Forum redirect

[AcHmed99]

Has anyone else gotten redirected when they click on this topic.

The topic is currently on page 3 of Projects, Designs, and Technical Stuff

I’m using firefox with noscript,flashblock and adblock.

I thought I might have some browser hijacker but it only does it in this forum and only for that topic. I scanned with MBAM and security essentials and found nothing. I also used Hijackthis and found nothing odd.

I tried clicking the link with IE, security to the max and it doesn’t redirect.
A screen shot of the site redirected to.


A screenshot of webtraffic when the link is clicked.

[AndreasF]

I can still see the thread (i.e. don't get forwarded).

The first reply (by EdoNork) contains a gif that links to the site:

Code: [Select]

<img src="http://iranpoliticsclub.net/club/images/smilies/1%20soda%20popcorn.gif" alt="" class="bbc_img">

[Psi]

There are two img tags, the main one and a smaller one. (red arrow added by me)



This is the img tag urls

Code: [Select]


http://iranpoliticsclub.net/club/images/smilies/1%20soda%20popcorn.gif

http://www.google.es/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http%3A%2F%2Firanpoliticsclub.net%2Fclub%2Fviewtopic.php%3Ft%3D562&ei=znq3VOSfBou8Ua7YgvAD&psig=AFQjCNEC6rD-PRRZtibAmMuZy3m_7vqxFg&ust=1421396970646336



[EEVblog]

No problem for me, but I have deleted EdoNorks post just in case, it contained nothing of value anyway.

[Psi]

I would worry that your windows install has been compromised in some way that makes it auto-run code when it shouldn't be.

[Psi]

The URL in that 2nd img tag (the one i pointed the red arrow at) is not actually an image at all.
If you try to download it you get html code with a redirect.

So your web browser is being told to display an image which is not an image but in fact HTML code, and instead of showing the default "no image" icon that the rest of us are getting your browser is running the HTML.

[Psi]

i always run with UAC turned off, Its too damn annoying.

And i didn't get the redirect.

[ElektroQuark]

Uh.
I copied the GIF URL from a search engine.
Maybe they somewhat protect their content.
Sorry!

[ElektroQuark]

... it contained nothing of value anyway.

It states that I was very interested in the previous post and that I was waiting for the promised images.

[Lightages]

After that redirect, I would certainly run MalwareBytes Antimalware and Antirootkit, Super AntiSpyware, Sophos Virus Removal Tool Antirootkit.

[wraper]

IIRC few years ago it was discovered Opera (not webkit based) and some other browser or browsers would redirect if the page contains bogus link to the image which actually is no image. It remained not fixed for a long time. Probably something similar here.

[ElektroQuark]

orry guys, I'm really embarrassed with all this.

[Lightages]

After that redirect, I would certainly run MalwareBytes Antimalware and Antirootkit, Super AntiSpyware, Sophos Virus Removal Tool Antirootkit.

I used to (operative words being used to) clean virus and browser hijackers off my brother in laws and other family members PC and that was the SOP. It got to be a time consuming PITA so they are on their own now.

It couldn't really do anything other then what it did, redirect me to a crazy ass site, looks like it maybe tried to pick-up some referal clicks or something judging by the f**ingmachines url as well.

But yea pretty Fu*ked up website.

* inserted to spare the kiddies.

If something redirects to a website, you don't know whether that new website has a day zero hijacker or some other malware. The very fact that I got an unexpected website would prompt me to do what I suggested. I too have seen far too many compromised computers in my life to let something like that go. It certainly doesn't hurt to do what I suggest.