DNS Hijacked?
-
This morning I was browsing the finance.yahoo.com site and when I clicked on a ticker symbol to get the current market info, a page came up that said my computer is locked up and I needed to call the number on the page to prevent data loss.
At first I panicked thinking my laptop has malware, but then I realized I am still in the browser and just closed out the tab.
I have pfBlockerNG with DNSBL enabled and all my DNS queries are redirected to my pfSense to ensure it uses the default pfSense settings (root servers). I ran a Windows defender quick scan and everything came back normal on my laptop. Given that I have pfBlocerNG and DNSBL running, I am now surprised that I even landed on the scam page.
Can someone explained how I could have been redirected to this scam page? Is this something I need to check on my laptop?
-
https://forum.pfsense.org/index.php?topic=143474.0 read then check the DNS results, if they are fine it's either a compromised website (yahoo has a history of security fails) or something on your laptop.
-
I checked the DNS at whatsmydns.net and it came back with all green check marks. I assume that is good. As far as the rest of the thread, there were a lot of commands that went over my head.
I have not seen the problem since that one incident. It so happened when this incident happened, the finance.yahoo.com site was real sluggish and I would get a lot of connection errors. So maybe yahoo was under attacked?
I did a full scan of my laptop with Windows defender and it came back clean.
