doubt it's a redirect but it's possible. For example if a domain isn't found, it can redirect you to a different domain. If you use OpenDNS for your DNS servers, it will redirect you to their own search engine for example. I expect that it's just a spam link you clicked and you should just ignore the warning as those viruses/trojans aren't on your machine. You can report spam to the FCC but I think they would only take action if the company acted in an obtrusive way - i.e showing the popup without you clicking a redirect to their site.
http://www.dnschanger.com
Then, buy Snow Leopard which helps protect against this and many other security issues for Mac
So now I'm still faced with the question of "Is my computer infected?"
I don't mind buying some anti virus software to scan for this crap, but what do you recommend for a mac. I do plan on installing windows eventually and I am planning on installing Leopard. Right now, I am still running 10.4. I'm not terribly computer savvy, that's why I love my macs. "They just work". And they are very secure.... normally.
thanks
buzz
So now I'm still faced with the question of "Is my computer infected?"
In as much as what the popup describes no. A web page cannot check your filesystem so it has no way to tell you that. The popup is a generic message that everyone will see.
The worst that you could have is something that redirects you to that site when trying to visit another. Do you have an example of a link that takes you to the page?
In as much as what the popup describes no. A web page cannot check your filesystem so it has no way to tell you that. The popup is a generic message that everyone will see.
The worst that you could have is something that redirects you to that site when trying to visit another. Do you have an example of a link that takes you to the page?
I went back and looked at my history just prior to this page. I had done a google search for water filters. the label says "computer scan" and the url is: http://best-antispyware-11.com/scan1...MTU1NQ0NaA%3DM
The link I clicked just prior to it is: http://www.google.com/url?sa=t&sourc...12r4hsAzSiwiTQ
when I go to that page now, firefox brings up a dialogue that says it's an attack site. I am not brave enough to go beyond that so I click "get me outa here". I would suspect that i was redirected to this "computer scan" phishing site. This has happened several times in the past. I think each time, I have been clicking links pulled up via a google search, and been redirected. Am I the only one this has happened to? Does that mean I may have some malware installed? It really pisses me off. Or is someone highjacking these sites? This thing takes over my computer by pulling up a dialogue box and no matter what I do, it takes me to this bogus site and "runs" a bogus scan. I can't seem to stop it and have to wait for it to "scan" before I can close the window. did I say that it pisses me off. It can't be a legit firm as no idiot in his right mind would market this way.
when I go to that page now, firefox brings up a dialogue that says it's an attack site. I am not brave enough to go beyond that so I click "get me outa here". I would suspect that i was redirected to this "computer scan" phishing site. This has happened several times in the past. I think each time, I have been clicking links pulled up via a google search, and been redirected.
It's possible that it wasn't your computer but your router that's been affected. Try putting the OpenDNS server IPs into your DNS list. You can do it on the OS or on the router. The router would mean everyone using it is safe. Try on the OS first to see if it helps. Apple menu > system prefs > network > wifi settings if you use wifi or ethernet if it's wired and type in 208.67.222.222, 208.67.220.220 into the DNS box and hit apply. Then try visiting the link. You might have to flush your DNS cache.
You can also check if something has modified your hosts file. Open /Applications/Utilities/terminal and type in:
open -e /etc/hosts
and copy/paste the contents in your next post.
Well buddy,Other critical patches in the security bulletin for October fix a vulnerability in Windows Media Runtime that could be exploited if a user opened a malicious media file or received malicious streaming content from a Web site or application, and if a specially crafted ASF (Advanced Systems Format) file is played using Windows Media Player 6.4.This is surely will be window spam problem regarding security level.Change the firewall settings and then reboot the system.
Thanks
Results of the scan: "DNS Changer not detected".
So now I'm still faced with the question of "Is my computer infected?"
I don't mind buying some anti virus software to scan for this crap, but what do you recommend for a mac. I do plan on installing windows eventually and I am planning on installing Leopard. Right now, I am still running 10.4. I'm not terribly computer savvy, that's why I love my macs. "They just work". And they are very secure.... normally.
thanks
buzz
Oh, well thats good. Not sure what's going on with your computer then. You can buy Intego if you're really worried. A better move would be to get Snow Leopard or just Leopard if you're on a PPC.
It's possible that it wasn't your computer but your router that's been affected. Try putting the OpenDNS server IPs into your DNS list. You can do it on the OS or on the router. The router would mean everyone using it is safe. Try on the OS first to see if it helps. Apple menu > system prefs > network > wifi settings if you use wifi or ethernet if it's wired and type in 208.67.222.222, 208.67.220.220 into the DNS box and hit apply. Then try visiting the link. You might have to flush your DNS cache.
You can also check if something has modified your hosts file. Open /Applications/Utilities/terminal and type in:
open -e /etc/hosts
and copy/paste the contents in your next post.
Results of terminal:
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1\tlocalhost
255.255.255.255\tbroadcasthost
::1 localhost
This stuff is way above my pay grade. How do I flush the DNS cache.
thanks
Hi ibuzz,
Well buddy,Other critical patches in the security bulletin for October fix a vulnerability in Windows Media Runtime that could be exploited if a user opened a malicious media file or received malicious streaming content from a Web site or application, and if a specially crafted ASF (Advanced Systems Format) file is played using Windows Media Player 6.4.This is surely will be window spam problem regarding security level.Change the firewall settings and then reboot the system.
Thanks
I don't think I have windows media player installed. spotlight only shows an installer in the ms office folder.
are you suggesting I change the firewall settings in the router? what would I change them to? the modem firewall is set to "basic". the other choices are low, medium, and high. OSX firewall is set to on, and allows only itunes music sharing, ichat av, and nework time. I ran a free symantec online security check which resulted in a "safe".
thanks
"New additions of malicious sites for October 14, 2009 which will compromise your PC Security. Some may contain ?driveby? downloads and are to be considered highly dangerous.
Also bear in mind that these use ?flux? techniques and may not resolve and disappear from one domain and appear on another.
These sites WILL harm your computer so it is advised to keep well away from them or add them to your Hosts file so that they are blocked."
and this: "Newly registered malware domains, many currently redirect to Google and Yahoo and are blacklisted by the following:
Google ? Google Diagnostic Page
My WOT ? WOT Score Card
hpHosts ? hpHosts listing
MalwareDomainList ? MDL listing
ZeuS Tracker ? Zeus Tracker listing"
Does any of this explain how they can hyjack a link that redirects to their bogus site? Should I add it to my hosts file, whatever that is? If so, how would I do that? Any help is appreciated.
thanks
Buzz
Results of terminal:
That's ok, your hosts file hasn't been modified.
How do I flush the DNS cache.
In OS 10.4, in the terminal you type:
lookupd -flushcache
That should clear any redirects after you've adjusted your DNS settings. It seems more like the site itself is the problem though.
Does any of this explain how they can hyjack a link that redirects to their bogus site? Should I add it to my hosts file, whatever that is? If so, how would I do that?
The hosts file is what you opened in the previous post. It's a list of IP addresses and domain names. So to block a web address, you can type a new line like:
127.0.0.1 best-antispyware-11.com
You need higher permissions to edit the file. I don't think it's needed in this case. Like I say, it doesn't seem like you've been redirected but rather the website itself is a malware site and they added one.
If you see popups for anti-virus software and scanning your PC, close the page and avoid that site. Same goes with sites that ask you to install a video codec to view content. They won't do any harm to your machine on their own.
A further search of google safe browsing (http://safebrowsing.clients.google.c...spyware-11.com) with the suspect url showed that google has identified the site for malware. I think they are infecting legit sites with a redirect to their phishing site.
Any how, I don't think my computer is infected. I really appreciate having a mac that is relatively safe. I personally can't understand how the pc world can put up it.
so thanks again to all.
Buzz
Thanks to all who gave their time and expertise to help me.
A further search of google safe browsing (http://safebrowsing.clients.google.c...spyware-11.com) with the suspect url showed that google has identified the site for malware. I think they are infecting legit sites with a redirect to their phishing site.
Any how, I don't think my computer is infected. I really appreciate having a mac that is relatively safe. I personally can't understand how the pc world can put up it.
so thanks again to all.
Buzz
Quite, Buzz, and that's just one of Macs' advantages of course!
And you're clearly not the only only one suffering from those bogus 'virus scanner' popups, a.k.a. "scareware": I see them too and so do millions of others http://news.bbc.co.uk/2/hi/technology/8313678.stm. And 85% of those are Windows users of course.
What I don't understand is, how can they get by the pop-up blocker, and take control of my machine, I can't do anything until I dismiss the dialogue box. Both choices (OK and Cancel) take me to their site, where my machine is held hostage while the run their so called virus scan. If I was a computer programmer, I think I would figure out a way to bomb their site. This is war!
OK, I feel better having ranted sufficiently.
Thanks again to all who gave help. Hopefully, others will be warned.
Buzz
PS: perhaps this is why macs are flying off the shelves and the stock is up almost $10 today alone.
sorry I sold mine a while ago. I keep waiting for a pull back but there are none.