Page 1 of 2

OSX Mac Brower Hijack? Safari & Firefox!!!

Posted: Sun Jan 07, 2007 4:15 am
by NewLittleSnitchUser
HELP! Both our browsers keep being hijacked (safari & firefox) to a weird site while inside a members only log-in backdoor! It only happens when I press a 'search' button from within one section (URL would be like: www.domain.com/members/search.php).

So far it only happens within this one site and it happens whether we are in secure or unsecure http: or httpS: url location in this particular member site. The webmaster says it never happens on any others, he checked using various browsers and platforms and therefore that it has to be in my system.

Has anyone heard of this? I cannot figure it out, I don't find anything about this anywhere -- can littlesnitch stop it?

ANY help appreciated!

OH: after hitting 'search' in both safari and firefox the redirect/hijack goes to this URL

http://www.usuc.us/enter/goto.php

(we have tried it several times on different days and it always happens! I even got rid of all the cookies in firefox as a test -- still happened.) :?:

Posted: Mon Jan 08, 2007 7:54 pm
by johannes
You could of course add a Little Snitch rule to deny access to www.usuc.us, but this will not keep Safari or Firefox from trying to access that URL.

So it would for now make sure your browser does not connect to this site, but you'd still need to find out why it tries to...

apparently it's javascript related

Posted: Sat Jan 13, 2007 1:52 pm
by Guest
thanks-- good idea.

discovered that when i turn off javascript in both browsers the behavior (hijacking) stops. I don't know if this means the 'infection' is on my end or the host site or server or what.

If on my end, I don't know how to de-infect whatever it is, wherever it is.

Posted: Fri Jan 26, 2007 4:17 pm
by Rick
It would be good if you could give us the URL so we could look at the code. I don't understand why you didn't curl the URL and post the source here. I think as turning off JS turns off the exploit that it's clear where it's coming from but I'm not sure everyone will rest easy for that.

Please provide the URL that hijacked you so we can see what's going on. Better yet, provide the source to that web page if you still have it (and hopefully you have it).

Note a similar issue here brought to our attention.
http://www.macworld.com/forums/ubbthrea ... ber=473150

Cheers - and stay safe!

Posted: Sun Jan 28, 2007 10:18 am
by Fluffy
It is starting to look like OS X is experiencing the types of malware that has until now only affected Windows systems.
Everybody on Windows knows that viruses/malware are a fact of life.

However, everyone seems to think that OS X is immune from these problems...

In fact, there is a growing list of OS X exploits that are operating just 'blow the radar', but there are almost no security tools available to mitigate them.

I predict that things are going to get very bad for MacOS X users...

Posted: Tue Jan 30, 2007 3:30 pm
by Guest
Fluffy wrote:It is starting to look like OS X is experiencing the types of malware that has until now only affected Windows systems.
Everybody on Windows knows that viruses/malware are a fact of life.

However, everyone seems to think that OS X is immune from these problems...

In fact, there is a growing list of OS X exploits that are operating just 'blow the radar', but there are almost no security tools available to mitigate them.

I predict that things are going to get very bad for MacOS X users...


Your a fucking retard

Posted: Tue Jan 30, 2007 10:29 pm
by Fluffy
Your a fucking retard


I think what you meant to say is, "You're a fucking retard."

Your is the second person possessive of the pronoun 'you', as in:
Your mother should have had an abortion.

You're is a contraction for 'you are', as in: You're not worth the time it took to type this post.

Posted: Wed Jan 31, 2007 2:26 am
by FredB
Fluffy wrote:I think what you meant to say is, "You're a fucking retard."

Your is the second person possessive of the pronoun 'you', as in:
Your mother should have had an abortion.

You're is a contraction for 'you are', as in: You're not worth the time it took to type this post.

Are you aware that there is more than one language on earth?
Maybe english is his language anyway, but I hate people making the assumption that everybody should speak english perfectly.

BTW, your previous post is total FUD.

Not everyone thinks OS X is immune, but denying that OS X is more secure than windows by design is simply dishonest.
There are a lot of security tools. (Native OS X utilities or UNIX/Linux ports.)
there is a growing list of OS X exploits that are operating just 'blow the radar'

I think what you meant to say is 'below the radar'. (Easy, huh?)
Having 3 proofs of concepts instead of 2 is in fact a growing list. Bravo.

Please, keep your doom predictions for you, thanks.

Posted: Wed Jan 31, 2007 5:08 pm
by Guest
This is not a prediction of doom. Browser hijacks via Javascript are a fact of the Windows world, and there is no reason why they shouldn't start turning up on Macs now that the platform's popularity is growing.

Things may in time turn out not to be as bad as they have become on Windows since the Mac browsers may be less insecure than IE* but this is definite a rumbling of thunder, if not the apocalypse.

Also note that both the above-quoted hijacks, if true as reported, cause a modification of OS X System Preferences. This (once again, if verified true) is serious; the hijack is reaching beyond the browser's internal prefs to those of the system-wide Network Preferences panel.

OS X is a great desktop OS, but that doesn't mean it's immune to attack. Check out the Month of Apple Bugs if you need proof.


diem
(currently evaluating LittleSnitch as a result of this thread!)



* don't depend on it - Macintosh has always been about ease of user experience, and unfortunately this often does not play well with strong security. The advice may well be to use

Posted: Wed Feb 07, 2007 4:43 pm
by Diegus83
My guess is this has more to do with the user giving his admin password to third party "un-trusted" applications, maybe a search-bar, a browser plug-in, etc.

Re: OSX Mac Brower Hijack? Safari & Firefox!!!

Posted: Thu Feb 08, 2007 1:26 am
by Guest
Did you know google cached this "Post a Reply" page?

Browser compromised?

Posted: Thu Feb 08, 2007 9:30 pm
by Nigeltech
Hi there, I'm in a similar situation
If I attempt to connect to any Google site, or sites with a google connection (eg mozilla.com) I get a timeout message (after the timeout of course)
This happens with Firefox (2.0.0.1) and Safari (2.0,4)
Running OSX 10.4.8
Connect to internet on broadband DSL.
The odd thing is the problem occurs with my mac mini and my G4 iBook.
I am using my daughters iBook and it connects OK
When she took my iBook to her place it will not connect to google, but is OK with everything else.

I cannot connect to my bank site either.
I can connect to www.nzcity.co.nz, but when i click thru to "tv listings" the connection times out. Note starts to load OK, then it stalls at the point the status line reads "waiting for pagead2.googlesyndication.com".
I have cleared cache (I think)
Cleared all history
Turned off Java
Changed DNS to a configured one my ISP says is the one to use.
No change.
Any ideas? Have I been blocked?

Re: Browser compromised?

Posted: Sat Feb 10, 2007 10:45 pm
by nigeltech
Nigeltech wrote:Hi there, I'm in a similar situation...

Well, it appears my problem has resolve itself, no idea what happened, but my best guess is the problem was with my ISP.

No, but then the sky hasn't fallen yet either...

Posted: Wed Feb 14, 2007 1:37 am
by maxplanar
Anonymous wrote:This is not a prediction of doom


Sounds like it to me. You know what? No-one in their right mind believes that ANY OS is totally secure, yet the OS security picture as of mid-Feb 2007 continues to be:

A) There are no known viruses, worms or trojans for OSX in the wild. Tentative 'how-it-might-happen's have been shown, but nothing has happened.

B) On the other hand, Windows is known to have at least a few hundred thousand viruses, worms and trojans.

And OSX is five years old. You may choose the OS that is riddled with problems, or you may choose the OS that has none yet. Your choice.

People have been parading placards screaming "The End of The World is Nigh" for decades, but there's not a single normal person who looks at them with anything other than a gentle, patronising smile, and a curiousity at how they sleep at night.

OSX Mac Brower Hijack? Safari & Firefox!!!

Posted: Sun Mar 25, 2007 4:31 am
by bosrino
LOL someone states their browser is being hacked on a mac computer and then you start talking about DOOMS day? Wow you're not right in the head at all.