Mystery - spyware or hack?
Filed in: Computers, Internet.
After getting home from work today, I checked the blogs I follow using Bloglines. All was well until I got to the last blog, which happened to be Zeusblog. When I clicked on the title of the entry to visit the blog, I was instead taken to the following URL:
http://lvhook.biz/indexi.php?src=591&trk=03260447724252649
I shouldn't have to warn you not to go there.
So, why did I go there instead of Zeusblog? My initial thought was maybe Zeusblog got hacked. I downloaded the server logs, but according to them, no request reached the server in order to be redirected. I even downloaded all of the files on the site and checked them, just in case, but found nothing.
I turned to my second assumption - that my PC had picked up some spyware. Scans with AVG, Ad Aware, Spybot and Windows Defender all came up blank.
So... what the hell? What caused this redirect? Some new spyware which the scanning programs don't know about yet?
I experienced the same redirect a few weeks back. I couldn't find the cause then, I can't now, and whatever it is is obviously still affecting my PC.
Googling found two relevant articles, but neither of them provide any good suggestions as to what caused the redirect in the first place:
- The Norton AntiVirus guys seem more interested in telling the guy that their product blocked the redirect than why clicking on a google result took him to a different place than he expected
- Geeks to Go couldn't find anything on this victim's system, though he was happy enough when the problem didn't repeat.
This is very odd and disturbing.
Posted at 9:33 PM | Comments (11)