polonus
9
Elsewhere I have warned about DNS manipulation being the main new trend in malware proliferation and this is growing into a main attack line.
In your case consider this: http://intodns.com/openx.net From there:
Missing nameservers reported by parent FAIL: The following nameservers are listed at your nameservers as nameservers for your domain, but are not listed at the parent nameservers (see RFC2181 5.4.1). You need to make sure that these nameservers are working.If they are not working ok, you may have problems!
aus1.akam.net
asia3.akam.net
ns1-208.akam.net
WARNING: SOA MNAME (ns1-208.akam.net) is not listed as a primary nameserver at your parent nameserver!
Your SOA EXPIRE number is: 2678400. That is NOT OK
This is an ongoing story: http://support.clean-mx.de/clean-mx/viruses.php?domain=openx.net&sort=ns5%20desc
Google browser does not even let me search r dot openx dot net queries...blocked (searchengine security extension in Google Chrome blocks)
Some goodies from there: https://www.virustotal.com/en/domain/r.openx.net/information/ and even file infectors like VIRUT -
say bye bye to your computer.... :o
See the delayed Scranton, USA results: http://check-host.net/check-dns?host=r.openx.net
See: https://ip.robtex.com/173.241.240.7.html
and http://support.clean-mx.de/clean-mx/viruses.php?ip=173.241.240.7&sort=first%20desc (https://urlquery.net/queued.php?id=46778594)
See: ET WEB_CLIENT Possible HTTP 500 XSS Attempt (External Source) in https://urlquery.net/report.php?id=4960967
Read Will Metcalfs musings on the IDS here: http://seclists.org/snort/2010/q4/319
Browser cursor manipulation due to lack of input/output validation and server hardening is obvious here!
Probably that is what was taken place inside your IE browser at the time!
How they attacked: http://support.clean-mx.de/clean-mx/view_virusescontent.php?url=http%3A%2F%2Fr.openx.net%2Fset%3Fpid%3D21a19823-5de3-4917-bc81-a4edea5127ff%26amp%3Brtb%3D4255378259941066298%26amp%3Bcc%3D1
Compare this info with your experiences and we can continue our investigations from that point.
polonus