Does anyone's web browser get hijacked to cnomy.com?

[_len]

I run a website that gets tens of thousands of unique visitors. Over the past several months, I’ve received one to two messages a day from users saying that when they clicked on an internal link on my website, they’re automatically redirected to a site named cnomy.com.

We’ve checked our DNS setup, our source code, and opened tickets with our ISP and tech support folks, but not found any issue that might be causing this. Needless to say, we’re not able to reproduce it either. Only once, from a PC not my own, have I ever seen this redirection happen.

The usual suspects are viruses and spyware, but enough users have emailed us that I’m beginning to think that either a significant chunk of end users PCs are infected, or there’s something else going on here. Besides asking users to run a suite of spyware- and adware-removal software, is there anything we can do to track this issue down? Right now I’m asking my more advanced users to run traceroutes and take screenshots of the links on the site.

Thanks,

Len

[Fear_Itself]

_len_:

… I’m beginning to think that either a significant chunk of end users PCs are infected, or there’s something else going on here.

You were right the first time. The removal is somewhat beyond the casual user, so I recommend you direct your infected users to the Malware Removal Forum at Bleepingcomputer.com. They have dealt with this infection, which is associated with the Wareout variety of spyware.

[_len]

Thanks Fear Itself. A search of their forums found many threads related to cnomy.com redirection. Here’s a link to those threads.

Thanks again,

Len

Edit: fixed link.