View Full Version : Hijacked!
11-06-2003, 11:45 AM
One of my sites is being hijacked. When you go to this site and you (inadvertantly) have a piece of hijacker code on your computer, you will be directed to one of my competitor's sites after a few clicks.
My big question to all you wise and wonderful forum people is:
"What would you do if you found out your site was a target of a 'jack attack?"
NOTE: I want to state upfront: Yes! I ran Ad-Aware / Hijack This / etc. and got rid of my personal problem at the browser level. (I hadn't run either of these since August: in three months, I had picked up 3 pieces of spyware. Guess I should run it a little more regularly...but if I had, I wouldn't have sniffed out why my stats showed fewer page views per client over the past two weeks.)
That said, what I'm REALLY concerned about is that many people don't know how to run Ad-aware et. al., and that my site will continue to lose visitors and page views to a competitor.
So, back to the original question -- what would YOU do in such an instance for damage control? Not at the browser level, but at a higher level marketing, legal, communication, or informational level? I'd like to see a list of brainstorms, such as:
- Use your blog to inform visitors about the importance of eliminating spyware and hijacker ware from their machines.
- Contact your competitor and ask them to stop participating in an unethical practice that gets them traffic, but can potentially hurt their reputation
- Any practical legal recourses? (Keeping in mind that it appears that we're being hijacked by a multi-million dollar company that has approached us for a buy-out a few times this year.)
Jacked in Grand Rapids
11-06-2003, 07:46 PM
Try Spybot best i've seen.
I was thinking at first maybe a popup - maybe on the second page (you said the visitors are forwarded elsewhere after a few clicks?) - but then again, a lot of people hate popups... still if it were an alert window, like when someone right-clicks on a right-click protected page, that jusd had a one sentence warning.
Another alternative would be to have a little scrolling News box on your front page. One of the news items (preferrably the first one your visitors see) says something like "Nov 5 - stealth cookies responsible for loss of traffic. All users warned to run Spybot or adAware" Then, when someone clicks on that news item, you can have a little article page that explains what is happening and warns visitors that, if they see they are forwarded elsewhere, it is because they have such a malicious cookie. Give a link to somewhere they can download AdAware. Also, if your competitor doesn't cease and desisit once they've been notified by you that you know what they are doing, you can add to that News blurb more specific information about who is paying to have these cookies planted on innocent users' systems.
Or tell them all "once you go Mac, you never go back..." Mac OS X is still virus free (according to Mossberg of the Wall Street Journal http://ptech.wsj.com/archive/ptech-20031023.html ) and is also quite resistant to all sorts of malicious threats.
11-07-2003, 06:26 PM
Here's an analogy:
Say you went shopping at Macy's, and their store was in a mall, and was divided between the first and second floors. In order to get from the first floor to the second floor, you take the elevator.
What you DON'T know, though, is that JCPenney, on the seventh floor, has rewired the elevator so that every time the button for floor 2 is pressed, it actually takes the elevator to floor 7.
In the real world, that's called anti-competitive practice, and is litigable under several laws, the Rico Act being the first to come to mind.
Taken from http://www.ricoact.com/:
The extensive use of RICO in the civil context is almost solely attributable to the inclusion of mail and wire fraud as predicate acts. Sedima, S.P.R.L. v. Imrex Co., 473 U.S. 479, 500 (1985). The mail and wire fraud statutes essentially make it criminal for any one to use the mails or wires to advance a scheme to defraud. Note that the fraudulent statements themselves need not be transmitted by mail or wire; it is only required that the scheme to defraud be advanced, concealed or furthered by the use of the U.S. mail or wires. See 18 U.S.C. §§ 1341, 1343. Because every business or corporation in the United States uses the mails or wires to make money, any business who allegedly engages in common law fraud arguably violates the federal mail and wire fraud statutes. As a result, almost any business that allegedly engages in common law fraud can theoretically be sued under the RICO Act.
Your company is being defrauded of business by a scheme of rerouting potential customers to competitors; the company which enables this scheme (and the companies which participate in this scheme) are using U.S. 'wires', and therefore this is prosecutable under the Rico Act.
11-07-2003, 07:09 PM
That would depend on if both companies were based in the US. Personally I'd go after the makers of the malware rather than your competitors because it is they that are redirecting your customers.
11-07-2003, 08:36 PM
I just found this page on how to disable the redirects away from your site! http://www.searchking.com/ezulakiller/
Apparently, this type of sleazy trick is well known, and there is quite a large 'community' of programmers/webmasters who fight these kind of tactics and lots of information is available.
Here is another great site that deals with this kind of thing, it has a lot of links and information - it is how I found the above page: http://www.i4net.tv/ezula.php
This page also suggests Spybot Search and Destroy and I see that I am not the only person that swears by it
11-09-2003, 04:07 PM
All the above comments are terrific... and caused me to think a few whimsical thoughts...
Imagine me calling the cops and saying, "Yeah, someone's stealing from me and I want you to investigate. As evidence: I can produce the code that's being used to steal my traffic, and show you exactly where my traffic ended up."
("I got plenty of muddy footprints at my end, and if you get a warrant, you'll see the pile of dough from my warehouse (redirect stats) at my competitor, as well as a money trail that went from them to the malware firm!")
Currently, I don't think our criminal justice system is technically equipped to make the leap from "that which is unethical" in the digital world into "that which is illegal" in a world comprised of atoms.
Jeepers, that something widely known as "hijacking" (a violent act committed by terrorists in the material world) could be civil instead of criminal in a "virtual" world! In either world, it's stealing, isn't it? And isn't stealing a crime?
Carbonize, you say I should go after the malware folks. Isn't that like going after the hired gun, instead of the person who hired the gun? In the "real" world, both would get a sentence, if prosecuted effectively! :) (I'm being whimsical, remember!)
In all seriousness, I liked the sites where dedicated programmers are working to bring education and awareness to a) programs that hijack b) how to disable hijacks, and c) publicizing the identity of folks that pay the hijackers. (Without paying customers, I'm sure hijackers wouldn't be so keen on hijacking!)
Yet, I'm hesitant to bring any attention to my competitor in this manner (any publicity is good publicity). Calling the cops - futile. Calling the lawyers - expensive. Constantly updating programs on my server to ward against thievery that our justice system is ill equipped to deal with - just plain sad!
But I suppose it's necessary. The whole hijacking issues is not so easily dismissed, is it? I know I will do some sort of hijack awareness article at my site, someday soon (this month!)
One remarkable response to this forum: a lady phoned me, telling me not to worry: karma was going to get these hijacker folks.
She's right: of course. The only reason they have to steal customers is because they can't seem to come by clients by doing the right things. Such a business is usually not long for this world, or the virtual one!
11-12-2003, 12:15 AM
I hate to be the one to point out the obvious. What if, maybe, your had visited the competitors site, and picked up some cookies. Additionally, you picked up some images with the same name, some css, etc, and then when you visited your site. Your machine, or your ISP's boxes, could have cached the competitors site, and served it to you. This cannot be overlooked as a possibility until it's ruled out.
11-14-2003, 07:41 PM
Just a quick note, there are ways to fight back, you can go to Consumer Sentinel (http://www.consumer.gov/sentinel/contribs.htm) and report it. The IFCC has been doing a great job for years.
Just a thought. :)
11-19-2003, 02:24 PM
I have sygate personal firewall pro.It is a free download. I have used it for 6 months now .It runs stabel.You dont have to do anything when someone i trying to hack on to your P.c. it will stop the attac and trace the hacker and shut down the isp router.Might give it a try.You can use it free for a month or buy it. dont know the current price, but i am shure it is reasonable.have any questions .Please post hope this helps you.