Telstra Infiltration?
Cefiar
cef at optus.net
Sat Jan 19 13:02:20 GMT 2008
On Saturday 19 January 2008 23:38:45 Shane Handley wrote:
> For example, when i enter 'evil' into the address bar and hit enter, I
> am redirected to:
>
> http://www6.websearch2.bigpond.com/search?qo=evil&rn=gep_LPmUlQciExp
>
> When i enter 2 words, google seems to show up.
>
> Have those evil F**ks been using this new gamearena repository to plant
> their filthy malware into ubuntu machines? Is anyone else experiencing
> this?
It's most likely not changed packages, but a technique referred to
as "Wildcard DNS Records".
What happens is that the web browser tries to resolve "evil" as a domain name,
and if the name doesn't resolve, the DNS servers actually return the IP of
that websearch site instead. It's a very annoying practice and it doesn't
surprise me at all that Bigpond are now engaging in it.
Now if the DNS server didn't return an address, the browser would then use the
word as a search term to the default search engine (google). As spaces are
not allowed in domain names, the browser automatically skips the name
resolution phase and goes straight to the search.
For some info on this and ways around it, have a look at:
http://en.wikipedia.org/wiki/Wildcard_DNS_record
--
Stuart Young - aka Cefiar - cef at optus.net
More information about the ubuntu-au
mailing list