| Author |
pIE's hijacking/redirecting prob |
occupied
Joined: Feb 24, 2007
Posts: 99
From: Middle of Nowhere
PM |
follows what I did to (try to) tackle the trouble:
* disable JavaScript
[HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/Security_RunScripts]
* disable ActiveX [HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/Security_Run/ActiveXControls]
since Messaging makes use of pIE's engine, if we enabled pIE's ActiveX, the messages (text and email) won't be displayed nor can we create any messages as applets don't get executed
* enable aggressive cache flush
[HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings/AggressiveCacheFlush]
which wipes out not only cache contents but also their respective folders and generate new ones, provided that index.dat is also removed, but this must be done manually and requires us to restart the device. if i'm not mistaken, Windows generates new cache folders each month, but attackers who wanna and have the ability to sploit it, if any, won't wait that long. pah, i sound like an expert here, while actually i'm not.
BTW, here's a sample of how can one get owned by strangers: Simple Stupid Redirection, SSR(tm). just a thought. it gives "nice" effects on Windows Mobile(r) devices.
* adding supposedly malicious websites into
[HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMap/Domains]
----
p.s.: slashes are supposed to be backslashes
none worked. weird as it may sound, I even consider to browse with netcat, but apparently this happens not only with pIE, but also with other browsers. for instance, when I use UCWEB, the most noticeable such a hijacking/redirecting attempt takes places on fora eg.PPCGeeksandXDADevsor personal websites.
am I being targeted? if so, this is overly effeminate because the only thing I can do when it comes to mobile is prayingmay the culprit rot in hell.
thanks in advance for your solution (if any). or if you have the same concern as me, please post your experiences here. at least it makes me feel that I'm not the only good human being and a tax payer as well, who suffered from privacy abuse.
thank you too much.
edited: suggestion of grammar police
edited2: adding facts
[ This Message was edited by: occupied on 2009-08-15 02:38 ] | |
|
occupied
Joined: Feb 24, 2007
Posts: 99
From: Middle of Nowhere
PM |
on november 11 and december 5, 2008, I streamlined these pages with msie mobile. both had been tampered with.
the first file was In search of the One True Layout, and the other was http headers. if we look carefully at the former, we'll notice that some urls freak out, ie. "fu2k.org/alex/css/onetruelayoexample/" which is supposed to be "fu2k.org/alex/css/onetruelayout/example/", while info on the latter file was made repeatedly repetitive so the size is somewhat bloated.
not only that, but also my version of WkTASK's general pref says "Show an active task _regardress_ of its setting".
I believe these are only icebergs. as if I can hear somebody says: don't use windows mobile and msie, use nokia or opera; don't use their network, use ours. but of course this is not a whodunnit posting.
attached: print.zip, httpheaders.zip, WkTask.zip (is it made by google? there is a link to google.co.jp in it. it can be viewed with any text editor eg notepad). since I retrieved them and by the time I was writing this, the files were untouched. I only altered the mod time, not the content. judge for yourselves.
the password for all zipped archives: kulprit.
[ This Message was edited by: occupied on 2009-07-10 14:26 ] |
occupied
Joined: Feb 24, 2007
Posts: 99
From: Middle of Nowhere
PM |
if the aforementioned didn't look scary enough for an "evidence" this one (topstories.zip) maybe does.
i didn't call it evidence, bruv. instead it's analysis. and as such, analysis could be wrong. a lawyer, I am not 
btw says who evidences must be spooky? they can in fact be anything you want them to look like; and, if you recon somebody (me, in this case), please don't insist that your (human) targets have to behave like what you like them to behave - that is not scientific, that saves you from frustration and that is the rule of the game.
it's from 5 december 2008's topix.net or mobile.slate.com, forgot the site, but I suspect it's the 1st. sorry about that. the only thing I remember is slate.com's headline on saturday, december 6th 2008 mentioned sumfing about holiday and "How (Not) to Find a Pirate in the Strait of Malacca" - monday, december 8th 2008 was Eidul adha, the most widely celebrated muslim holiday in southeast asia (Indonesia, Malaysia).
each time I viewed that locally-cached file, it will duplicate itself. so there I will see topstories[1], topstories[2], ... topstories[n] in temporary internet files folder. yikes. if this helps (I guess it don't, but it's worth mentioning), my cache folders on those days were 41H3IYHB, CD23CTUV, OX2V89MB and UNIHWZYJ, that blooming topstories[1] file resided in folder OX2V89MB.
since then, my msie mobile had troublems (trouble and problem, that is) caching pages. that's good in that it kept malicious wares away from msie, but the problem is, I don't use the browser frequently. all these happened before I use ucweb.
| |
|
Access the forum with a mobile phone via esato.mobi
|
Posted: 2009-05-29 05:51
