Can legit websites be compromised? Are these examples below new spoof tricks?
Lately I have noticed changes to familiar and trusted websites.
For instance, previously I could download YouTube steelguitar videos by adding the word "kiss" in the link address.
However, if I do this now, another website owner (Vdownloader) takes over and forces you to read their crummy advertisement and go to THEIR website, while, at the same time, blocking you from going to the real address.
Similarly, another page I visited was blocked by AVG telling me that the page I was visiting was dangerous.
It also changed my address label (the one that is used to indicate Secure locked pages) and made it look like a dangerous page.
To clarify: I do not have AVG installed.
I use Trend Micro exclusively. Trend Micro did not mark the page in question as dangerous.
The AVG action was unsolicited.
Does this mean that soon our bank websites will be compromised by strangers blocking the entrance?
Can someone decide to block the forum in a similar fashion?
What is this type of scam called?
Can legit websites be compromised with new spoof tricks?
Moderator: Wiz Feinberg
-
Peter den Hartogh
- Posts: 1001
- Joined: 27 Mar 2010 12:49 pm
- Location: Cape Town, South Africa
- State/Province: -
- Country: United States
Can legit websites be compromised with new spoof tricks?
1977 Sho~Bud D10 ProIII Custom; Sho~Bud SD10 The Professional ; ETS S10 5x5;
Fender 1000; 1993 Remington U12; 1978 Emmons S10 P/P; GeorgeB Weissenborn;
Fluger Cat-Can; Asher Electro Hawaiian; Gibson BR4; Fender FS52; Guyatone 8str;
Fender Resonator ; Epiphone Coronet 1937; Rickenbacher Ace; Rickenbacher NS;
Dynalap 8string; Harbor Lights 8string; Aiersi Tri-Cone; Fender Stringmaster
Fender 1000; 1993 Remington U12; 1978 Emmons S10 P/P; GeorgeB Weissenborn;
Fluger Cat-Can; Asher Electro Hawaiian; Gibson BR4; Fender FS52; Guyatone 8str;
Fender Resonator ; Epiphone Coronet 1937; Rickenbacher Ace; Rickenbacher NS;
Dynalap 8string; Harbor Lights 8string; Aiersi Tri-Cone; Fender Stringmaster
-
Wiz Feinberg
- Posts: 6114
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- State/Province: Michigan
- Country: United States
Re: Can legit websites be compromised with new spoof tricks?
This sounds like you have knowingly or unknowingly installed Vdownloader as a plug-in or add-on to your browser. It would be responsible for downloading YouTube videos and saving them as FLV or AVI files.Peter den Hartogh wrote:Can legit websites be compromised? Are these examples below new spoof tricks?
...
For instance, previously I could download YouTube steelguitar videos by adding the word "kiss" in the link address. However, if I do this now, another website owner (Vdownloader) takes over and forces you to read their crummy advertisement and go to THEIR website, while, at the same time, blocking you from going to the real address.
Look through all of your plug-ins and add-ons and uninstall Vdownloader, then restart your browser. Also, look in Control Panel (Windows only) to see if it has an entry under Installed Programs that can be uninstalled. Run the uninstaller if one exists.
Again, check your plug-ins and add-ons for the AVG toolbar, or anything with AVG in it. Sometimes, this toolbar is bundled with other programs that are downloaded. You may have missed seeing the checkbox during the install process. This toolbar, or add-on can be disabled and uninstalled.Similarly, another page I visited was blocked by AVG telling me that the page I was visiting was dangerous.
It also changed my address label (the one that is used to indicate Secure locked pages) and made it look like a dangerous page.
To clarify: I do not have AVG installed.
I use Trend Micro exclusively. Trend Micro did not mark the page in question as dangerous.
The AVG action was unsolicited.
Criminals are able to do a lot of nasty things to browsers and their plug-ins and helpers. It is often done by targeting known vulnerabilities in third party browser software that malware and the like gets installed. You should make sure that all exploitable software has been updated. You can do this by running the Secunia Online or Personal (offline) Software Inspector. See www.secunia.comDoes this mean that soon our bank websites will be compromised by strangers blocking the entrance?
Can someone decide to block the forum in a similar fashion?
[/quote]What is this type of scam called?
I'd call it either exploitation of unpatched, vulnerable browsers and their software components, or failure to uncheck certain 3rd party options during installations and updates.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
-
Peter den Hartogh
- Posts: 1001
- Joined: 27 Mar 2010 12:49 pm
- Location: Cape Town, South Africa
- State/Province: -
- Country: United States
Wiz, thank you so much for the clear explanation.
My computer is up to date, but I will look into all your suggestions in more detail.
Thanks
My computer is up to date, but I will look into all your suggestions in more detail.
Thanks
1977 Sho~Bud D10 ProIII Custom; Sho~Bud SD10 The Professional ; ETS S10 5x5;
Fender 1000; 1993 Remington U12; 1978 Emmons S10 P/P; GeorgeB Weissenborn;
Fluger Cat-Can; Asher Electro Hawaiian; Gibson BR4; Fender FS52; Guyatone 8str;
Fender Resonator ; Epiphone Coronet 1937; Rickenbacher Ace; Rickenbacher NS;
Dynalap 8string; Harbor Lights 8string; Aiersi Tri-Cone; Fender Stringmaster
Fender 1000; 1993 Remington U12; 1978 Emmons S10 P/P; GeorgeB Weissenborn;
Fluger Cat-Can; Asher Electro Hawaiian; Gibson BR4; Fender FS52; Guyatone 8str;
Fender Resonator ; Epiphone Coronet 1937; Rickenbacher Ace; Rickenbacher NS;
Dynalap 8string; Harbor Lights 8string; Aiersi Tri-Cone; Fender Stringmaster
-
Bob Martin
- Posts: 1871
- Joined: 27 Feb 1999 1:01 am
- Location: Madison Tn
- State/Province: -
- Country: United States
Hi Mr. Hartogh, when I read this in your post 
I've been using the internet since it's big debut and even before with "Bulletin Boards" and one thing I have noticed about typing URL's into the go to box is that if you have to type something such as a code like "kiss" it is definitely redirecting you to a place where it wants you to go. I'm not saying this is bad but I am saying that by typing in the code word such as "kiss" you may or may not know where it is taking you and as you are going along the route many things can be done to your computer or your browser.
Did you download an app that said to add "kiss" to the URL and it would download the utube video or did someone just tell you about it? As you can see I'm thinking your problems may be from your browser getting hijacked without your consent or knowledge. Now let me say this Wiz is the Wiz here LOL and he didn't say to much about the "kiss" code being added to the URL so I may just be paranoid But either way it's worth a thought! Good luck.
Bob Martin
It threw up a red flag in my poor feeble mindFor instance, previously I could download YouTube steelguitar videos by adding the word "kiss" in the link address
I've been using the internet since it's big debut and even before with "Bulletin Boards" and one thing I have noticed about typing URL's into the go to box is that if you have to type something such as a code like "kiss" it is definitely redirecting you to a place where it wants you to go. I'm not saying this is bad but I am saying that by typing in the code word such as "kiss" you may or may not know where it is taking you and as you are going along the route many things can be done to your computer or your browser.Did you download an app that said to add "kiss" to the URL and it would download the utube video or did someone just tell you about it? As you can see I'm thinking your problems may be from your browser getting hijacked without your consent or knowledge. Now let me say this Wiz is the Wiz here LOL and he didn't say to much about the "kiss" code being added to the URL so I may just be paranoid
But either way it's worth a thought! Good luck.Bob Martin
***Praise God From Whom All Blessings Flow***