Slashdot Mirror


Reports of IE Hijacking NXDOMAINs, Routing To Bing

Jaeden Stormes writes "We just started getting word of a new browser hijack from our sales force. 'Some site called Bing?' they said. Sure enough, since the patches last night, their IE6 and IE7 installations are now routing all NXDOMAINs to Bing. Try it out — put in something like www.DoNotHijackMe.com." We've had mixed results here confirming this: one report that up-to-date IE8 behaves as described. Others tried installing all offered updates to systems running IE6 and IE7 and got no hijacking.
Update: 08/11 23:24 GMT by KD : Readers are reporting that it's not Bing that comes up for a nonexistent domain, it's the user's default search engine (noting that at least one Microsoft update in the past changed the default to Bing). There may be nothing new here.

2 of 230 comments (clear)

  1. MS Back to their old ways? by MLCT · · Score: 1, Redundant

    I don't know if it is just my perception, but it feels like MS is back to their old ways with a lot of their activities these days - particularly with regard to anything web facing.

    After what felt like a few years of roughly being fair with things, we seem to have had a spate of underhand moves recently. Off the top of my head I can list installing firefox extensions through windows updates without asking (spooking a lot of people including myself - "1 new extension installed what? I didn't install anything"), upgrades to IE8 presenting the user with a complex series of choices - one that implies you should opt in to their accelerator program or IE8 won't install, and the other offering you an express set of installation options or else click through a large number of preference screens - while failing to mention that express settings set IE8 as the default browser.

    And now (if true), engaging in DNS hijacking to drive visitors to their search site. Can they just not accept user preference at all?

  2. Comment removed by account_deleted · · Score: 1, Redundant

    Comment removed based on user account deletion