Safari Hijacking??!!
Hi, First point, let's get this out of the way: I know there are neither virus nor malware in the wild for macs.
Now, to the matter: Today, my Safari, Firefox and Mail app were hijacked several times, and were always redirected to this page: www.register.4less.com
Always that I typed an ordinary http address (let's say: www.elnorte.com) in the address bar, I ended up in a site that purportedly belonged to the address I typed (in the address bar said the address I typed), but on the body, there was an image with the logo of register.4less.com, and the text: "Welcome to the future hosting of "www.[whateverityped].com" It was the same on FF and Safari.
It all started when the Mail app warned me that a computer with a certificate issued to "register.4less.com" was pretending to be pop.gmail.com. I obviously cancelled the process, thinking the gmail server was compromised. I then experienced problems connecting with ANY app in my computer, even the RSS reader widget crashed (and when it crashed it couldn't connect to apple for sending the report).
I made several transactions trough an https server (my bank) without any problems, only somewhat slower than the average. After this, any other website which were not https would give me the message I've explained before. I know I shouldn't have logged in to my bank, but at that moment I didn't suspected anything.
Now, some more important information. I live in Mexico City, but right now I'm on vacation on my parent's house in my place of Birth: Monterrey, México. I have a cousin living also in Monterrey, which has refered to me he had encountered this problem with safari before and only in http sites. He told me also that https sites didn't have any problem (ebay and amazon sign in pages, e.g.). He uses the same ISP my parents use. In México city I have another ISP, and have never before had this problem. Right now my brothers are out of home, so I can not ask them if they have had this problem before, altough none of them uses a Mac.
Of course I always have my Mac's firewall on. I also don't have any sharing enabled (neither windows nor personal file sharing).
When I empty the cache this problem goes away for a few minutes before returning (that's how I'm writing this).
I have the pop-up blocker on, and while typing this I changed the cookies to "Only to sites you navigate to", and deleted all of the cookies already installed. This didn't prevented the problem from happening again.
Now guys, help me out here with these Questions:
1. What should I do??
2. What happened?? Could it be that the ISP have been compromised?, or is it my computer? I don't think it is my computer, I've searched the entire HD searching for anything remotely likely to register.4less.com and I didn't found anything. But right now I'm a little scared.
Now, to the matter: Today, my Safari, Firefox and Mail app were hijacked several times, and were always redirected to this page: www.register.4less.com
Always that I typed an ordinary http address (let's say: www.elnorte.com) in the address bar, I ended up in a site that purportedly belonged to the address I typed (in the address bar said the address I typed), but on the body, there was an image with the logo of register.4less.com, and the text: "Welcome to the future hosting of "www.[whateverityped].com" It was the same on FF and Safari.
It all started when the Mail app warned me that a computer with a certificate issued to "register.4less.com" was pretending to be pop.gmail.com. I obviously cancelled the process, thinking the gmail server was compromised. I then experienced problems connecting with ANY app in my computer, even the RSS reader widget crashed (and when it crashed it couldn't connect to apple for sending the report).
I made several transactions trough an https server (my bank) without any problems, only somewhat slower than the average. After this, any other website which were not https would give me the message I've explained before. I know I shouldn't have logged in to my bank, but at that moment I didn't suspected anything.
Now, some more important information. I live in Mexico City, but right now I'm on vacation on my parent's house in my place of Birth: Monterrey, México. I have a cousin living also in Monterrey, which has refered to me he had encountered this problem with safari before and only in http sites. He told me also that https sites didn't have any problem (ebay and amazon sign in pages, e.g.). He uses the same ISP my parents use. In México city I have another ISP, and have never before had this problem. Right now my brothers are out of home, so I can not ask them if they have had this problem before, altough none of them uses a Mac.
Of course I always have my Mac's firewall on. I also don't have any sharing enabled (neither windows nor personal file sharing).
When I empty the cache this problem goes away for a few minutes before returning (that's how I'm writing this).
I have the pop-up blocker on, and while typing this I changed the cookies to "Only to sites you navigate to", and deleted all of the cookies already installed. This didn't prevented the problem from happening again.
Now guys, help me out here with these Questions:
1. What should I do??
2. What happened?? Could it be that the ISP have been compromised?, or is it my computer? I don't think it is my computer, I've searched the entire HD searching for anything remotely likely to register.4less.com and I didn't found anything. But right now I'm a little scared.
iBook G4 12, 1.33 GHz, 60 GB HD, 1 GB RAM, BT, Zire 72, 2 iPods Mini, Mac OS X (10.4.5), . "Nacer es comenzar a morir" Théophile Gautier
