[geeks] weird hijack of IE7

Francois Dion francois.dion at gmail.com
Tue May 19 16:09:10 CDT 2009


On Tue, May 19, 2009 at 4:53 PM, Francois Dion <francois.dion at gmail.com> wrote:
> This probably happens all the time, but I have a user that was
> complaining he couldn't access one of our web based application. The
> reason was that his IP was untrusted. It is as if he's coming from a
> machine from scansafe.net, not from the actual trusted network he's
> on. Only on IE 7, firefox is ok. Not sure what is at work here.
>
> I've seen scansafe in my logs before, they were doing some kind of
> buffer overrun attack. Are they legit but incompetant or purely
> malware?
>
> Seen that before?

Oh, and just to clarify, the user has not installed web filtering, we
already have one that is transparent. I am interested in the hijack
part of scansafe.



More information about the geeks mailing list