Author Topic: MY safe zone browser hijacked! goes to fake google  (Read 75514 times)

0 Members and 1 Guest are viewing this topic.

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: MY safe zone browser hijacked! goes to fake google
« Reply #135 on: April 14, 2011, 04:33:22 AM »
Bob,

I really don't know ( why do you expect me to know this  ??? )  but I can ask Petr if you like ;)  Btw my reaction was to Zeeks post below yours.

Greetz, Red.

« Last Edit: April 14, 2011, 04:37:31 AM by Rednose »
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: MY safe zone browser hijacked! goes to fake google
« Reply #136 on: April 14, 2011, 04:38:24 AM »
I only asked because my question directly related to your post and you seemed
to skirt that post.
I can also ask Petr.  :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: MY safe zone browser hijacked! goes to fake google
« Reply #137 on: April 14, 2011, 04:54:08 AM »
I can also ask Petr.  :)

Yes I know that ;)

The only thing I know is that Mailshell DNS was added just shortly before the official release of Avast! 6.  But they are new for me, so I have no real opinion about them.

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

zeeks

  • Guest
Re: MY safe zone browser hijacked! goes to fake google
« Reply #138 on: April 14, 2011, 07:04:37 AM »
Hey, I don't want to Hammer on Avast. I think it is a Good product. I really haven't had any bad viruses in the last ten years, I had one where a seinfield episode and radio came on out of no where, while browsig internet. But free avg picked it up. I just recently after getting the "Google redirect virus" decided to actually pay for a virus program. I tried everything and couldn't get rid of it, it looks like I picked it up by having an old version of java! Because I couldn't stand that stinkin "please update javA every 5 seconds" Avast picked it up on a scan but couldn't get rid of it. I eventually killed it with Kap lab tdss killer, after some research. But avast picked it up When it was trying to activate. Apparentlly it hides, then pops up and that's why it's so hard to pick up on scans. Definitley impressed with Avast But A little weirded out after The first time I pay for Antivrus in ten years and this happens virtually days later.
That and Avast billed me three times on credit card:) Is it possible to get a prize or something for being the first to report this on the forum or what, somebody hook me up with future discount..

Hermite15

  • Guest
Re: MY safe zone browser hijacked! goes to fake google
« Reply #139 on: April 14, 2011, 10:38:40 AM »
@Rednose when you're saying that's not Avast, that's mailshell... not sure this makes the whole thing sound less ugly ;)

 

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: MY safe zone browser hijacked! goes to fake google
« Reply #140 on: April 14, 2011, 11:27:00 AM »
Hi all,

first, I'd like to thank zeeks and a few others who reported the issue and helped us track down what's going on and ultimately fix the problem.

I have to confirm that one of the servers we use for the SafeZone DNS lookups was serving incorrect data. The problem was fixed a few hours after you notified us about the problem. I'm not able to say exactly how long the invalid data were there before you noticed. But given that it included high-profile sites such as google.com and yahoo.com, I assume it couldn't be too long before someone noticed. Please also note that this was not a targetted attack whose reason would be to redirect access to banking/shopping sites etc. The problem only affected 1 server (out of about 10 that we use), hence it didn't happen to everyone and every time.

Of course, the responsibility is all ours - it shouldn't matter to you, as a user, what infrastructure partners we use on our backend systems (if any).

We have taken all precaution to prevent this from happening in the future.


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Hermite15

  • Guest
Re: MY safe zone browser hijacked! goes to fake google
« Reply #141 on: April 14, 2011, 11:36:14 AM »


I have to confirm that one of the servers we use for the SafeZone DNS lookups was serving incorrect data....

......Please also note that this was not a targetted attack whose reason would be to redirect access to banking/shopping sites etc. The problem only affected 1 server


Vlk

okay, how did it happen, how come this particular server was affected, what triggered the corruption... ? not mentioning that re-directions (according to the screen shots posted here by two users) were taking the users to porn/gambling/"medicines" ads...
« Last Edit: April 14, 2011, 11:38:53 AM by Logos »

Hermite15

  • Guest
Re: MY safe zone browser hijacked! goes to fake google
« Reply #142 on: April 14, 2011, 11:55:48 AM »
no answer ??? ::)

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Re: MY safe zone browser hijacked! goes to fake google
« Reply #143 on: April 14, 2011, 12:02:26 PM »

okay, how did it happen, how come this particular server was affected, what triggered the corruption... ? not mentioning that re-directions (according to the screen shots posted here by two users) were taking the users to porn/gambling/"medicines" ads...

My guess is Avast mods have no idea about it since the servers belonged to mailshell.. But more importantly, like Bob asked, didnt it affect any other organization/product that uses mailshell ? is it ONLY avast that was affected?
ASUS ROG Mobo - AMD Ryzen 7 3700X| RAM 32.00GB | 4TB HDD +1TB SSD | ATI Radeon RX 5700 XT 8GB
Windows 10 Pro 64bit |Avast One Individual | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: MY safe zone browser hijacked! goes to fake google
« Reply #144 on: April 14, 2011, 12:04:58 PM »
is it ONLY avast that was affected?

I think so. It was one of Avast's DNS servers. Not anyone else's.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Hermite15

  • Guest
Re: MY safe zone browser hijacked! goes to fake google
« Reply #145 on: April 14, 2011, 12:07:46 PM »

okay, how did it happen, how come this particular server was affected, what triggered the corruption... ? not mentioning that re-directions (according to the screen shots posted here by two users) were taking the users to porn/gambling/"medicines" ads...

My guess is Avast mods have no idea about it since the servers belonged to mailshell.. But more importantly, like Bob asked, didnt it affect any other organization/product that uses mailshell ? is it ONLY avast that was affected?

they rented the server and the service, so it's up to them (Avast) to investigate, find out, and tell us.

ps: Vlk is not a mod. The Avast team do the moderation here off and on but mainly, they're developers ;)

edit: does the fact that they don't know (because that was on mailshell servers etc...)- if they actually don't - make you feel better about SafeZone security? ;D
« Last Edit: April 14, 2011, 12:10:47 PM by Logos »

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Re: MY safe zone browser hijacked! goes to fake google
« Reply #146 on: April 14, 2011, 12:10:20 PM »


they rented the server and the service, so it's up to them (Avast) to investigate, find out, and tell us.

ps: Vlk is not a mod. The Avast team do the moderation here off and on but mainly, they're developers ;)

Agreed, hope they investigate this and comeback with more info :)

Yeah I know that Vlk is a developer and the CTO, but I thought the other guys (pk and them) were mods  ;D my bad!  ;D
ASUS ROG Mobo - AMD Ryzen 7 3700X| RAM 32.00GB | 4TB HDD +1TB SSD | ATI Radeon RX 5700 XT 8GB
Windows 10 Pro 64bit |Avast One Individual | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)

Hermite15

  • Guest
Re: MY safe zone browser hijacked! goes to fake google
« Reply #147 on: April 14, 2011, 12:12:52 PM »
@drakul just for your info, pk is in charge of the virtualization module development @Avast, so this includes the sandbox, the auto-sandbox, and the safe zone ;)

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Re: MY safe zone browser hijacked! goes to fake google
« Reply #148 on: April 14, 2011, 12:15:47 PM »
@drakul just for your info, pk is in charge of the virtualization module development @Avast, so this includes the sandbox, the auto-sandbox, and the safe zone ;)

 :o ok thanks for the info :)!
ASUS ROG Mobo - AMD Ryzen 7 3700X| RAM 32.00GB | 4TB HDD +1TB SSD | ATI Radeon RX 5700 XT 8GB
Windows 10 Pro 64bit |Avast One Individual | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: MY safe zone browser hijacked! goes to fake google
« Reply #149 on: April 14, 2011, 12:20:54 PM »
I'd like to know if the rest of their partners where also affected or infected which ever way you want to interpret this. :(

I'd still like to get this question answered.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet