What type of malware or exploit is this?

Archived From: Technology
  • Page :
  • 1
  • Text Only
rated:
When I submit browser-based login credentials to my website, if the submit is successful, several *.png files start getting retrieved from a random server. For e.g. requests for http://legitsite.com/a.png are instead requested from http://xxx.xxx.xx.xx/legitsite.com/a.png. xxx.xxx.xx.xx is clearly a malicious entity inserting itself into the request. This behavior is observed only when accessing my website from one particular computer. I've used 3-4 other computers with no such issue.

Malwarebytes detected no malware on the comp. After I cleared my browser history and cookies, the behavior disappeared.

Does this mean that hijack attempts can reside in a browser, perhaps even in cookies? The problem might have disappeared but I am unsure whether merely clearing browsercache might have done the trick.

Pointers or links to reading material would be appreciated. I am not sure even what keywords to search for. Thanks.

Member Summary
Thanks for visiting FatWallet.com. Join for free to remove this ad.

what browser? i had a Firefox plugin redirecting all my Google searches, don't recall the specific name

skh12 said:   what browser? i had a Firefox plugin redirecting all my Google searches, don't recall the specific name

Firefox -- and yes, I do have 2-3 plugins on it. I didn't dare try IE because I didn't know how to see requests from IE (in Firefox I could use firebug).

Obviously, I will now check the plugins...most are reputable i think. Is there a way to tell which plugin is the thief? Also why did clearing history/cookies rid the issue?

whats the xxx? http://xxx.xxx.xx.xx/legitsite.com/a.png

any results when you google this?

I've seen redirectors in the Cache files before. Clearing out all the history / temp files made the issues go away. I never tried to figure out what it was called though, just got rid of it.



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

TRUSTe online privacy certification

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2014