Slashdot Mirror
Some Bing Ads Redirecting To Malware
An anonymous reader writes "Security firm ThreatTrack Security Labs today spotted that certain Bing ads are linking to sites that infect users with malware. Those who click are redirected to a dynamic DNS service subdomain which in turns serves the Sirefef malware from 109(dot)236(dot)81(dot)176. ThreatTrack notes that the scammers could of course be targeting other keywords aside from YouTube. The more popular the keywords, the bigger the potential for infection."
Posting to undo accidental mod
People use Bing?
Laughter is the Spackle of the Soul.
...ad hosting network (that happens to be used by major search providers) compromised to serve malware.
I suppose you can be mad at Microsoft for not constantly scanning their customers, but "Bing ads" is still misleading in the usual headline sensationalism way...
Nothing to be afraid of here, unless the same ads are place beside Yahoo! search results.
Linux is for people who don't mind RTFM.
And we get the MS logo instead of the Borg Bill. :(
...and for those of us who think that ads -are- malware, just targeted at a different processor, AdBlock still takes out two birds with one stone...
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
Why not? .... Money is money .....
Aside from the other obvious reasons, such as "it looks awful" and "for the types of things I search for, it's vastly inferior to Google".
If your cpu is overworked by browsing 1 secure site, you might want to consider an upgrade.
Clicks on ads? They deserve to be infected with sirefef. Plus, it's job security for me. Sirefef is a piece of cake to remove for me, but my customers are dead in the water. Money is money.
They will get my money when I buy their product not before.
Paywalled sites *should*, in best practices, be more secure and *should* not include as many targeted ads. That isn't to say they aren't vulnerable to attacks or browser based hijacks that redirect traffic regardless. Unfortunately sites like Amazon video/hulu plus are jammed with ads even when paying for the service. What I need is for the internet to be something other than a place for advertisers to intrude on my privacy.
I do it because as key lengths get longer, it is harder and harder to browse the HTTPS web using a telnet client. That is even with my pocket calculator nearby!
I started using it a couple weeks ago because https is a useless waste of cycles. ...
but at least they don't force you to use https and heat up your but at least they don't force you to use https and heat up your CPU for no good reasonCPU for no good reason
What.
I had someone else trying to tell me that scp is slower because encryption slows the file transfer.
I.... I just don't know...
What the hell is going on?!
--
BMO
Perhaps you should consider upgrading from a 200MHz Pentium Pro. Just sayin'.
You are in a maze of twisty little passages, all alike.
What do they expect? Of course Bing is going to link to microsoft.com.
"National Security is the chief cause of national insecurity." - Celine's First Law
People use Bing?
Yes. More than a few software packages try to incorporate a Bing bar plug in and set the search engine/homepage to Bing. That includes some software that is not outright malware (well, at least not before they chose to make money on pushing toolbars).
DirectX install tries to peddle Bing Bar which is installed with default settings.
The actual article is here. TheNextWeb is a stupid site that doesn't work at all if you are not running Javascript. I choose to block most scripts, partly because.. a lot of ads are infected with malware. Yuk.
Never email donotemail@WeAreSpammers.com
I think the pertinent question is whether Microsoft or Google or Yahoo should responsible for the ads they show.
Take any given major website, turn off AdBlockPlus, FlashBlock (or alternatives), and NoScripts (or alternatives). How many ads can you count that are of the nature: "Learn that 1 wierd trick to lose 10 pounds" or "Enter your age to see if you qualify for money to go back to school" or "blah blah obvious scam".
They are everywhere. Now for me, I think much less of a website and the entity that owns it if they are serving these ads. I actually feel that if you get scammed through one of them it should be the website's fault for being party to a crime, because they served you the malicious ad.
If I had a brick and mortar business, and people paid me to stand inside my business and "demo products" or something, and you came in and got scammed, you would be pissed at my business. The business might also be liable.
Obviously the internet is different than meat space. Obviously you cant fix stupid. So who is responsible for serving a malicious ad?
That's a tautology.
"National Security is the chief cause of national insecurity." - Celine's First Law
Hey man, google STEALS your information! MS told me so. So that must mean that MS doesn't do that. I mean, they'd be HYPOCRITES otherwise. So I use Bing to keep my porn searches safe. My sexual attraction to boobs and butts will remain safe from the NSA.
Whatever your problem is, it's not with SSL.
AES-256 on my old laptop works at 65 MB/s. AES-128 goes at 90MB/s. This might be a bit of a problem if you've got a gigabit LAN and are using it to full capacity, but given that googling stuff amounts to about 24K there's no way that is making a noticeable difference.
Well there's Steve Ballmer, Bill Gates, Steve Ballmer's mom, and Bill Gates' mom.......and that's about it.
Not defending Bing in particular here, but every ad network gets utilized to deliver ads by malicious parties. Every ad company you can think of has staff that work full time just to look for and filter out malicious ads. A pretty significant portion of all malware is delivered my ads that are unwittingly served by sites from Facebook to CNN or any other site you can think of.
Here's a nice link to a NIST report on the matter that you can get to once the government gets back to work. The problem goes back many, many years, so why on earth is this being reported as news?
Is every person _for_ advertising either in the industry or not old enough to remember what was? Business is the guest here, not the public, this is our network. If content makers can't make money without obstructing the people they want to encourage then I would rather not have their content. Ads or paywall? How about fuck you, get off my fucking lawn and take your stinking rat friends with you.
That was my first thought, too. My second was, "People still use Windows?"
Good, inexpensive web hosting
In that case I'll take seven of them.
"People still use Windows?"
For certain values of "people".
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Well it is. SSH protocol overhead is higher than the minimal TCP overhead on the data connection for an FTP transfer. Whether this is significant or not is a different issue, but the statement is strictly true.
Why don't you start up your own web server for your grumbling and put it in an Old Farts Web Ring so people can find it? Because, you know, all the web search out there is ad-supported as well, and you won't have any of this, don't you?
If Slashdot disappeared, we would. Before the rise of the Glorious Advertisers' Internet you love so much, we would probably have been on email lists, which no-one paid for other than a few bucks a month from the person running them.
Most people these days who use Google use more than just the search feature, but that being said, even if you don't that is a phenomenally ridiculous reason to switch search engines from Google to Bing.
OK. You have to be trolling. You don't trust Google with your searches, but you do trust them with your entire computer. Excellent.
If you aren't trolling: News Flash: Google isn't protecting your data any less than Microsoft. If Google reports more, it means they are more honest. What you are doing is sleeping with the local whore who swears she never cheats on you because your ex-girlfriend "admitted" that she had sex against her will.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Surely if Bing gives you a link to Bing, then Bing is linking you to malware...
doesn't every body love bonzi buddy?
lose != loose
If you aren't paying for the product you are the product.
From my Slashdot page:
Disable Advertising [X]
As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable advertising.
So, being "gramps" has its advantages you Johnny-come-lately ageist git.
Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
Apparently. And they both just got... sbinged?
Says the person who wants all the content they can grab for free.
Nothing costs $0. Do you want ads or a paywall?
I think what most of us want is "no malware". Do I block ads on parents', friends', in-laws' browsers so they get stuff for free without distraction? No, I block them to minimize the number of malware infections I have to clean up.
I am not a crackpot.
Bill Gates's mom is dead, you insensitive clod!
I do when Google tries to be too helpful and fails to give me the results I actually want, assumning I mistyped.
Clearly most people have never used it, yet there seems to be a strong opinion that it's rubbish. I wonder how people know.
And no website wants $1 when they can get $2. This is not about costs, it is about companies wanting to make profit.
nosig today
Because of this I was messing around and found the biggest act of defiance anyone or group can do is turn off cookies.
Yep. 4 of them to be exact.
Advertisers have risen from their graves to eat your brains. Stop them with adblock plus / edge, noscript and ghostery.
You know they are effective when advertisers call them the 'trifecta of evil' - http://www.makeuseof.com/tag/adblock-noscript-ghostery-trifecta-evil-opinion/
Oh, and if you happen to be an advertiser who is reading this comment, I have a very special message to you. Advertisers: please kill yourself. You failed out of your chosen field and profession and have become an advertiser. You have nothing to live for. Everyone hates you. Please, please kill yourself.
Except the crap in the "Promotions" label turns out to be third party crap listservs, wholly unrelated to nor which came from Google, that you signed up for when you ordered that new hard drive from Amazon or put your email address on that paper form when you signed up for your Staples Rewards card. This is random shit you would have appear in your inbox (assuming you aren't using filters) regardless of whom you choose your email provider to be.
Now, if Microsoft called it the "Screwhoo!" campaign, that'd actually have at least a tiny bit of truth to it. I used the Yahoo! Mail app on my Android device to check my Yahoo! Mail inbox for the first time in who-knows-when and there was an actual "sponsored" item at the top of my inbox that wasn't even email, but a direct advertising link! Screenshot.
It's an answer. One of two possibilities.
Is it possible that there's such a strong dislike of Microsoft on Slashdot that people will dismiss it as rubbish without actually trying it?
Some people are into that...
Bing ads that infect users Microsoft Windows computers with malware, shurly :)
I use it for Bing rewards. I have no loyalty to any particular search engine and if Microsoft's going to pay me to use theirs, so be it.
You have to be trolling. You don't trust Google with your searches, but you do trust them with your entire computer. Excellent.
Nope. I don't trust *anybody* so as long as it's all out there, I might as well not be wasting cycles. As for my machine being underpowered, bollox! I think there might be some dust impeding airflow, and it's a laptop and a pain to clean out. It's probably on its last legs anyway. Whether or not https is a major contributor, I don't know; but it can't hurt to get rid of it it I don't care because I'm actually *not* wearing a tinfoil hat as some people implied. I mean, if I were wearing tinfoil wouldn't I be running https through multiple proxies or something and not caring about how fast the browsing is? I mean, sheesh... you never know how a post is going to go over on Slashdot. I guess most of the pushback is from the fact that I'm a long-time Microsoft user (on the desktop, not servers), make no apologies for it, and never will.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
This is a tautology, too.
Your programmers are too lazy to give me options that make things run efficiently, and I'm unwilling to shell out a few hundred dollars to accommodate your lazy programmers. We seem to have reached an impasse.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
" but the statement is strictly true."
There's "mathematically true" at arbitrary precision and then there's reality, where the difference is not even a rounding error when brought to 4 places.
Anyone who says that scp is slower than unencrypted, as if it makes a real difference in wall time, needs a slap.
--
BMO
That's typically fairly trivial though.
Now, if packet compression is occurring and you're sending highly compressible files...
Windows NT 3.5 could boot with 12MB of RAM. Think about that.
It probably didn't work well, but I was doing an experiment for fun because I had a stack of 1MB SIMMs and a little device that let you stack a bunch into a single memory slot. Nowadays, Solitaire probably can't run in 12MB of RAM.
You are in a maze of twisty little passages, all alike.
No. The pushback is because you made several ridiculous statements. Switching search engines because of HTTPS is a completely 90s thing to do. In 2013 it makes absolutely no sense whatsoever.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Switching search engines because of HTTPS is a completely 90s thing to do. In 2013 it makes absolutely no sense whatsoever.
Really?. A lot of those hits are quite recent. I'm not stricly blaming https necessarily either. It might have something to do with the fact that I'm slinging everything through a HOSTS file, NotScript, and Flash blocker. Once again, I don't care about the bloody NSA or even some wanker who might want to say, "look at all that dudes gay searches" because I can't do anything about somebody who is really, Really, REALLY determined to frame me or embarrass me. Those are political issues, not technical issues. The Internet is a postcard. I care about performance and not having my machine bogged down with scripts, Flash, exploits, ads, etc. If not blocking those things makes the web unusable, and blocking them makes the web too slow, then I'm drawn towards a sad conclusion: The web is dead to me. Anyway, I digress. It's not stupid. The https may not be the actual problem; it might be the combination of https, Chroms, plug-ins, and Google's search pages. I don't care that much. Just because I'm a geek doesn't mean I find *all* technical problems interesting. If switching off https fixes it for reasons that have nothing to do with https itself, then fine. Now that that's settled, we can all get on with our lives.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Yes. Really. You don't seem to understand what you are reading. Those are discussions of overhead on the server side, and everyone who knows what they are talking about says the same thing: It is about 5% overhead. The idiot who looked at rendering the Apache "It Works" page has no idea how to benchmark. You are doing a search. Unless it adds milliseconds (and more than about100 at that) you won't even perceive the difference. Or in other words, you won't even perceive the difference.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Well, I'd rather be Scroogled than Balmered any day.
Clearly most people have never used it, yet there seems to be a strong opinion that it's rubbish.
I tried it when it first came out. It was rubbish. Occasionally when Google goes haywire and gives me shit results I'll try Bing again... and get even shittier results. The last time I tried Bing, I was looking to find how to register for an ISBN. Bing's top result was a hardware store.
People think it's rubbish because they've tried it and seen that it's rubbish.
Free Martian Whores!
Nothing costs $0.
How much are you paying for the air that you can't live without? How much are farmers paying for the rain that waters their crops? How much does a Cory Doctorow e-book cost? How much does it cost to watch a sunset? How much does it cost to write a book? (granted, actually publishing it is >$0 but writing it costs $0.) How much does it cost to noodle catfish?
You're a fool, AC. The things you need the most -- air and water -- cost $0.
Free Martian Whores!
If I'm paying for the content there damned well not be any ads whatever. I'll pay with money or by watching ads, but not both.
Free Martian Whores!
I'll take 10 if I can get a discount for buying in bulk.
And yet, nevertheless, I perceived the difference. As Yogi Berra said, "In theory, theory and practice are the same. In practice, they aren't".
I've heard there are some issues with SSL on XP. It's not an issue when dealing with a bank where it's mostly text; but for images and maps it just didn't scale for me.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
OK, here's what I think *really* might have happened. Ready? Drum roll.... it was... TADA! Google's roll-out of https to everybody. Why do I think this? Because I just tried it and it seems quite snappy. I noticed the problem on the first few days of https being rolled out to me.
Was there a Chrome update? I don't know. Damned thing updates itself all the time. Did Google need to allocate a few more cycles to the task than they had initially thought? I don't know. I don't work for Google. Was the whole thing psychological, based on my perceptions when seeing "https" in the URL bar? Possibly. That's the only mental error to which I might admit here. There's no way to test all of this, unless somebodyd who works for Google would like to chime in.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
What the hell is going on?!
This was hashed out a bit in another thread below; although no real conclusion was reached. After reading a few other search results, I've seen some other people having trouble with their browser cache after the switch to https. I went back to Google searches and it worked at normal speed. Unfortunately, I don't actually recall when I last flushed my cache so I can't correlate it. In retrospect, that should have been my first course of action instead of reflexively blaming https.
I hope *some* people on Slashdot have a more open mind about things like this, and aren't just eager to make themselves feel good by being condescending. Sorry... that's not directed at you... just venting.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Strange. When I typed "How to register for an ISBN" into Bing I got a page full of relevant results.
I have a vacuum pump for sale for $75, which I though was a good deal. If you can get it for $0, don't pass it up.
http://utica.craigslist.org/tls/4120375327.html