Hacker Attack

ackees · June 4th, 2006, 08:11 AM

Hi,
Can any one help decode the meaning of the following code, basically I :(have hackers who are redirecting web pages to steal bank accounts, I guess that it is a server, anyway here it is:

http://www.google.com/search?q=cgtal...utf-8&oe=utf-8

they seem to have redirected a google serch

Help if you can
thanks in advance.

meow · June 4th, 2006, 09:56 AM

Don't search from the addressbar or searchbar in Opera then.

Those extra parameters are just telling Google that you searched from Opera, how many hits you want displayed and the and the character encoding.

Here's what the Google toolbar for IE produces.
http://www.google.com/search?sourcei...LG:en&q=cgtalk

And here's what I get when I type "g cgtalk" on Operas addressbar.
http://www.google.com/search?client=...utf-8&oe=utf-8

Maybe they track us, but I don't think it's worse than that. :)

--
http://yupapa.com

ackees · June 4th, 2006, 10:09 AM

Thanks,
but in Opera browser I get a "302 moved' message, I found that odd as I rarely get Google offering a moved search page, the pages that were found might have moved but it's odd fot the actual search to have moved, afterall the search result was not created before the searc request, how can something that does not exist prior to the search give a 302 moved?

meow · June 4th, 2006, 10:17 AM

Do you gte that when you do that search from Opera? I don't. No idea, I never search from Opera (more than testing, that is), but I've never seen a redirected search either.

--
http://yupapa.com

ackees · June 5th, 2006, 12:58 AM

Apparently oprea is a very secure browser, so it knows that the web page has been redirected (the other browsers do not know this has happened and show the redirected page as normal so the owner of the IP never usually knows - the earlier logic of how something that does not yet exist can then be redirect is correct - it has to exist before it can then be moved), someone grabbed it before then sending it on to me, thats why it says redirected. The hackers have grabbed my IP and are sending me a copy. How I catch them now is the problem. :(

Does anyone know how to view the raw data of the opera page because that might give a clue.
thanks

meow · June 5th, 2006, 01:08 AM

So how does my Opera differ from yours? Exactly what do you do when you get this redirection?

How do you mean someone has stolen your IP number?

--
http://yupapa.com

interrupt · June 26th, 2006, 06:05 AM

Check out NETSED on Google. Its an on-the-fly packet modder, meaning you can find out for sure where your security holes are. I think you can use it to spoof your IP as any packets leave your system too. If you're running a Linux system of any kind, try NMAP'ing yourself to look for vulnerabilities, (I wouldn't even begin to trust the Windows port of NMAP).

A couple of good sites:

www.packetstormsecurity.org
http:\\distrowatch.com

Cheers
Joe
Joe

panacea · July 12th, 2006, 06:04 AM

Very puzzling! All I can think of is to check your proxy settings and C:\windows\system32\drivers\etc\hosts file to see if your computer's configured with a man-in-the-middle attack. Maybe you're not talking to google.com at all, but either a service running on your local system or a proxy that spyware has installed for you.

Jon Emerson
http://www.jonemerson.net/