sounds like adware/spyware

get a good spyware remover, not sure what to use for Mac, any have recommendations?

you don't have spyware or adware on your Mac, if it existed, I would have heard about it already.
Or maybe you are the first!

Unless someone had physically access to your machine and changed something.

there is something else wrong here. Especially since you say it happens on all browsers.
Is your website Hosted on your computer or elsewhere?

can you PM me your website URL to check?

This is so weird. It's not happening anymore (to my domain). There is something though.

But, during the time when it was happening, I had someone else check it remotely and it was fine. Also during that time I pinged my server from here and it was the correct IP address.

Now it seems to be domains that are invalid eg. fgfgfgf.net are going to the net.net service.

Either way, I'm 100% definite that my server was not the problem. So that leaves either my internet connection (comcast, linksys rouher), or the MAC itself (Tiger 10.4.2). Nobody could possibly have access to my computer.

I am running ClamXav, but it hasn't found anything yet.

If I ping any made up domain in Terminal - eg. jfhgrtuybb.net - it resolves to 70.85.43.36. It only seems to be affecting .net domains and not .com

Any ideas?

DNS poisoning at your ISP, perhaps? I'd give them a call/email and bring it up.

Now it seems to be domains that are invalid eg. fgfgfgf.net are going to the net.net service.

I'd also suspect the ISP here. I'll go out on a limb and guess this is an "added value" feature offered by your ISP to help poor typists find the website they're looking for, and that it was initially misconfigured, sending all traffic to the net.net site. (But check with your ISP before believing this wild speculation.)

Or the ISP has a "entrepreneur" working for them who happens to have a convenient landing page for lost customers. :(

There is indeed spyware for the Mac. It is not very high at all but I can say that spyware companies will start paying other companies to include some of these 'features' with their software more often.

The spyware for the Mac is rather limited right now, most of which being trojans and keyloggers.

What software did you install recently?

The spyware for the Mac is rather limited right now, most of which being trojans and keyloggers.

reference please.

OS X only.

thank you

There is indeed spyware for the Mac.

When did this happen? I can't find any news articles or reports on the mac sites that I follow. (I'd assume that the first spyware for mac would make tech headlines in major news outlets as well.)

If you don't think you can post the link to the info, please sticky me.

Well there are keystroke loggers you can find those around by searching. The other ones I can't really mention because they are proof of concept and floating around and any mention of it would increase it. Dont need that happening. Its smaller but it is existant.

I wont paste the urls to the Proof of concept code and other uses of it because it could spread even further.

To clarify, the user has to intentionally and knowingly install these programs you are talking about. Obviously, an individual or company can install software that monitors the usage of their own machine(s).

I don't think the original poster would start a thread about software they installed doing what it's meant to do.

Or, are you telling us you are privy to advance knowledge of the first ever Mac OS X virus? That would be news indeed and, no disrespect intended, would require some supporting reference for anyone to take the claim seriously.

(: I wouldn't say anything I didn't know for certain. Re: the issue the user is having with the net.net issue i'm researching that now to figure out where it origionated.

Chico_Loco, fyi - clamavx is a great program, its more of a proactive stance unless your using your own made definitions it will not discover things yet as it is anti virus and currently no known viruses are in the wild for os x.

The person who made the thread may have installed something and another program could have been bundled with it. Just like what was done with many p2p programs on the PC. That was the reason I asked what software was recently installed, if any.

I deal a lot in the mac security industry and also the underground community. rE: viruses, always being developed and worked on its just how it spreads that has been a problem however times are changing now and more time is being devoted to os x so discoveries will be made.

Someone has reported the same issue: [subjunctive.net...] - dns poisoning was suspected.

more time is being devoted to os x

Undoubtedly. There is a race going on right now to be the writer of the first Mac OS X virus.

However, I'm quite certain these net.net problems don't have anything to do with either the Mac or a virus.

so discoveries will be made

Well, we'll have to see about that. ;)

EliteWeb,

First off -- no disrespect intended, and I really mean that.

What you are stating first of all (maybe it’s just my perception ... but) equates to “I have evidence of the first cold-fusion device that actually works. But for the greater good, I cannot disclose anything. But take my word, it’s there.”

OK fine, say I believe you, now what? You keep quite? This doesn’t sound like the work of someone who “deals in Macintosh security”. Most security people who I know (especially Mac security), would feel the responsibility to first off back up their findings. Second to alert anyone and everyone, as knowledge is power in the case of viruses. Programmers can be better prepped, users will know what to expect, etc.

So... Thinking in your logic then, say this hypothetical virus never amounts to anything, thanks to your secrecy. How long until the same loophole is discovered by someone else? Possibly even a governmental plot who’s plans include taking down the Macintosh communities ... Breaking up happy Mac-families all for the sake of the one who really runs the government. MicroSoft.

Absurd? Maybe... But look at your statement through the eyes of those reading on the message board, and offer a little something other than conjecture. A lot of these people are well-educated and deserve that much.

In short, if you have proof, please share it. If you don’t -- feel free to keep it to yourself. IMO a person sharing that they have knowledge of something that borders on myth without providing evidence, is on the verge of being called a troll.

Like I said, please forgive me ... I mean no disrespect, but this is how some of us 'laymen's' are interpreting your statements.

-- Zak

no disrespect taken at all :) im multi-tasking without a ton of time able to post so ill try to include something :D

I'm not going to point out proof of concept for viruses, I will however point out something that did make it to the media and was blown out of proportion and that was intego's virex report [wired.com...] a trojan, but it was proof of concept only so it was not in the wild, when this type of news comes out people blow it up.

Another was opener, a malware item for os x -
[macintouch.com...]

Search versiontracker or google for mac os x keylogger or keystroke recorder or keylog etc.

I love talking about hacks and security issues for the Macintosh :) So if you want plans to the bomb, pretend like I said the Macintosh is secure and there isn't any harm that could be caused. Anything I could drop here id break tos for linking all my own sites :P

I do agree that the issue with the net.net may have to do with the dns issue linked above, however you could change host files and alter the network to make things pull up differnt sites than what your expecting. In this case other people have noticed the same issue happening and it hasnt been limited to the mac moreso major isps.

The first virus for os x, people have been playing with this for quite some time. Then with the contest to write a virus for os x only escalates the process. Then whoever writes the first virus would probably want to be very anonymous because of the attention it would get and the legalities behind virus writing.

So I think it's safe to say we all agree the OP's net.net issue is not related to virus or other software on their machine.

Perhaps we should move our general mac virus discussion (if there's anything further to discuss) to a new thread so as not to dilute any on-topic conversation of Chico_Loco's issue? Just a suggestion. :)

i realize this thread may have long died, but i don't think it's a DNS poisoning issue. i've run into the same problem on my Mac. whenever i try to go to [lists.objectledge.net...] on either Safari or Firefox, it redirects me to a net.net search result page. but, if i try to go here on my PC that is right next to me on the same network using the same router to my cable modem, i can get to the correct page fine. i don't know what this could mean, other than some sort of trojan or worm. any clues?

h