Konqueror Hijacked ?
Hi, I'm using SuSE 10.1 with KDE, and Konqueror, 3.5.1 and when I try to acesse www.amazon.com i?m hijecked to "http://ad.doubleclick.net/adi/amazon.pilot/;type=inv_pixel;sz=1x1;ord=705?". When I use Firefox, that doesn't happen. Is this my first virus ? Regards Lívio Cipriano
On Sun, 2006-10-01 at 22:10 +0100, Lívio Cipriano wrote:
Hi,
I'm using SuSE 10.1 with KDE, and Konqueror, 3.5.1 and when I try to acesse www.amazon.com i?m hijecked to "http://ad.doubleclick.net/adi/amazon.pilot/;type=inv_pixel;sz=1x1;ord=705?". When I use Firefox, that doesn't happen. Is this my first virus ?
Hardly ad.doubleclick.net is one of the biggest ad servers on the internet. It is where you get the banner ads from. I can't say why the whole page gets redirected, normally it should be just a single banner or popup ad. One idea is that it's the popup blocker in konqueror that gets confused. Perhaps it tries to block the popup served from doubleclick.net and some bug results in getting the popup in the main browser window instead konqueror has many bugs in its javascript implementation, so this wouldn't be surprising. Try going in to konqueror's settings and enable popups, and then go to amazon.com again. My guess is you will get the amazon page, plus a popup window
On Sun, 2006-10-01 at 23:35 +0200, I wrote:
Try going in to konqueror's settings and enable popups, and then go to amazon.com again. My guess is you will get the amazon page, plus a popup window
My guess was wrong, the redirect still happens It looks like a bug in the way konqueror handles javascript inside iframes (but also some braindead coding on the part of amazon)
Lívio Cipriano <lcipriano@iol.pt> writes:
Hi,
I'm using SuSE 10.1 with KDE, and Konqueror, 3.5.1 and when I try to acesse www.amazon.com i?m hijecked to "http://ad.doubleclick.net/adi/amazon.pilot/;type=inv_pixel;sz=1x1;ord=705?". When I use Firefox, that doesn't happen. Is this my first virus ?
Sounds like this bugreport that was just filed: https://bugzilla.novell.com/show_bug.cgi?id=209390 Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
On Sunday 01 October 2006 13:43, Andreas Jaeger wrote:
Lívio Cipriano <lcipriano@iol.pt> writes:
Hi,
I'm using SuSE 10.1 with KDE, and Konqueror, 3.5.1 and when I try to acesse www.amazon.com i?m hijecked to "http://ad.doubleclick.net/adi/amazon.pilot/;type=inv_pixel;sz=1x1;ord=70 5?". When I use Firefox, that doesn't happen. Is this my first virus ?
Sounds like this bugreport that was just filed:
https://bugzilla.novell.com/show_bug.cgi?id=209390
Andreas
Happens in Kde 3.5.4 under Kubuntu (Ubuntu 6.0.6) so its not a problem only in the SUSE build. -- _____________________________________ John Andersen
John Andersen <jsa@pen.homeip.net> writes:
On Sunday 01 October 2006 13:43, Andreas Jaeger wrote:
Lívio Cipriano <lcipriano@iol.pt> writes:
Hi,
I'm using SuSE 10.1 with KDE, and Konqueror, 3.5.1 and when I try to acesse www.amazon.com i?m hijecked to "http://ad.doubleclick.net/adi/amazon.pilot/;type=inv_pixel;sz=1x1;ord=70 5?". When I use Firefox, that doesn't happen. Is this my first virus ?
Sounds like this bugreport that was just filed:
https://bugzilla.novell.com/show_bug.cgi?id=209390
Andreas
Happens in Kde 3.5.4 under Kubuntu (Ubuntu 6.0.6) so its not a problem only in the SUSE build.
See the bugreport, there's an upstream bug as well... Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
Andreas Jaeger <aj@suse.de> writes:
See the bugreport, there's an upstream bug as well...
Sorry, I mixed up two bugreports the information above is not correct AFAIK, Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
On 1 October 2006 22:10, Lívio Cipriano wrote:
Hi,
I'm using SuSE 10.1 with KDE, and Konqueror, 3.5.1 and when I try to acesse www.amazon.com i?m hijecked to
"http://ad.doubleclick.net/adi/amazon.pilot/;type=inv_pixel;sz=1x1;ord=705? ". When I use Firefox, that doesn't happen. Is this my first virus ?
Regards
Lívio Cipriano
Hi all, I tried changinf the cookies, java and pop-ups settings and the problem didn't disappeared, so, I guess, that behavior fits on the bug reported. Regards Lívio P. S. - I only notice this today.
On Sunday 01 October 2006 16:51, Lívio Cipriano wrote: ......
I tried changinf the cookies, java and pop-ups settings and the problem didn't disappeared, so, I guess, that behavior fits on the bug reported.
It is javascript, the second tab, next to java. As temporary patch you can reject javascript only from amazon.com. -- Regards, Rajko M.
--- On 2 October 2006 05:40, Rajko M wrote: --- It is javascript, the second tab, next to java. As temporary patch you can reject javascript only from amazon.com. It worked, but you have to specified the domain as ".amazon.com"; the dot before "amazon". Regards Lívio
On Sunday 01 October 2006 23:10, Lívio Cipriano wrote:
I'm using SuSE 10.1 with KDE, and Konqueror, 3.5.1 and when I try to acesse www.amazon.com i?m hijecked to "http://ad.doubleclick.net/adi/amazon.pilot/;type=inv_pixel;sz=1x1;or d=705?". When I use Firefox, that doesn't happen. Is this my first virus ?
It wouldn't appear to be a virus: my machine (also 10.1 with KDE 3.5.1) does the same thing. i'm theorizing that it's amazon opening up a popup window or trying to load info in an iframe, and konqueror misinterprets it and loads the doubleclick link in the main frame. i haven't looked at the HTML to verify this, though. -- ----- stephan@s11n.net http://s11n.net "...pleasure is a grace and is not obedient to the commands of the will." -- Alan W. Watts
participants (6)
-
Anders Johansson -
Andreas Jaeger -
John Andersen -
Lívio Cipriano -
Rajko M -
stephan beal