Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Internet Explorer

Reports of IE Hijacking NXDOMAINs, Routing To Bing 230

Posted by kdawson from the if-I-want-bing-I-will-type-bing dept.
Jaeden Stormes writes "We just started getting word of a new browser hijack from our sales force. 'Some site called Bing?' they said. Sure enough, since the patches last night, their IE6 and IE7 installations are now routing all NXDOMAINs to Bing. Try it out — put in something like www.DoNotHijackMe.com." We've had mixed results here confirming this: one report that up-to-date IE8 behaves as described. Others tried installing all offered updates to systems running IE6 and IE7 and got no hijacking.
Update: 08/11 23:24 GMT by KD : Readers are reporting that it's not Bing that comes up for a nonexistent domain, it's the user's default search engine (noting that at least one Microsoft update in the past changed the default to Bing). There may be nothing new here.
This discussion has been archived. No new comments can be posted.

Reports of IE Hijacking NXDOMAINs, Routing To Bing More

Reports of IE Hijacking NXDOMAINs, Routing To Bing

Comments Filter:

  • Re:Who cares!?! (Score:3, Interesting)

    by Darkness404 ( 1287218 ) on Tuesday August 11, 2009 @06:15PM (#29030771)
    No, no it shouldn't. http://www.donothijackme.com/ [donothijackme.com] does not show up with anything, it opens up a error message reading "Server not found Firefox can't find the server at www.donothijackme.com. * Check the address for typing errors such as ww.example.com instead of www.example.com * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Minefield is permitted to access the Web."

    Example.com on the other hand -is- a valid site and will return "You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser. These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3." if the point is searching for an invalid site to test for this, why the heck would you use a valid site which wouldn't return the error message?

  • Re:Who cares!?! (Score:3, Interesting)

    by Wuhao ( 471511 ) on Tuesday August 11, 2009 @06:19PM (#29030823)

    Can you point me to the relevant RFC, or at least a standard from a recognized standards body which is being violated here?

  • Re:Who cares!?! (Score:4, Interesting)

    by MyDixieWrecked ( 548719 ) on Tuesday August 11, 2009 @06:23PM (#29030881) Homepage Journal

    Domain hijacking is a huge deal for me. Primarily, when I'm on an internet connection that's hijacking the domain, if I type 'amazon', firefox first checks if I have an amazon in my searchdomain (ie: amazon.example.com), and if not, it tries adding a .com, then a www. and a .com... if the ISP is hijacking it, I get an answer to 'amazon' with the hijacked page. This means that I have to type the .com every time.

    with a browser doing the same thing, I could be trying to connect to my primary server (wolverine) and if I mistype the webaddress, it redirects me to bing, changing my URL bar to the bing URL which means that when I've typed 'wolverine/some/really/long/path?with=variables' I have to go type that whole thing over again to correct it rather than just fixing it in the addressbar.

    so, hijacking the DNS is a BITCH and is totally annoying all the time.

  • Anonymous Coward (Score:1, Interesting)

    by Anonymous Coward on Tuesday August 11, 2009 @07:13PM (#29031479)

    Of course, the "Slashdot effect" (of everyone trying "donothijackme" in their browser) has now caused an increase in the requests for that domain, and now someone (wisely) has purchased the domain www(dot)donothijackme(dot)com and re-directed THAT to their primary web page...interesting use of an unrelated article to promote one's own business.

    I chose not to link to that site again in this post. Just doin' my own little part to not artificially inflate his traffic numbers.

  • Re:Ridiculous (Score:4, Interesting)

    by supernova_hq ( 1014429 ) on Tuesday August 11, 2009 @07:26PM (#29031637)
    It is if he drives you to the library to look it up, which is what IE is doing by redirecting you to bing.

  • Re:Verizon does it for me... (Score:1, Interesting)

    by Anonymous Coward on Tuesday August 11, 2009 @08:07PM (#29032007)

    No, as usual, when there is /. FUD or stupidity, it's kdawson's fault...

  • Re:Who cares!?! (Score:4, Interesting)

    by Burning1 ( 204959 ) on Tuesday August 11, 2009 @08:08PM (#29032013) Homepage

    This isn't an example of domain hijacking, this is an example of an annoying browser feature.

    Domain hijacking refers to a range of activities, some of which are illegal, and some of which are just annoying. In the traditional sense, domain hijacking usually involves exploitation of domain registrar update process or social engineering to steal a domain name, and direct traffic to another (possibly nefarious) website. In this case, someone has literally taken (stolen) another person's property and used it for their own purposes.

    I've also seen the term legitimately used to describe NXDOOMAIN hijacking, where ISPs answer requests for 'nonexistant' domains, redirecting traffic for their own purposes. This causes a lot of headaches for IT, but is not illegal.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close