Re: http requests getting redirected to coolsavings.com
From: Akash Mahajan (akashmahajan_at_gmail.com)
Date: 05/22/04
- Previous message: James Turnbull: "Re: possibly compromised redhat 7.2 box"
- In reply to: WINTERS, KELLY (SBIS): "RE: http requests getting redirected to coolsavings.com"
- Next in thread: kaps lock: "Re: http requests getting redirected to coolsavings.com"
- Reply: kaps lock: "Re: http requests getting redirected to coolsavings.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 22 May 2004 11:55:32 +0530 To: "WINTERS, KELLY (SBIS)" <kw7436@sbc.com>
a google.com search on spayware coolsavings.com reveals this link
http://www.spyany.com/program/article_spw_rm_CoolSavings.html
How to remove the coolsavings spyware. You ought to try that.
A bit OT isn't BARC what I think it is? Spyware infection ! Oh, well
it is the MS curse
regards
Akash
On Thu, 20 May 2004 13:23:20 -0500, WINTERS, KELLY (SBIS)
<kw7436@sbc.com> wrote:
>
> sounds like a dns problem.... take a look at your zone file w/ nslookup.
>
>
> -----Original Message-----
> From: Sonika Malhotra [mailto:sonikam@magnum.barc.ernet.in]
> Sent: Wednesday, May 19, 2004 12:09 AM
> To: security-basics
> Cc: Sonika Malhotra
> Subject: http requests getting redirected to coolsavings.com
>
> Hello List,
>
> I have a user-network which access the Internet through a proxy server
> (squid - 2.5-stable )
> We are facing a problem since few days. Any request for commonly accessed
> sites like www.google.com,www.rediff.com, www.yahoo.com gets redirected to
> the
> www.coolsavings.com
>
> The TCPdump for a session is attached for reference.kindly give some
> pointers to How is this happening?
>
> The following attached file is client-pc to proxy-server communication.The
> extra contents( packet data contents) have been removed considereing the
> file size.(still it is 51K). From the client PC the site www.google.com is
> hit and the traffic dump is taken using the ngrep tool.
>
> Regards
> Sonika
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: James Turnbull: "Re: possibly compromised redhat 7.2 box"
- In reply to: WINTERS, KELLY (SBIS): "RE: http requests getting redirected to coolsavings.com"
- Next in thread: kaps lock: "Re: http requests getting redirected to coolsavings.com"
- Reply: kaps lock: "Re: http requests getting redirected to coolsavings.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
