Mac google redirecting virus

[munkery]

In terms of the DNS service it provides, OpenDNS should be fine. Given your alternative is Google, both services will have an advertising component to the service.

Just don't overly rely on the anti-phishing services it provides. Given that Google Public DNS does not include content filtering or anti-phishing services, it should be faster and less intrusive.

I looked into Google Public DNS and I would choose google over OpenDNS because it does not require you to sign up AFAIK. Also, PhishTank or Google Safe Browsing anti-phishing databases are integrated into most browsers so you already most likely have that functionality. I believe Safari uses Google Safe Browsing.

[TaylorJ]

Thanks for your replies. Dont know how to multiquote so I'l try to answer peoples comments.

1.) my router does require a password to login. ATM I'm not sure if its the same password as my wifi password, it is very strong never the less. I'm not saying its unhackable, which is impossible, but theres a strong change it wont get hacked.

2.) I havent had the probem again so far, but this tends to happen. It goes away for a few days. Next time it happens you want me to reset the router? As in restore to factory defaults? or just a quick power reset?

If I do a quick factory reset, does that mean I need to connect my printer to my router once again? That was a pain. (printer has wifi and isnt connected to anything)

[munkery]

If the issue is malware on your router, then the only solution is a factory reset. But, if it is password protected, malware is unlikely the issue. A factory reset would include reconfiguring everything from scratch.

How do you login to make changes to settings if you don't what the password is? The only routers that I know of that store the password in keychain are apple routers.

The problem also could be from your ISP not having good security against DNS cache poisoning. An alternative DNS provider, such as Google Public DNS, may be a solution.

[GGJstudios]

Quote:

Originally Posted by TaylorJ

Dont know how to multiquote

To multiquote, click for every post you want to quote, then click .

[thaumaturgy]

I know this is a stale old thread, but I came across it while researching a similar issue on a client's MacBook. I own a small I.T. consulting business in California with about 200 clients; we handle PCs and Macs and everything else for businesses and individuals.

First, in case anyone else comes across this thread through Google, it does not look like an issue with the Mac itself. Resetting your home DSL/Cable/Other modem or router is probably the right thing to do. For people that aren't aware, routers can have two passwords: one to access the wireless network, but a different one to access the administration areas of the router. Having a strong wireless password does not protect your router.

On this system, I'm seeing a lot of redirects and references to drvtrf.com in the user's history in both Safari and Firefox, but there's no indication that anything's amiss anywhere in the System Settings or the BSD subsystem (nothing in crontab; nothing in the hosts file; no strange routes; nothing in "/Library/Internet Plug-Ins"; no funky Safari or Firefox extensions; etc). If there's anything hiding in this thing, I can't find it (and neither can MacScan). So, it's probably not a Mac problem.

That said, the idea that a Mac can't be infected just by clicking on a link on a website is completely false. In fact, it's been done -- at least twice, publicly -- to win prize money. The experts here need to consider for a moment the implications from a security researcher like Charlie Miller being able to keep a remote exploit vulnerability for Safari a secret for over a year. Do you really think there's only one such vulnerability? The only remaining thing that a motivated attacker would need is a privilege escalation exploit, and those show up all the time for Linux and, less commonly, BSD -- so those almost certainly exist in the MacOS as well. A remote browser exploit combined with a privilege escalation vulnerability means that an attacker can install whatever they want, without the user's knowledge, just by getting the user to click on a link or visit a website.

I'm not a Mac-hatin' Windows tech, either; I've used Macs since System 7.5, done development work on them, and reverse-engineered software on them. They're just tools. They aren't perfect. They aren't invulnerable. You do a disservice to people to make them think they are. (Anybody remember the iPhone SMS of doom?) If attackers are targeting Linksys and Netgear routers now, then Macs can't be far behind, and the fact that so many people think they're invulnerable is only going to make the first hit that much more devastating.

I'd also like to remind other techs and professionals that users don't care about the difference between a virus, a worm, and a trojan. They just come to us with problems because we have more background in this technology than they do. They don't need -- or want -- a lecture about the intricacies of terminology any more than we would in taking our car to the shop and complaining about a bad throttle body on an MPFI engine or in calling pest control to deal with flies that are actually gnats. We get positive feedback from new clients all the time that have tried other tech services and been frustrated because the techs made them feel stupid, or weren't helpful, or were argumentative. Being friendly and helpful shouldn't be exceptional in this industry.

Thanks.

[Gregg2]

Quote:

Originally Posted by thaumaturgy

the idea that a Mac can't be infected just by clicking on a link on a website is completely false. In fact, it's been done -- at least twice, publicly -- to win prize money.

Anyone taking the bait?

[GGJstudios]

Quote:

Originally Posted by thaumaturgy

The experts here need to consider for a moment the implications from a security researcher like Charlie Miller being able to keep a remote exploit vulnerability for Safari a secret for over a year. Do you really think there's only one such vulnerability?

No OS is immune to malware or hacking attacks. However, the likelihood of the average Mac user being attacked by an accomplished hacker like Charlie Miller is ridiculously remote. It simply doesn't happen in everyday use. Could it happen? Sure! A tornado could pull my cellphone out of my pocket and throw it against objects in such a way as to dial my local pizza delivery service.... but I'm not holding my breath!

Quote:

Originally Posted by thaumaturgy

The only remaining thing that a motivated attacker...

That's the issue. There's no motive to attack the average user's computer. Charlie was motivated because it was a controlled contest and the prize was money, notoriety, bragging rights and a new Mac. The average hacker isn't being offered those things to go after the average Mac user.

Quote:

Originally Posted by thaumaturgy

They're just tools. They aren't perfect. They aren't invulnerable. You do a disservice to people to make them think they are.

Right. They're less-than-perfect tools. No one is suggesting that they're invulnerable.

Quote:

Originally Posted by thaumaturgy

I'd also like to remind other techs and professionals that users don't care about the difference between a virus, a worm, and a trojan.

If they want to be protected, they should know the difference. Computers are technical devices. It takes reading and learning to know how to properly use hardware and software. It takes no less to learn how to guard against malware and myths.

Quote:

Originally Posted by thaumaturgy

They don't need -- or want -- a lecture about the intricacies of terminology ...

A simple explanation of the basic malware terminology and concepts is hardly a lecture and certainly not intricacies.

There is a lot of misinformation, hype and hysteria being spread over the web about viruses as they relate to Macs. The best defense is understanding the basic truths.

[gnasher729]

Quote:

Originally Posted by TaylorJ

1.) my router does require a password to login. ATM I'm not sure if its the same password as my wifi password, it is very strong never the less. I'm not saying its unhackable, which is impossible, but theres a strong change it wont get hacked.

Basically to everyone: Just change the router password to anything other than the password that the manufacturer has set. _If_ a hacker finds a way to break into one model of router by knowing the username and password used by the router (has nothing to do with your computer, whether Mac or PC, at all), then they will try to attack blindly all the routers, using the username and password that the manufacturer used. By just using changing the password, you will be hundred times safer. Nobody will bother trying to crack your password if there is a gazillion routers still out there with the default password.

[thaumaturgy]

Quote:

Originally Posted by GGJstudios

No OS is immune to malware or hacking attacks. However, the likelihood of the average Mac user being attacked by an accomplished hacker like Charlie Miller is ridiculously remote. It simply doesn't happen in everyday use. ... There's no motive to attack the average user's computer. Charlie was motivated because it was a controlled contest and the prize was money, notoriety, bragging rights and a new Mac. The average hacker isn't being offered those things to go after the average Mac user.

This'll be my last comment on this subject.

Charlie isn't the only hacker out there. Malware has gone commercial; botnets and fraud are profitable. Given that recent estimates put Apple's U.S. consumer market share at somewhere in an impressive 20% - 25% range, and given that Apple claims to have around 50 million Mac users, and growing steadily -- and given that so, so many of those users are consistently receiving bad advice from "experts" claiming that they don't have to worry about malware on Macs -- the question is not "if", but "when" there will be a nasty worm, virus, or other malware targeting the Mac platform. As the Windows security model continues to improve, at last, the Mac platform is going to become the new low-hanging fruit.

Hell, Wordpress has a smaller total market than Apple does, and there are plenty of Wordpress-specific worms in the wild; I've had to clean up some of them. Claiming that it won't be a problem because there's no motivation is ... silly, and contrary to the opinions of most of the people working in the computer security field.

When malware starts to target the Mac, shops like mine are going to get busier, which sucks, because that's really not how I prefer to meet people, and I really dislike having to explain that they've been given bad advice.

[GGJstudios]

Quote:

Originally Posted by thaumaturgy

the question is not "if", but "when" there will be a nasty worm, virus, or other malware targeting the Mac platform.

I'll just quote what I've already said in the link I posted on this topic:

Quote:

Originally Posted by GGJstudios

Since no OS, including Mac OS X, is immune to malware threats, this situation could change at any time, but if a new virus is discovered, the news media, forums, blogs, etc. will be instantly buzzing with the news.

Having virus protection software on your Mac is pointless, as far as protecting your Mac from viruses, since current antivirus software cannot detect a Mac virus that doesn't yet exist, because they simply don't know what to look for.

The bottom line is this: as a Mac user, your chances of being affected by a virus, trojan or other malware are extremely slim, unless you've been careless about where you get software and when you enter your administrator password.

Those statements still stand. There's no need to run around scaring users, saying "the sky is falling!" Mac users DON'T have to worry about malware that doesn't exist. The few threats that are out there are trojans, which are easily avoided. There are so few malware threats in the wild that can have an effect on Mac OS X, that identifying a new one will have the news and forums talking about it, alerting Mac users very quickly. Defenses will be created and Mac users will be protected. Even Charlie Miller's attack is being patched before details are released in the wild.

Are Macs immune? No. Are Macs reasonably safe? Yes!

[munkery]

Quote:

Originally Posted by thaumaturgy

That said, the idea that a Mac can't be infected just by clicking on a link on a website is completely false. In fact, it's been done -- at least twice, publicly -- to win prize money. The experts here need to consider for a moment the implications from a security researcher like Charlie Miller being able to keep a remote exploit vulnerability for Safari a secret for over a year. Do you really think there's only one such vulnerability? The only remaining thing that a motivated attacker would need is a privilege escalation exploit, and those show up all the time for Linux and, less commonly, BSD -- so those almost certainly exist in the MacOS as well. A remote browser exploit combined with a privilege escalation vulnerability means that an attacker can install whatever they want, without the user's knowledge, just by getting the user to click on a link or visit a website.

Arbitrary code execution allows the attacker to take control over the vulnerable process with the level of privileges of the process which is usually that of the user. For example, Safari has the current user's level of privileges.

Privilege escalation is possible if a component (kernel or DLL) of the OS with elevated privileges is accessible by the compromised process but only if that component also has a vulnerability that is exploitable. Not all vulnerabilities are exploitable (roughly 25%).

Therefore, both the arbitrary code execution exploit and the privilege escalation exploit have to be linked together in a logical manner. This is the difficult part; finding a string of exploits.

Even Charlie Miller admits that kernel exploitation is difficult in the following quote from this 2010 interview:

Quote:

macxues: Have you ever written Mac OS kernel exploits?

Charlie Miller: Nope, no kernel exploits against any OS for me. That stuff is too hard

Given that such local exploits are rare for Mac OS X (none known in 2010 and 3 in 2009), the statistical odds of finding a working string of exploits for Mac OS X is not trivial; especially, when compared to the potential to find such strings in Windows.

[Cparker89]

For a few months now, most times I attempt to log on to facebook.com I get redirected to some sort of wiki website. Today, I tried to go to verizonwireless.com. Instead, I was redirected to The Washington Post. The weird thing is that on the link bar, the website I wanted to go to is still there. Look at picture below:: Is there a way to fix this?

[munkery]

Quote:

Originally Posted by Cparker89

For a few months now, most times I attempt to log on to facebook.com I get redirected to some sort of wiki website. Today, I tried to go to verizonwireless.com. Instead, I was redirected to The Washington Post. The weird thing is that on the link bar, the website I wanted to go to is still there. Look at picture below:: Attachment 267810 Is there a way to fix this?

This previous post from the thread may help.

[Piccolopunk]

Running "dscacheutil -flushcache" through Terminal solved all my problems, which were exactly like many described here. (mine is fully updated to my knowledge)

[munkery]

Quote:

Originally Posted by Piccolopunk

Running "dscacheutil -flushcache" through Terminal solved all my problems, which were exactly like many described here. (mine is fully updated to my knowledge)

This will only be a permanent fix if your DNS cache was poisoned by bad configuration. If the DNS cache was poisoned by malware in your router, the issue will return.

[CLS4690]

Hello all. I was looking through these different theories about DNS and viruses/malware, etc etc etc.

Fortunate for me, my friend and I have the exact same router with the exact same ISP. Only difference is that his router is on the default access settings while I created a different password for the control panel. Oddly enough, I only really noticed the google redirect or redirecting issue at his house...

Then I figured, ok, www.google.com is supposed to take me to the Google Website's server(s) at 74.125.127.99. So I typed 74.125.127.99 into my browser and got to google. I then searched something and all the results were correct and the URLs were correct.

Remembering the default login info for our routers, I logged into his router and upgraded the firmware. Once I did so, I restored default settings (can be accomplised via the control panel software or via holding the reset button with a paper clip for about 20 seconds).

After reconnection, the problem was gone and (I bet) will stay gone.

This problem was occurring on my 3 year old macbook, my friend's BRAND NEW macbook pro, and his brother's new macbook, all using Firefox. No sense why it didn't happen in Safari, but oh well.

To solve the problem:
-upgrade your router firmware
-reset/restore your router to default settings
-change the password for your router's control panel (not the WEP/WPA/"Wifi" password)

[xochipilli]

I'm inclined to agree with the previous post.

I have been fiddling with my router and DNS settings last week and I get this 'redirect error' from Google News only, to my knowledge.

Plus, I've been playing with the config settings in Firefox as well and I suspect I may have got a little carried away following online tutorials a wee too much.

I will reset my router, rePRAM my mac and then I may return with results.