Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says It Has Resolved an Issue With Bing Which Was Causing It To Push Malware When Users Searched for Chrome (howtogeek.com)

Posted by msmash on from the what-in-the-world dept.

Chris Hoffman, writing for How To Geek: You launch Edge on your new PC, search for "download Chrome," and click the first result headed to "google.com" on Bing. You're now on a phishing website pushing malware, disguised to look like the Chrome download page. That's the story Gabriel Landau tells on Twitter. We were able to reproduce this problem, although it doesn't happen every time. Usually, you'll end up seeing an ad for "https://www.google.com". That goes to the real Chrome download page, and everything is fine. But, sometimes, you'll see an ad for "google.com". Guess what -- that doesn't actually go to Google.com. This ad was created by a scammer and goes elsewhere. Microsoft is apparently not verifying the web address the advertisement actually goes to. Bing is letting this advertisement to lie to people. Microsoft says it has resolved the issue.

33 of 101 comments (clear)

  1. bing it by Anonymous Coward · · Score: 1

    Now if they would FIRST fix the issue where it gives you chrome while searching for malware.

  2. (Probably) no underhandedness here by hcs_$reboot · · Score: 4, Informative

    Reading the title, my first thought was "fix the issue.. sure!". But it's actually not unlikely that Bing, being much less involved in Chrome than Google..., might render search results not in a way the user expects. Morale of the story: don't always click the first result - or at least check it!

    --
    Slashdot, fix the reply notifications... You won't get away with it...
    1. Re:(Probably) no underhandedness here by phantomfive · · Score: 4, Funny

      I just checked......now the first search result links to spyware :)

      --
      "First they came for the slanderers and i said nothing."
    2. Re: (Probably) no underhandedness here by houghi · · Score: 2

      Sure,but many people have been conditioned to use google.com or bing.com as their place to see other websites. I have seen people typing google.com in the default bing.com page, so they can enter the URL in google for our OWN website.
      I wish I was kidding.

      --
      Don't fight for your country, if your country does not fight for you.
  3. Edge has replaced Internet Explorer by jfdavis668 · · Score: 5, Funny

    As the best web browser to use to download a better web browser.

    1. Re:Edge has replaced Internet Explorer by laffer1 · · Score: 4, Insightful

      Edge is decent at rendering web pages. However, a few misconfigured network settings and it can't even load pages on some networks. If you allow "discovery" on networks behind pfsense, it can't work properly.

      The other issue is that it has far less ad-ons than Firefox or chrome.

      Finally, Opera is Chromium. Chrome is Chromium. They are the same browser with a different UI. It's all blink.

      --
      MidnightBSD: The BSD for Everyone
    2. Re:Edge has replaced Internet Explorer by mark-t · · Score: 1

      Apparently, yes

      --
      File under 'M' for 'Manic ranting'
  4. So MS finally admits it? by El+Cubano · · Score: 4, Funny

    Microsoft Says It Has Resolved an Issue With Bing Which Was Causing It To Push Malware When Users Searched for Chrome (emphasis added)

    Glad to see MS finally admitting the true nature of Edge.

    You know, after all, that the first step on the road to recovery is admitting you have a problem.

    1. Re:So MS finally admits it? by CeasedCaring · · Score: 3, Funny

      You mean this? https://i.redd.it/hlfo7oahjvrz...

    2. Re:So MS finally admits it? by Brett+Buck · · Score: 1

      Yes, and I wonder what "fixed" means in this context - fixed to load worse malware, faster and/or more invisibly?

  5. I am not sure if this helped MS or not. by jellomizer · · Score: 4, Interesting

    Sure Microsoft is in competition with Google for both its Search Engine and its browser. But having Bing go to a Malware site, which infects your Windows PC. Makes Windows, Edge, and Bing all look bad, as well as Microsoft for trying to be underhanded.

    With all the attention to prevent Google Chrome from taking more Edge share away I would expect Bings relationship with searching for a Google Product should be tightly controlled and managed, and mostly in a way to insure fairness and get good sets of data. I would expect the #1 result would be from Microsoft Telling you why Edge is So much better then chrome. But as #2 it should be googles download.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:I am not sure if this helped MS or not. by jellomizer · · Score: 1

      Well Linux, Mac, Unix... Can be just as easy to get Malware installed as well. Just as long as you have the ability to download data and make it executable you are open. Tools like Apt-get, and App Store, Microsoft Store, Google Play.... Give you a safe repository, but it also comes with baggage of being nice to the host OS, so competing products may get left out, or advanced features that could allow additional damage are blocked.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    2. Re:I am not sure if this helped MS or not. by Tablizer · · Score: 1

      Microsoft for trying to be underhanded.

      Are you implying MS did it on purpose? More likely, they'd be guilty of not bothering to "get around to" fixing it even if they knew there was a problem.

      I've seen a lot of cases of MS seeming to neglect products, including compatibility with older versions of their own stuff, if they wanted it to just go away.

      --
      Table-ized A.I.
    3. Re:I am not sure if this helped MS or not. by Vlad_the_Inhaler · · Score: 2

      I helped a friend set up her brand new machine at a time when Windows 8.1 was current. We downloaded Firefox using Internet Explorer and the free 1-Month copy of McAfee started screaming. It was right - we had been directed to a malware-infested version of Firefox.
      A day or so later she installed a second virus scanner without removing McAfee and the system ended up reverting to a previous snapshot - before all of our installs - because it could not handle that any other way. Sigh.

      --
      Mielipiteet omiani - Opinions personal, facts suspect.
    4. Re:I am not sure if this helped MS or not. by Tablizer · · Score: 1

      I honestly don't think MS would stoop that low. But discovering that spammers/hackers hijacked the Bing rankings using bogus sites and links, and MS choosing to conveniently ignore the problem *is* something MS would typically do. They get most their cake without the guilt. Why do active sabotage when you can use passive sabotage that gets the same results with much less legal risk?

      --
      Table-ized A.I.
  6. " Bing is letting this advertisement lie people." by mark-t · · Score: 2
    #badtransitiveverbs

    (facepalm)

    --
    File under 'M' for 'Manic ranting'
  7. Oops, wrong malware by Powercntrl · · Score: 1

    With all the crap it sends back to Google, Chrome almost qualifies as malware.

    --

    ---
    DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
    1. Re:Oops, wrong malware by Anonymous Coward · · Score: 1

      Malware: "software designed to interfere with a computer's normal functioning".

      No, chrome doesn't almost qualify. You not liking something doesn't make it malware.

  8. Re:" Bing is letting this advertisement lie people by tsqr · · Score: 2

    #badtransitiveverbs

    (facepalm)

    ...or maybe it's just bad punctuation: "Bing is letting this advertisement lie, people!

  9. The only thing Edge is good for... by GeLeTo · · Score: 5, Insightful

    ... is downloading Chrome. Oh, wait...

    1. Re:The only thing Edge is good for... by AndrewFlagg · · Score: 1

      that's hilarious. reminds me of IE 3 to download NN 4.5 /// Mosaic stand back. ;-) haha ... poor Pegasus no more.. i miss the ole days...

    2. Re:The only thing Edge is good for... by leathered · · Score: 1

      Windows has wget now, so you don't even have to use Edge or IE.

      --
      For all intensive porpoises your a bunch of rediculous loosers
  10. They mean it pushed Edge? by gweihir · · Score: 2

    Makes sense.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  11. Redirect? by Luthair · · Score: 1

    I wonder what actually allows the ad to claim to be www.google.com? Does Google have an open redirect URL somewhere? Is not specifying the final host a legitimate usage for an ad?

    1. Re:Redirect? by Quince+alPillan · · Score: 1

      You can have different link text than the url it goes to. For example, you can have a link like this: Google.com In other words, someone put in an advertisement that looked like the actual Google advertisement, but changed the URL to their malware site set up to look like Google's.

  12. Slashdot ia doing it too by Anonymous Coward · · Score: 1

    Visiting slashdot.org on my phone resulted in Chrome blocking 7 popups. One got through when I clicked on the story. Companies simply don't police their ads. It is shameful.

  13. Ads are a Virus. by Deathlizard · · Score: 2

    It's 2018. This crap has been going on for almost 8 years now. And it's not just Bing. Just about every search engine with ads has or has had this problem.

    If it's a popular app, and your search engine has ads. Guaranteed there's a Virus Inc. buying adwords for it.

    1) If someone is buying Adwords for any app, and it's NOT the company or group that maintains the software, ban it.
    2) If you can't verify #1, don't allow it until you can.
    3) It if sounds or feels shady in any way, don't allow it.
    4) If it's going to a aggregate site not directly affiliated to the company, ban it.
    5) If ANYONE auto redirects from the Adword link in any way. Legit or not. even after a minute. ban it.
    6) Every dropper malware I see only drops a payload once. If you see one drop. Ban it. In fact ban every ad with that domain for at least a month or more. Preferably for life.
    7) Since you're monitoring every click anyway, browse the link when it's clicked every time and make sure they are getting a clean page. If at any time, you're being redirected because it sees the traffic coming from you or the script is actually stupid enough to drop malware to your IP, ban it.
    8) Better yet, enforce and serve the complete ad site yourself and pull it cloudflare style. Check any links or files clicked or downloaded from the site. Guaranteed your IP's / crawlers are blacklisted so that a malware payload won't drop if you pull it. Best case is that it never drops a payload cause you're pulling it and sending it to the user. Worse case is it drops malware on your pull request, at that point, show the user the "Site has a problem" page and ban it.

    --
    In Soviet Russia, Trojan exploits YOU!
  14. Chrome is the new Netscape. by xack · · Score: 1

    Microsoft wants to kill Chrome just as much as Netscape, I woudnkt be surprised if some of Bing’s employees were in on the scam, in order to bypass security checks for ads.

  15. Wait what? by kbg · · Score: 1

    So this means that scammers can just pay Microsoft to put their scam and viruses in their search results? So anybody using Bing can just stop using it right now and forever because this is just unacceptable.

    1. Re:Wait what? by Greyfox · · Score: 1

      It's not just Microsoft. No one actually checks the contents of an ad, they just accept a large briefcase full of cash and serve whatever bytes you make available to them. If this specific case doesn't happen on Google as well as bing, it's just because google has their own adwords for their products.

      --

      I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  16. competition isn't the right word... by luminousone11 · · Score: 1

    Competition is such a strong word to describe this "relationship". Perhaps, bing flounders uselessly before Google search? I mean bing isn't even worthy of being typed with a capitol letter, the very word is beneath other proper nouns. If bing where a hard drive, you would have to put the jumper on the drive to configure it in slav......., sorry in post 2018 vanacular, secondary mode! Dodged a bullet their, was gunna have Duckduckgo pissed at me. Tho Altavista wouldn't have minded.

  17. Nah... by franblets · · Score: 1

    The just facilitated a link to the REAL virus.

  18. Google is next? by slashmydots · · Score: 1

    Maybe now Google can fix its problem with ad results for fake tech support scams when you type in [literally anything] + "support"