Attack Symptoms: What's the Diagnosis?

Discussion in 'malware problems & news' started by Searching_ _ _, Jun 27, 2010.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    OS's used that exhibit these symptoms, XP Pro sp2/3, Vista pre-sp/sp1, Linux-Fedora 12, Ubuntu 9, Debian 5.0.

    Attacks involve:

    Redirections of visited sites
    Alterations of https to http
    Browser configurations are not maintained while visiting sites. Example: NoScript whitelist youtube.com and ytimg.com yet youtube image is still blocked. Other ad content continues through NoScript as if Noscript were not present.
    Alterations of the OS to a previous state with no rollback options present, Linux or Windows does not matter.
    Alterations to powersave features within the OS.

    I assume these are all occuring in memory of the system.
    I use a Live CD and these functions still occur, minus the rollingback.
    I cannot explain it outside of memory modifications.
    If it is in memory modifications what can I do in order to prevent such attacks?

    Your thoughts appreciated.
     
  2. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I have rectified those issues as well as I can involving defaults of the router.
    Also my router does not allow the default information to remain present.
    Once you visit the admin console it's data must be updated.
    Is an 83 random characters password strong enough? :D
    Is a 60 random characters administration name strong enough? :D
     
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Redirections could lie within your hosts file?

    "Alterations of the OS to a previous state" Hmmm, could it be possible that something/someone is auto kicking off System Restore even though I've never heard of it unless it's being remotely controlled somehow.
     
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Remote is a possibility.
    Linux doesn't have a system restore.
    These are not Windows specific symptoms, they occur on both Windows and Linux.
    They only occur on the surfing OS.
    For instance, Fedora host running VirtualBox with Windows XP Pro SP3 guest. While surfing with the Windows guest it develops the symptoms outlined while the Fedora host is uneffected.
    When I discovered that the guest surfing was maligned I would switch to surf with the host to check. It would be normal.
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Searching_ _ _

    Very strange :eek:

    I'm clutching at straws as i'm not an expert in these matters ;) but as it hasn't been mentioned, have you tried a different DNS to try and see if it resolves at least some of the issues ?
     
  7. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I have switched from OpenDNS to Level3 to GoogleDNS, and 2 others. The song remains the same.
    If the router has one set of DNS configured and the computer is using static config with another DNS, who get's priority in the routing?
    If using static configurations on the local computers, should the routers DNS be disabled?

    Google HTTPS using FireFox, has 1 of 2 ssl verifications missing, Paypal has both and Ixquick has 1 of 2 missing.
     
Loading...
Thread Status:
Not open for further replies.