01-18-2012 02:02 AM
One of my Macs has had both Safari and Firefox affected by something that redirects many urls to a page on searchdiscovered.com that says it is the page you are looking for. It happens for google.com and also facebook.com - not all the time though. Other sites don't seem to be affected. Does Sophos know about this and does MacHomeAV deal with it?
01-19-2012 10:06 AM
There are a number of ways this could be accomplished, some of which we detect via MacHomeAV and some we don't.
The first things to check are:
It is also possible (especially if your DNS settings point to 10.x.x.x or 192.168.x.x) that an attacker has gone after your network firewall/router, and not your computer. In this case, you should log on to the device as administrator, check that the device's DNS settings point to the right place (your ISP's DNS servers, Google's DNS servers, or OpenDNS's servers, for example), and if they don't, then change them back, change the admin password on the device, and ensure that the device can not be administered from the internet.
There are many other ways this can be done as well, including replacing your default search page, your default home page, patching the browsers themselves, etc.