<Change to suit your post>

And this is why (Mac/Linux) is so much better then (XP/Vista/Whatever else MS makes). MS is the root of all the worlds (evil/greed/failures/etc). (MS/Windows) (sucks/is the devil/should go out of business). Thats why I'm a (Mac fanboi/Linux fanboi/<distro of the week> fanboi). (Rant rant rant windows sucks blah blah flames rant rant, (suck off Jobs [please only use if your a Mac fanboi/girl]). (Ignore the blatantly obvious fact that not all of the servers are runnign MS software and rant some more while starting to froth at the mouth AND TYPE IN CAPS ABOUT MS SUCKING SO MUCH MAIKNG TYPOS AND MSTAKES)

/Cheerio have a nice xMas all :)

I just got burned on a microsoft[-like?] site.

What a PITA.

Nothing[ZA, SDoc, etc] seems to remove it.

gotta love M$

...is for the open redirector to check the browser's referrer, and if the referrer isn't the same as the site's domain, don't redirect. Most redirectors are internal, and used only within a specific site, so if the redirector sees a referrer that isn't from the hosting site, something's wrong.

I first noticed this problem myself in November, and blogged about it at

http://tacit.livejournal.com/270792.html

Try MawareBytes' Anti Malware and Trend Micro House Call. If neither can remove it, you'll probably need to hook the hard drive to another system and scan it from the other system. eBay has cheap USB to IDE/SATA/Notebook IDE cables which are handy for this purpose.

Checking the referrer (technically the referer) is not fail-proof security. The referring url is supplied by the browser, and as such can be spoofed to tell the server whatever they want. Also, since many security packages strip the referring url from browser requests, you can't even rely on a legitimate request to have a referring url. They are nice for statistics, helpful logging of obsolete links, etc. but as a security measure they are really worthless.

It's always the big corporations that screw up the simplest of things.

@Franklin: Donn is right, the referer cannot be trusted, either because some users have it permanently blocked/changed, and also that it can be easily forged.

The way I do "open" redirects, is to pass the destination, as well as the calling page to the direct script. Because the whole site is DB driven, the redirector simply opens the calling page from the DB, and checks the destination exists within the calling page. If it doesn't, get stuffed.

In the calling page, write the redirect URL like: "/redirect.php?from={CURRENT_URL}&to=www.somesite.com" then use PHP to replace all instances of {CURRENT_URL} with the current URL on page generation.

A self-maintaining white-list -- it's the way to go :-)

See here:

http://www.savagereactor.co.uk/posts/2008/12/14_safely_redirecting_with_a_url_parameter.html

You beat the first one by just 11 minutes :o)

There is no need for redirect at all. If it's internal then how about just transferring to another page - if its external and honest then putting a clickable link would suffice. All browsers should offer a disallow redirect/reload/refresh that is obvious and up-front.

I know you can do it in FF

@ Dan Goodin: To call these scumbag gangsters 'miscreants' is akin to describing Moira Hindley and Peter Sutcliffe as anti-social pranksters.

The real problem with exploits like this, and other things like phishing, spam, and quite a lot of malware is that it can only really be easily addressed through user education. You cannot expect to give people free reign on the most complicated device ever produced by man and expect them to be able to operate it with no training what-so-ever - it's going to end in problems whatever you do.

See the AC post above whever he blames 'M$' for his own stupidity. I don't think any platform outside a locked down walled garden* is immune to social engineering attacks - these sorts of people will fall victim even without a computer involved.

* The Linux 'repository only' method is a walled garden - as soon as people start releasing software without going through the main distibutors in their Apple store-esque closed system (which will be as soon as people start using it) then Linux will suffer the same problems.

When will they ever be caught and dealt with on live TV?

How'd you manage to get from Myra Hindley to Moira Stuart in one short leap?

FWIW, Ms Stuart and Ms Singleton comprised my fantasy menage a trois back in the days when I was tugging it a lot.

Anyone want to share?

"When will they ever be caught and dealt with on live TV?"

The XSS Factor?

Don't tell me you were on your knees in front of the telly trying to look up her mini - skirt? I'm told a lot of young lads did that, err.....

Paris, because none of that is necessary anymore.

that someone with some authority over domain name and web server management reads El Reg? A few hours to fix any problem is fast in anyone's book. For the first time in my life, I can thank MS for doing one thing right: subsidizing El Reg, if they click any Google AdWords on the site.

I think Sergie Kaponitovicz has a valid point.

These people are not mere "miscreants" any more than the Moors murderers were just being "very naughty".

These "miscreants" cause very real damage in the real world and while it's nowhere near as heinous as torture and murder, describing them as "miscreants" allows them to diminish the seriousness of the all-too-real damage they do, not to mention their theft of bank details, card numbers etc.

Perhaps you should spend a day trying to work with some of the victims of these "miscreants". Having a shagged computer is the least of their worries when their entire savings are no longer in their bank account.

The victims have a very real perspective of the situation.

I'm gettin fed up with Google alerts notifying pages that redirect to scareware sites. Can't Google check the links for redirects before it sends out the alerts?

The blacklist system run by the nice people at javacoolsoftware.com helps a lot. Such redirects eventually end up at an IP or a domain name and that is (hopefully listed in the hosts files as 127.0.0.1

Unfortunately those most likely to fall for redirect scams are the same ones who would never install or maintain prophylactic software in the first place.

I'd call it Darwin in action but everyone else EXCEPT the victim ends up wearing the lion's share of costs.