Corey

iTrader: (1)

New spyware out today that comes in through your Comcast connection via the DNS server.

If you get a webpage that says it is from supportcomcast or something like that wherever you attempt to surf, you are infected, but it is not an actual file on your PC.

They want you to put in your private info on the website, do not.
Also the phone # they list is bogus, it is a busy signal, thus tricking you to use your browser to give them your info.

I ran my spyware apps many times this morning, with no fix.

Comcast told me on the tele a bit ago how to fix it.

Go to your start button and find the run command.
Once there type in cmd, hit enter.

In the text box type in
ipconfig /release
hit enter, and all commands after typing in ipconfig have a space after that word and before the / symbol.

Now type in ipconfig /flushdns
hit enter

Now type in ipconfig /renew
hit enter

Go to your Control Panel on your start button.
Choose Internet Options, and delete cookie and temp. internet files.

Then go below and clear your history.

This is new today, someone took over the dns somehow and it redirecting you to that spyware page.

Hopefully Comcast will add this info to their website soon.

Corey

iTrader: (1)

PS, it just happened to me again as soon as I posted this.
I had to go through all the above steps and do them all over again.

Whoever created this dns spyware thing needs to be shot.

I am sure it will effect me again very soon.

Here is some info member Drew found over on DLS Reports site.
http://www.dslreports.com/forum/remark,18480900

Corey

iTrader: (1)

If anyone has problems, try getting rid of your Comcast DNS numbers and use the Open DNS ones as detailed in the URL I posted above.

I have been attacked about 5 times this morning, but since switching over to the new DNS #s, it seems to be working OK.

I bet Comcast is having a major blowout on with this issue.
Pretty scary when someone can take control of your surfing like that.

arjan

Hey corey about the opendns thing, all you should have to do is change the dns settings in your network properties page for your network adapter. I downloaded the image with the settings:

91TPU

i have comcast and havent gotten anything...

Corey

iTrader: (1)

Thanks Arjan, I inputted as I described over on DSL's forum in both places.
All is working well, the problem has not come back.

From what I read over there, the speculation is somehow the dns servers for Comcast in WA., OR., ID., and CO. were taken over by some perp who started the attack.

91, it should not effect you since you are on the Eastern side of things.

What was frustrating earlier today was that I thought I actually had the spyware on my PC, but the repeated tests did not reveal anything thing out of the ordinary.

And I bet a lot of people will fall for that fake page and enter their info, I almost did, and I never fall for Internet scams.
Calling that 800 # on the page will get you nowhere, that is how they they trap you into getting into the chat session which is bogus, but you have already entered your info to get into the chat.

What I think they would then do with your info is setup multiple email accounts and then start mass spamming via your hi-jacked email accounts.

And here is a screenshot of the page that I and many others were seeing earlier.
It did not matter what you typed in your URL bar or what bookmark you clicked on, this screen would come up in your browser.

Whoever created it did a lot of planning on this one.

arjan

I thought I read somewhere that the opendns website wasn't accesable, that's why I posted the dns server addresses.

Corey

iTrader: (1)

I got on the site just fine, and read through the FAQ over there about them.

Seems now the page I and others were being redirected to may be legit after all, and not a hackers attempt to get our info.

But Comcast still fubared up something bigtime for us to get that page.
I bet they keep it hush hush, but it will leak out to some websites as to how it happened.

dropzone

iTrader: (6)

Stuff like this, plus the never ending price increases is one reason I ditched comcast...though I will admit I miss the speed...

CAM 1

Well..this thing made it to the east coast. I'm having the same problem, I get re-directed to there web page every time I search. I'm trying to work it out right now. McAfee and the newest AVG can't find anything. and cablevision is no help what-so-ever!


Craig.

Corey

iTrader: (1)

Cablevision, that is your ISP?
See is anything comes up here.
http://www.dslreports.com/forums/4

By the way, I am still using Open DNS's numbers, I have not gone back to Comcasts.

The only thing is you have to type in .com .net, ect after an URL, or it will bring up Open DNS's search page.

isaac338

for the more nerdy amongst us it's relatively simple to run your own nameserver locally and avoid this kind of thing from happening ever again. if you're using unix or mac os x it's easy as pie. you could probably find some kind of strange bind port for windows if you wanted, too.

jasonszion

lol sounds like you have a nice little browser hijack... Try running Malwarebytes... (its a free download) to rid yourself of those nasty little things... I work in a computer repair shop and I see that all the time...
btw watchout for the virus called antivirus2009 its horrible...

Corey

iTrader: (1)

Nope, it was not spyware on my end.
Many got hit with it as seen at Comcasts forum on DSL Reports.
http://www.dslreports.com/forum/comcast

Comcast was the one that got hijacked actually, they just did not want to fess up to it.
It effected many people that day.

Windsor

When there are DNS-based attacks like this, you can always just hardcode your DNS server to something away from the hijacked servers.

One I use for network testing is 4.2.2.2, a leftover from Genuity (previously BBN Planet).