Curiosity. How do they hijack pages?

You may have noticed that when you do searches on google, and you
click on what appears to be an interesting link, you get whisked away
to the glorious "Anti virus 2009" website.

I was just wondering just how do they do this?

In an attempt to try and find if the source domain, such as
university.edu actually had that page or not, I find it does not.
Somewhere in the link might be another website. I checked that out
too. One of those sites only had the word, "hello" on the page.

Is this done somehow in the .htacess file or by some fancy scripting
or what?

richard wrote:

Quote:

You may have noticed that when you do searches on google, and you
click on what appears to be an interesting link, you get whisked away
to the glorious "Anti virus 2009" website.

I was just wondering just how do they do this?

In an attempt to try and find if the source domain, such as
university.edu actually had that page or not, I find it does not.
Somewhere in the link might be another website. I checked that out
too. One of those sites only had the word, "hello" on the page.

Is this done somehow in the .htacess file or by some fancy scripting
or what?

Likely, the site owner either got a page indexed and then changed it, or
they simply used something like an .htaccess file or a script (index
CGI pr PHP script, for example) to show any user agant's that are
search engines one page, and non search engine's another page (or
redirect).
--
Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
Industry's most experienced staff! -- Web Hosting With Muscle!

On 19 Nov, 15:58, richard <mem... (AT) newsguy (DOT) com> wrote:

Quote:

you get whisked away to the glorious "Anti virus 2009" website.

When you were surfing pr0n sites the other night, that helpful site
that offered to install a "new ActiveX control" for you in your other
posting actually installed a trojan and now your PC is infested with
cooties. These have stolen control of your surfing navigation, your
email account for spamming, and will have your bank details too as
soon as they work out how to open the Folgers can.

Burn your computer.

Andy Dingley <dingbat (AT) codesmiths (DOT) com> writes:

Quote:

On 19 Nov, 15:58, richard <mem... (AT) newsguy (DOT) com> wrote:
you get whisked away to the glorious "Anti virus 2009" website.

When you were surfing pr0n sites the other night, that helpful site
that offered to install a "new ActiveX control" for you in your other
posting actually installed a trojan and now your PC is infested with
cooties. These have stolen control of your surfing navigation, your
email account for spamming, and will have your bank details too as
soon as they work out how to open the Folgers can.

Humor noted, but that's actually a likely scenario. Except for the pr0n
part anyway - there are lots of "cute kittens," "funny kids," and other
family-friendly trojan sites out there too.

All it takes to avoid being infected is a tiny bit of common sense - but
then, this *is* richard we're talking about here.

sherm--

--
My blog: http://shermspace.blogspot.com
Cocoa programming in Perl: http://camelbones.sourceforge.net

On Thu, 20 Nov 2008 08:21:34 -0800 (PST), Andy Dingley
<dingbat (AT) codesmiths (DOT) com> wrote:

Quote:

On 19 Nov, 15:58, richard <mem... (AT) newsguy (DOT) com> wrote:
you get whisked away to the glorious "Anti virus 2009" website.

When you were surfing pr0n sites the other night, that helpful site
that offered to install a "new ActiveX control" for you in your other
posting actually installed a trojan and now your PC is infested with
cooties. These have stolen control of your surfing navigation, your
email account for spamming, and will have your bank details too as
soon as they work out how to open the Folgers can.

Burn your computer.

Or ... manual remove this "Antivirus 2009" using the info found here :

http://www.removal-instructions.com/removeAntivirus2009.html

Raymond SCHMIT wrote:

Quote:

On Thu, 20 Nov 2008 08:21:34 -0800 (PST), Andy Dingley
dingbat (AT) codesmiths (DOT) com> wrote:



Or ... manual remove this "Antivirus 2009" using the info found here :

http://www.removal-instructions.com/removeAntivirus2009.html

Get Spybot Search and Destroy
spybot.com

Adaware
www.Lavasoft.com

Be careful, there are downloads with similar names but these are the
corrct ones.

You can also go to:
pcworld.com and get spyware removal programs that have been vetted.
--
***************************************
* This is the Spammish Inquisition *
* Not Lumber Cartel Unit 75 [TINLC] *
* I am not SPEWS.ORG *
***************************************

On Thu, 20 Nov 2008 08:21:34 -0800 (PST), Andy Dingley
<dingbat (AT) codesmiths (DOT) com> wrote:

Quote:

On 19 Nov, 15:58, richard <mem... (AT) newsguy (DOT) com> wrote:
you get whisked away to the glorious "Anti virus 2009" website.

When you were surfing pr0n sites the other night, that helpful site
that offered to install a "new ActiveX control" for you in your other
posting actually installed a trojan and now your PC is infested with
cooties. These have stolen control of your surfing navigation, your
email account for spamming, and will have your bank details too as
soon as they work out how to open the Folgers can.

Burn your computer.

Two seperate issues. AV2009 has apparently painstakingly devised a
scheme by which a page or pages is dedicated to tricking search engine
robots thinking it has located a legitimate response to the search
string. The result is then posted and the poor sucker thinks he's
about to find gold, when it turns out to be fool's gold.

I've seen many sites load pages with nothing but search terms just to
get hits.

On Thu, 20 Nov 2008 11:52:46 -0500, Sherm Pendley
<spamtrap (AT) dot-app (DOT) org> wrote:

Quote:

Andy Dingley <dingbat (AT) codesmiths (DOT) com> writes:

On 19 Nov, 15:58, richard <mem... (AT) newsguy (DOT) com> wrote:
you get whisked away to the glorious "Anti virus 2009" website.

When you were surfing pr0n sites the other night, that helpful site
that offered to install a "new ActiveX control" for you in your other
posting actually installed a trojan and now your PC is infested with
cooties. These have stolen control of your surfing navigation, your
email account for spamming, and will have your bank details too as
soon as they work out how to open the Folgers can.

Humor noted, but that's actually a likely scenario. Except for the pr0n
part anyway - there are lots of "cute kittens," "funny kids," and other
family-friendly trojan sites out there too.

Such as google, yahoo, msn, alt.html.

Quote:

All it takes to avoid being infected is a tiny bit of common sense - but
then, this *is* richard we're talking about here.

sherm--

Oooh and you are so pathetically politically correct always?
You think I don't know how to run anti-virus programs and spyware
stuff. Hell, I've had AVG for years and only maybe one or two things
slipped by it but not for long.


Where's your website smart boy? I've got one up and running with all
kinds of stuff on it and soon to be opening a full fledged server no
less.

Gazing into my crystal ball I observed richard <member (AT) newsguy (DOT) com>
writing in news:f8d8i4heb56qe081sdg7tteksk7b8dqiil (AT) 4ax (DOT) com:

Quote:

You may have noticed that when you do searches on google, and you
click on what appears to be an interesting link, you get whisked away
to the glorious "Anti virus 2009" website.

I was just wondering just how do they do this?

In an attempt to try and find if the source domain, such as
university.edu actually had that page or not, I find it does not.
Somewhere in the link might be another website. I checked that out
too. One of those sites only had the word, "hello" on the page.

Is this done somehow in the .htacess file or by some fancy scripting
or what?

Richard, you have probably been infected with Antivirus 2009 - please
see [http://www.bleepingcomputer.com/malware-removal/uninstall-
antivirus-2009] - watch wrapping.


--
Adrienne Boswell at Home
Arbpen Web Site Design Services
http://www.cavalcade-of-coding.info
Please respond to the group so others can share