Olympus-OM
[Top] [All Lists]

Re: [OM] OT: Hijacked Browsers

Subject: Re: [OM] OT: Hijacked Browsers
From: Chris Trask <christrask@xxxxxxxxxxxxx>
Date: Fri, 16 Dec 2016 09:55:14 -0700 (GMT-07:00)
     Soon after I did this, I restarted the laptop and watched for any 
activity.  Whenever there is a data download taking place, a small window 
appears at the bottom informing you where the data is being downloaded from.  
Sure enough, there were downloads taking place from the 
"securepubads.g.doubleclick.net" URL.  So, I added that to the "hosts" file as 
well, then restarted and watched for any activity.

     There hasn't been any activity for almost 30 minutes, so this appears to 
have put the kabosh on that intrusion.

>
>     I've learned a bit more about this.  For some time I've noticed a lot 
>of download activity when I'm online, and in the past couple of weeks I've 
>had ads pop up on the right side of the screen when I'm going through 
>webmail.  I right-clicked on one of these ads yesterday and found that the 
>root URL is "turn.com".  I added that URL to my firewall as well as the 
>resident "hosts" file.
>
>     Something else I learned is that the download activity stops if I shut 
>off the webmail page.  This makes me suspect that there is some code in the 
>Earthlink webmail page that is invoking this "securepubads.g.doubleclick.net" 
>URL.  
>
>     According to McAfee, this problem was first detected in May of 2007, 
>and is still active.
>
>>
>>Chris, take a look at the noscript addon for firefox.
>>
>

Chris

When the going gets weird, the weird turn pro 
     - Hunter S. Thompson
-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz