Comments on: Closing searchportal.information.com Subject

By: T

Fri, 02 May 2008 21:48:17 +0000

searchportal.information.com (and sptc.information.com)is a typo-squatting, ad serving crap outfit.

I have found that several sites (domains) are OWNED by them. All of these sites list the name of the site and under that the phrase, “What you need, when you need it” with a box shaped logo. A large number of sites that are mistyped are owned by them and perhaps people are looking for sites whose registrations expired and an outsider (searchportal.information.com) purchased the domain. See the previously mentioned handcockandmoore.com, or millanco.com, or nhlshop.ca, dineychannel.com (note the missing “s”).

By: William

William — Sat, 22 Mar 2008 02:44:18 +0000

So what do I do if this is happening on my phone? I’m getting redirected to searchportal.information.com whenever I try and go to teh Baltimore Sun’s mobile website. What do I do on a Windows Mobile 6 phone for DNS poisoning?

By: LZZR

LZZR — Sun, 02 Mar 2008 17:31:21 +0000

Bryce,
Most likely it isn’t a virus, it’s DNS pisoning of some sort. In your case I assume the difference between wired and wireless might be simply because of different DNS settings for those connections on your PCs i.e. there may be that your wireless connection properties have DNS addresses that occasionally get poisoned. If wired connection is unaffected and this is the case, try changing DNS servers for wireless connection to the same ones as your wired connection has.
And another thought – if they are using the same pair of DNS it might be that for some reason wireless connection has to use the secondary DNS more often and this gets poisoned unlike the primary one.

By: Bryce

Bryce — Sun, 02 Mar 2008 07:58:46 +0000

LZZR-
I also have been getting redirected to this searchportal.information.com thing and it is making me crazy. Here is something interesting:
We use a d-link brand router in our house. When the computers in the house are connected to the router wirelessly they (all) get occasionally redirected. When connected directly to the net via ethernet cable they will never be redirected. Does this not mean the infection is in the router and not the computers?
You can tell if you could be redirected by directly typing the address of a non-existent website. http://www.hnaadle.com works every time.

By: Evanst3

Evanst3 — Thu, 20 Sep 2007 21:34:10 +0000

I just tried to get a web site for Hancock and Moore Furniture (handcockandmoore.com) and got this “searchportal.information.com”.
I am on a new (march 07) intel Mac (iMac 20). It is home use and stand alone. I am a long time user of computer software, but have only a little knowledge of computers. I don’t know what a portal is.

Thanks to you, Lzzr, I know that this is something to avoid, change passwords and so forth. Is this a threat to my computer? I am naked with this darn Apple; no anti-spyware or firewall or anything else that isn’t built into the machine. Do Ineed to scan my computer for viruses etc.?

By: LZZR

LZZR — Sun, 27 May 2007 12:01:21 +0000

For those thinking it's an innocent fun - think twice! I suggest you check this thread - where user FrankElley in his post of Mar 26 2007 reports something he calls a Gmail Hijack. Looking at his description I can only conclude that we are dealing with the same DNS HiJack to searchportal.information.com as described above. Only this time the IP of Gmail server gets overwritten on affected DNS servers. In my worst nightmares I couldn't imagine it'll go this far! Even the almighty Google isn't immune. I repeat: if you've been redirected to searchportal.information.com instead your Gmail - RESET Your Gmail PASSWORD

By: LZZR

LZZR — Fri, 11 May 2007 15:57:17 +0000

Hi Phil,
To help you I would really need to be there and see how your network is configured. It’s a bit difficult to tell anything without knowing even the kind of proxy filtering software/hardware you use.
One thing I might help you with – it’s sniffing out proxies. BTW you are right, kids are a kind of natural disaster, they are smart and quick and difficult to catch especially where it conserns computers. I know what you are talking about since I’ve got my own little weasel
So, if I got it right the question is how to get proxies ahead of them before they start using them.
In other words we are just looking for fresh updated lists of proxies, aren’t we? It doesn’t make sense to point you to the obvious free proxy search on Google as I believe you are a way past this stage. The task is twofold a) where do we get fresh proxy lists b) how do we check that they are valid so that we can block them. So in many ways you need to do exactly what your kids are doing while findng those proxies and block them instead. So the first suggestion would be to spy on suspected troublemakes trying to get the idea of what their sources are. Social engineesring in other words. Another good source of proxies would be to set up a popular blog and wait for comment spam – this will give you a list of the most malicious proxies updated in nearly real-time.
Now, if you want to digg a bit deeper I’d point you to this resource of all software written to process proxies Charon is by far the most functional, besides you’ll find a bunch of other neat utilities there that are also quite revealing.
As for your last question:

Would there be any noticable sysmtoms with searchportal.information.com?
I see serveral of our workstations directed to that site.

I am not quite sure what the situation is… Do you actually have several workstations on your network displaying searchportal.information.com instead of legitimate sites? If so it seems more like a real trouble, not a symptom!
It could be either because poisoned DNS data somehow got into DNS cache on your system and you can either force update DNS cache or wait till it goes away on its own. Alternatively it can be a Trojan and you know what to do in this case.
Sorry for not being able to offer more help but this is all I can do considering the amount of data I have…

By: Phil Malone

Phil Malone — Thu, 10 May 2007 14:26:18 +0000

LZZR. Just wondering… Would there be any noticable sysmtoms with searchportal.information.com>?

I see serveral of our workstations directed to that site.

By: Phil Malone

Phil Malone — Tue, 08 May 2007 18:45:22 +0000

Thanks Lzzr for replying…

I do content filtering for a school district. Our kids have figured out what a proxy does and they use proxies to get around our filter.

I was wanting to know more about learning internet tools, tricks, or just to pick your brain as to where I should start in becoming a guru, such as yourself LZZR.

I understand just enough to be dangerous… LOL I’ve been working with internet content filtering for about 3 years. And trust me, the kids know more than I can react to. I like to get a step ahead of them.

Right now I (hope) that I gotten about 90% of the known proxies blocked. We do use a service which updated every 24 hours, but it doesn’t catch everything.

What would you do to find out more about determining proxies sites that are being used a our network?

By: LZZR

LZZR — Fri, 04 May 2007 13:54:19 +0000

Hi Phil,
Thanks, first of all
I’ll try to help as much as I can but I don’t think I understand the question…. What exactly you are trying to do? Particularly what do you mean by sniffing out proxies?
I am intrigued