Yahoo Toolbar Redirect: Is it the router?
March 25, 2011 2:06 PM   Subscribe

Do Cisco/Linksys routers sometimes redirect you to a Yahoo Toolbar download page when you try to go to Google, and if so how do they get away with it?

I went to my parents' house over the weekend and brought my Linux laptop. Every time I tried to go to a Google site -- www.google.com, gmail.com, calendar.google.com -- I was redirected to a download page for Yahoo Toolbar. This did not happen on either of my parents' two Windows machines, and it has never happened on my Linux machine on any other network.
On the page it redirected me to, there was no obvious way to click through to Google or otherwise turn the feature off. Obviously, I couldn't install Yahoo Toolbar on Linux (nor would I ever want to do so).

I changed my DNS to 4.3.2.1, and it started working fine.

I assume this is a misfeature of their Cisco router. How does it work? How can it determine if you've already installed the Yahoo toolbar (in which case it presumably lets you go to your destination)? Which models do this and how can I find out next time I buy a router before I buy it? How do they get away with not having an opt-out, and why are there not screaming hordes of people compaining about this on Internet forums everywhere?

It's also possible that this is some kind of virus putting bogus info in the router's DNS cache, but I did make sure my parents have a virus scanner installed and enabled.

Sadly I can't get any more data because my parents live far away.
posted by miyabo to Computers & Internet (10 answers total)
 
it may have been their ISP doing some crazy DNS redirection. Who is their ISP?
posted by GuyZero at 2:13 PM on March 25, 2011


Response by poster: Comcast (in Seattle)
posted by miyabo at 2:16 PM on March 25, 2011


google comcast dns redirect. It's the ISP doing this at the DNS level.
posted by GuyZero at 2:36 PM on March 25, 2011


Response by poster: Possible...Do they redirect valid DNS responses though? And the resulting page definitely doesn't have any mention of Comcast on it.
posted by miyabo at 2:46 PM on March 25, 2011


I've owned multiple Linksys and Cisco routers and none behaved like that by default (which is why there aren't "screaming hordes of people complaining about this on Internet forums everywhere"), but is this a router they purchased or one their ISP provided?
posted by JaredSeth at 3:11 PM on March 25, 2011


Best answer: Possibilities:

1- The router was somehow subsidized by Yahoo.

2- I imagine it is possible for some malware to get into a machine and try the default passwords for the default gateway and change the DNS in there to something of its own design. Possibly something that looks like Yahoo but really isn't.

3- I am almost sure the Comcast dns rerouting BS isn't that insidious. My memory was that it redirected bogus/empty DNS queries to their own site. This may or may not be helpful, as I think it protected from goggle.com and yahho.com mistypes from going to awful porn sites.
posted by gjc at 3:33 PM on March 25, 2011


Next time you visit, give Netalyzr a try. Among other tests, it will give you a full rundown on any DNS screwing about by the ISP.
posted by zengargoyle at 8:06 PM on March 25, 2011


I had Comcast in Seattle for years and it never did anything like that. I'm sure the reason it didn't happen on your parents' machines is because they have already installed the purported "Yahoo toolbar."

Their Linksys router is probably infected with malware. No doubt with a redirect virus.

Their computers are undoubtedly infected, as well. Once this gets cleaned up, be sure they change their Linksys router's default username and password, since that's the most common route of infection.
posted by ErikaB at 10:32 PM on March 25, 2011 [1 favorite]


Best answer: I work for Cisco, but I am not your Cisco support and this is not Cisco advice.

Nope. The cause is something else, I promise.
posted by TheNewWazoo at 11:59 PM on March 25, 2011 [1 favorite]


Response by poster: OK! These answers are very helpful. I guess the most likely possibility is some kind of virus or trojan on the Windows machine escaped the virus detector, logged in to the router, and changed the DNS settings. A less likely possibility is that some kind of Comcast fluke caused DNS redirection when it wasn't supposed to happen.
posted by miyabo at 2:12 PM on March 26, 2011


« Older Splitting security desposit   |   Swimming in bass Newer »
This thread is closed to new comments.