Google, MSN, Yahoo Sites Hijacked By Crooks

SecurityProNews
Staff Writer
2009-02-17

The cleverness and sophistication spammers and malware creators have reached is at times breathtaking. It's one thing to spread via shady, malicious websites, but it's another when they convince your computer it's talking to Google itself.

Hijacked Sites

Alex Lanstein at FireEye Malware Intelligence Lab, lays out what the malware network landscape looks like after last October's shutdown of Intercage/Atrivo, which, like its big brother McColo, was responsible for much of the world's spam. Lanstein identifies "sister organizations" still operating in places like the Ukraine.

Specifically, Lanstein targets UkrTeleGroup, and provides a detailed rundown of how DNSChanger Trojans connect to servers registered to this network. An infected computer will request correct domain information most of the time, but when specific other domains are requested-popular ones like Google, MSN, Yahoo, or AOL-the computer is routed to a UkrTeleGroup server instead, which sends back the correct website, with a side of cyberburglary.

"…the way it works is somehow malware enters your system and it changes the DNS servers that you use for lookups to these malicious servers," writes Lanstein. "Most of the time, the ‘malicious' DNS servers actually pass you the correct IP address for a given domain name, but for a few specific domains they want to control, it returns a IP that's in its purview."

Lanstein presents a huge sample of IP addresses linked registered to UkrTeleGroup, and others hosted by another nefarious network, Internet Path/Cernel. Those listed the big boys among sites they hijack, which include, but are not limited to:

google.ca
rds.yahoo.com
auto.search.msn.com
searchsense.search.live.com
search.aol.com
ac2.msn.com
ac3.msn.com
googleadservices.com
rc10.overture.com
rc12.overture.com
wzus1.ask.com
results.googleadservices.com
results.msn.com
results.overture.com
google.fr

About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More insider_reports_insider Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials