Some Bing Ads Redirecting To Malware

An anonymous reader writes "Security firm ThreatTrack Security Labs today spotted that certain Bing ads are linking to sites that infect users with malware. Those who click are redirected to a dynamic DNS service subdomain which in turns serves the Sirefef malware from 109(dot)236(dot)81(dot)176. ThreatTrack notes that the scammers could of course be targeting other keywords aside from YouTube. The more popular the keywords, the bigger the potential for infection."

Posting

[c00rdb]

Posting to undo accidental mod

Re:Posting

[mythosaz]

+1 Clever.

Re:Posting

[Jeremiah Cornelius]

Redirecting to Malware?

What!? It installs Windows on your computer?!?

Re:

[AlphaWoIf_HK]

They're just helping people get great software such as Mighty Magoo installed on their 'puters.

Re:

[Rockoon]

it was first post, stoopid.

I know it's another stereotypical diss on Bing but

[themushroom]

People use Bing?

Re:

[Aighearach]

And we get the MS logo instead of the Borg Bill. :(

Re:I know it's another stereotypical diss on Bing

[Anonymous Coward]

If your cpu is overworked by browsing 1 secure site, you might want to consider an upgrade.

Re:I know it's another stereotypical diss on Bing

[Anonymous Coward]

I do it because as key lengths get longer, it is harder and harder to browse the HTTPS web using a telnet client. That is even with my pocket calculator nearby!

Re:

[istartedi]

Your programmers are too lazy to give me options that make things run efficiently, and I'm unwilling to shell out a few hundred dollars to accommodate your lazy programmers. We seem to have reached an impasse.

Re:

[bmo]

I started using it a couple weeks ago because https is a useless waste of cycles. ...

but at least they don't force you to use https and heat up your but at least they don't force you to use https and heat up your CPU for no good reasonCPU for no good reason

What.

I had someone else trying to tell me that scp is slower because encryption slows the file transfer.

I.... I just don't know...

What the hell is going on?!

--
BMO

Re:

[_merlin]

Well it is. SSH protocol overhead is higher than the minimal TCP overhead on the data connection for an FTP transfer. Whether this is significant or not is a different issue, but the statement is strictly true.

Re:

[bmo]

" but the statement is strictly true."

There's "mathematically true" at arbitrary precision and then there's reality, where the difference is not even a rounding error when brought to 4 places.

Anyone who says that scp is slower than unencrypted, as if it makes a real difference in wall time, needs a slap.

--
BMO

Re:

[Richy_T]

That's typically fairly trivial though.

Now, if packet compression is occurring and you're sending highly compressible files...

Re:

[istartedi]

What the hell is going on?!

This was hashed out a bit in another thread below; although no real conclusion was reached. After reading a few other search results, I've seen some other people having trouble with their browser cache after the switch to https. I went back to Google searches and it worked at normal speed. Unfortunately, I don't actually recall when I last flushed my cache so I can't correlate it. In retrospect, that should have been my first course of action instead of reflexively blaming h

Re:

[ConceptJunkie]

Perhaps you should consider upgrading from a 200MHz Pentium Pro. Just sayin'.

Re:

[ConceptJunkie]

Windows NT 3.5 could boot with 12MB of RAM. Think about that.

It probably didn't work well, but I was doing an experiment for fun because I had a stack of 1MB SIMMs and a little device that let you stack a bunch into a single memory slot. Nowadays, Solitaire probably can't run in 12MB of RAM.

Re:

[vadim_t]

Whatever your problem is, it's not with SSL.

AES-256 on my old laptop works at 65 MB/s. AES-128 goes at 90MB/s. This might be a bit of a problem if you've got a gigabit LAN and are using it to full capacity, but given that googling stuff amounts to about 24K there's no way that is making a noticeable difference.

Re:

[Zero__Kelvin]

"I started using it a couple weeks ago because https is a useless waste of cycles."

Most people these days who use Google use more than just the search feature, but that being said, even if you don't that is a phenomenally ridiculous reason to switch search engines from Google to Bing.

". Also, when using Chrome you get Bing searches from typing in the URL bar instead of the URL. ... I'm thinking I might try Firefox again too. "

OK. You have to be trolling. You don't trust Google with your searches, but you

Re:

[istartedi]

You have to be trolling. You don't trust Google with your searches, but you do trust them with your entire computer. Excellent.

Nope. I don't trust *anybody* so as long as it's all out there, I might as well not be wasting cycles. As for my machine being underpowered, bollox! I think there might be some dust impeding airflow, and it's a laptop and a pain to clean out. It's probably on its last legs anyway. Whether or not https is a major contributor, I don't know; but it can't hurt to get rid of it it

Re:

[Zero__Kelvin]

No. The pushback is because you made several ridiculous statements. Switching search engines because of HTTPS is a completely 90s thing to do. In 2013 it makes absolutely no sense whatsoever.

Re:

[istartedi]

Switching search engines because of HTTPS is a completely 90s thing to do. In 2013 it makes absolutely no sense whatsoever.

Really? [google.com]. A lot of those hits are quite recent. I'm not stricly blaming https necessarily either. It might have something to do with the fact that I'm slinging everything through a HOSTS file, NotScript, and Flash blocker. Once again, I don't care about the bloody NSA or even some wanker who might want to say, "look at all that dudes gay searches" because I can't do anything about

Re:

[Zero__Kelvin]

Yes. Really. You don't seem to understand what you are reading. Those are discussions of overhead on the server side, and everyone who knows what they are talking about says the same thing: It is about 5% overhead. The idiot who looked at rendering the Apache "It Works" page has no idea how to benchmark. You are doing a search. Unless it adds milliseconds (and more than about100 at that) you won't even perceive the difference. Or in other words, you won't even perceive the difference.

Re:

[istartedi]

And yet, nevertheless, I perceived the difference. As Yogi Berra said, "In theory, theory and practice are the same. In practice, they aren't".

I've heard there are some issues with SSL on XP. It's not an issue when dealing with a bank where it's mostly text; but for images and maps it just didn't scale for me.

OK, here's what I think *really* might have...

[istartedi]

OK, here's what I think *really* might have happened. Ready? Drum roll.... it was... TADA! Google's roll-out of https to everybody. Why do I think this? Because I just tried it and it seems quite snappy. I noticed the problem on the first few days of https being rolled out to me.

Was there a Chrome update? I don't know. Damned thing updates itself all the time. Did Google need to allocate a few more cycles to the task than they had initially thought? I don't know. I don't work for Google. Was the

Re:

[Zero__Kelvin]

Whatever it was, it wasn't HTTPS eating extra cycles on the client side. That's my point.

Re:

[istartedi]

*Directly* eating cycles? I'd concede that point. *Indirectly* eating them due to the extra bit of latency triggering a race condition or something in a poorly coded script? Very possible.

Re:

[Zero__Kelvin]

Just accept the fact that you have no idea what you are talking about and move on with your life. Seriously. Plonk.

Re:

[istartedi]

The feeling is mutual.

Re:

[Zero__Kelvin]

You're such an idiot. Seriously ... you mark me as a foe? What are you ... in high school? All that forces me to do is mark you as my friend so you see a little green and red pill every time you see a post from me to remind you to take your medications.

Re:

[istartedi]

You're such an idiot.

You're such a genius. You were the one who suggested "plonk". Since Slashdot doesn't have an actual killfile, Foe is the closest thing. I don't see a pill on your post. Just the red dot. You're in a very exclusive club--the 2nd Foe in 10 years. It's kind of sad, really. We've been on here about the same ammount of time, based on userid number. I looked over some of your other posts. You've got some 5s, very nice posts; but you also have a lot of these back-n-forth pissing con

Re:

[Mitreya]

People use Bing?

Yes. More than a few software packages try to incorporate a Bing bar plug in and set the search engine/homepage to Bing. That includes some software that is not outright malware (well, at least not before they chose to make money on pushing toolbars).

DirectX install tries to peddle Bing Bar which is installed with default settings.

Re:I know it's another stereotypical diss on Bing

[interkin3tic]

Hey man, google STEALS your information! MS told me so. So that must mean that MS doesn't do that. I mean, they'd be HYPOCRITES otherwise. So I use Bing to keep my porn searches safe. My sexual attraction to boobs and butts will remain safe from the NSA.

Re:

[technomom]

Well there's Steve Ballmer, Bill Gates, Steve Ballmer's mom, and Bill Gates' mom.......and that's about it.

Re:

[russotto]

Bill Gates's mom is dead, you insensitive clod!

Re:

[mjr167]

Some people are into that...

Re:

[techno-vampire]

That was my first thought, too. My second was, "People still use Windows?"

Re:

[oodaloop]

"People still use Windows?"

For certain values of "people".

Re:

[Bremic]

Surely if Bing gives you a link to Bing, then Bing is linking you to malware...

Re:

[ifiwereasculptor]

Apparently. And they both just got... sbinged?

Re:

[91degrees]

I do when Google tries to be too helpful and fails to give me the results I actually want, assumning I mistyped.

Clearly most people have never used it, yet there seems to be a strong opinion that it's rubbish. I wonder how people know.

Re:

[mcgrew]

Clearly most people have never used it, yet there seems to be a strong opinion that it's rubbish.

I tried it when it first came out. It was rubbish. Occasionally when Google goes haywire and gives me shit results I'll try Bing again... and get even shittier results. The last time I tried Bing, I was looking to find how to register for an ISBN. Bing's top result was a hardware store.

People think it's rubbish because they've tried it and seen that it's rubbish.

Re:

[91degrees]

Strange. When I typed "How to register for an ISBN" into Bing I got a page full of relevant results.

Re:

[91degrees]

It's an answer. One of two possibilities.

Is it possible that there's such a strong dislike of Microsoft on Slashdot that people will dismiss it as rubbish without actually trying it?

Re:

[James Andrews]

Yep. 4 of them to be exact.

Re:

[twocows]

I use it for Bing rewards. I have no loyalty to any particular search engine and if Microsoft's going to pay me to use theirs, so be it.

Re:

[DiEx-15]

Well, I'd rather be Scroogled than Balmered any day.

Re:

[segin]

Except the crap in the "Promotions" label turns out to be third party crap listservs, wholly unrelated to nor which came from Google, that you signed up for when you ordered that new hard drive from Amazon or put your email address on that paper form when you signed up for your Staples Rewards card. This is random shit you would have appear in your inbox (assuming you aren't using filters) regardless of whom you choose your email provider to be.

Now, if Microsoft called it the "Screwhoo!" campaign, that'd ac

This also in...

[mythosaz]

...ad hosting network (that happens to be used by major search providers) compromised to serve malware.

I suppose you can be mad at Microsoft for not constantly scanning their customers, but "Bing ads" is still misleading in the usual headline sensationalism way...

Re:This also in...

[ShaunC]

...ad hosting network (that happens to be used by major search providers)

...like Bing and Yahoo (whose search results come from Bing).

"Bing ads" is still misleading in the usual headline sensationalism way...

Yeah, it's not like the service itself is named [wikipedia.org] Bing Ads [microsoft.com], or anything.

Re:This also in...

[girlintraining]

I suppose you can be mad at Microsoft for not constantly scanning their customers, but "Bing ads" is still misleading in the usual headline sensationalism way...

Actually, you can't. A standard tactic is to serve regular, unmodified ads, to IP address blocks known to have businesses that to this. For example, the google crawler -- many websites will show different pages if you simply sub the user agent string in as Google; Bypassing compulsory registration, not displaying navigation ... adding piles of SEO words to the bottom of the page, and the list goes on.

Microsoft can't be expected to protect against stuff like this; Every website that allows javascript to be injected from a 3rd party website is equally vulnerable. And that's most of them; Including Slashdot; It has script links to rpxnow.com and fsdn.com. Hundreds of websites link into Google's ajax and analytics pages. A great many websites simply break if you disable 3rd party javascript.

So blame Microsoft if you want, but really, the people you want work at ORACLE.

Re:

[lorenlal]

Here was the comment I was looking for. I've seen third-party ads attack from plenty of reputable (and not so reputable) sites. As much as I love piling on MS, Bing, and IE, I don't think it's wholly fair to single them out for this issue. Of course, anecdotes are worth little more than the electrons that carry the information to your eyes, but I'm fairly confident most of us have been called in to clean up an infection from [typical site used by many].

Now, if you want to talk about Microsoft's awful ad

Re:

[rk]

Oracle? Believe me, I've a got a hate on for Oracle and the list and litany against them is long and storied, but how are they responsible for 3rd party Javascript?

Re:This also in...

[Nemyst]

When in doubt, blame Oracle. It works surprisingly often!

Re:

[rk]

I hope it's not because Java and Javascript is getting confused. I run into a surprising number of techies that think the two are closely related, and apart from some syntax they both inherited from C, the only thing the have in common is "Java" in the name, which is Netscape's fault, not Oracle's. True, Oracle owns the JavaScript trademark, but it's the Mozilla Foundation that actually develops it.

Re:

[rtb61]

Perhaps a legal review is required. How far should the advertiser be allowed to seperate themselves from the contents of the Ads they serve. The generate profits by promoting products and seem to be completely free from any responsibility for the reality of the advertisements versus what they actually promote.

At the moment advertisers make money by selling products, blatantly promoted with lies and regardless if the impact of those products upon victims the promoters get to wander off laughing with those

Re:

[radarskiy]

'"Bing ads" is still misleading '

No, it's the literal truth. The ad network is Bing Ads: http://advertise.bingads.microsoft.com/en-us/sign-up?s_cid=us_smb_a_web_bing_footer [microsoft.com]

Does it affect Yahoo!?

[Flavianoep]

Nothing to be afraid of here, unless the same ads are place beside Yahoo! search results.

Perspective

[Empiric]

...and for those of us who think that ads -are- malware, just targeted at a different processor, AdBlock still takes out two birds with one stone...

Re:

[Servaas]

They will get my money when I buy their product not before.

Re:

[Anonymous Coward]

Paywalled sites *should*, in best practices, be more secure and *should* not include as many targeted ads. That isn't to say they aren't vulnerable to attacks or browser based hijacks that redirect traffic regardless. Unfortunately sites like Amazon video/hulu plus are jammed with ads even when paying for the service. What I need is for the internet to be something other than a place for advertisers to intrude on my privacy.

Re:

[mcgrew]

If I'm paying for the content there damned well not be any ads whatever. I'll pay with money or by watching ads, but not both.

Re:Proof

[msauve]

Nothing costs $0.

That's a tautology.

Re:

[Anonymous Coward]

In that case I'll take seven of them.

Re:

[Richy_T]

I'll take 10 if I can get a discount for buying in bulk.

Re:

[dingleberrie]

This is a tautology, too.

Re:

[vandamme]

I have a vacuum pump for sale for $75, which I though was a good deal. If you can get it for $0, don't pass it up.
http://utica.craigslist.org/tls/4120375327.html [craigslist.org]

Re:

[Anonymous Coward]

Is every person _for_ advertising either in the industry or not old enough to remember what was? Business is the guest here, not the public, this is our network. If content makers can't make money without obstructing the people they want to encourage then I would rather not have their content. Ads or paywall? How about fuck you, get off my fucking lawn and take your stinking rat friends with you.

Re:

[0123456]

Why don't you start up your own web server for your grumbling and put it in an Old Farts Web Ring so people can find it? Because, you know, all the web search out there is ad-supported as well, and you won't have any of this, don't you?

If Slashdot disappeared, we would. Before the rise of the Glorious Advertisers' Internet you love so much, we would probably have been on email lists, which no-one paid for other than a few bucks a month from the person running them.

Re:

[GumphMaster]

From my Slashdot page:

Disable Advertising [X]
As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable advertising.

So, being "gramps" has its advantages you Johnny-come-lately ageist git.

Re:

[Rob the Bold]

Says the person who wants all the content they can grab for free.

Nothing costs $0. Do you want ads or a paywall?

I think what most of us want is "no malware". Do I block ads on parents', friends', in-laws' browsers so they get stuff for free without distraction? No, I block them to minimize the number of malware infections I have to clean up.

Re:

[CBravo]

And no website wants $1 when they can get $2. This is not about costs, it is about companies wanting to make profit.

Re:

[mcgrew]

Nothing costs $0.

How much are you paying for the air that you can't live without? How much are farmers paying for the rain that waters their crops? How much does a Cory Doctorow e-book cost? How much does it cost to watch a sunset? How much does it cost to write a book? (granted, actually publishing it is >$0 but writing it costs $0.) How much does it cost to noodle catfish?

You're a fool, AC. The things you need the most -- air and water -- cost $0.

Re:

[onyxruby]

If you aren't paying for the product you are the product.

Money is money

[pvianag]

Why not? .... Money is money .....

One more reason for me to not use Bing

[harvestsun]

Aside from the other obvious reasons, such as "it looks awful" and "for the types of things I search for, it's vastly inferior to Google".

Re:

[Jamie Ian Macgregor]

http://nz.bing.com/search?q=update+java&go=&qs=n&form=QBLH&filt=all&pq=update+java&sc=8-11&sp=-1&sk= [bing.com] vs https://www.google.co.nz/search?q=update+java&oq=update+java [google.co.nz] now which one would you send your parents to?

What kind of idiot moron

[Anonymous Coward]

Clicks on ads? They deserve to be infected with sirefef. Plus, it's job security for me. Sirefef is a piece of cake to remove for me, but my customers are dead in the water. Money is money.

Re:

[account_deleted]

Comment removed based on user account deletion

Obvious.

[msauve]

Security firm ThreatTrack Security Labs today spotted that certain Bing ads are linking to sites that infect users with malware.

What do they expect? Of course Bing is going to link to microsoft.com.

The actual article is here..

[Dynamoo]

The actual article is here [threattracksecurity.com]. TheNextWeb is a stupid site that doesn't work at all if you are not running Javascript. I choose to block most scripts, partly because.. a lot of ads are infected with malware. Yuk.

Who's responsible for the ads served

[EMG at MU]

I think the pertinent question is whether Microsoft or Google or Yahoo should responsible for the ads they show.

Take any given major website, turn off AdBlockPlus, FlashBlock (or alternatives), and NoScripts (or alternatives). How many ads can you count that are of the nature: "Learn that 1 wierd trick to lose 10 pounds" or "Enter your age to see if you qualify for money to go back to school" or "blah blah obvious scam".

They are everywhere. Now for me, I think much less of a website and the entity that owns it if they are serving these ads. I actually feel that if you get scammed through one of them it should be the website's fault for being party to a crime, because they served you the malicious ad.

If I had a brick and mortar business, and people paid me to stand inside my business and "demo products" or something, and you came in and got scammed, you would be pissed at my business. The business might also be liable.

Obviously the internet is different than meat space. Obviously you cant fix stupid. So who is responsible for serving a malicious ad?

Re:Who's responsible for the ads served

[Animats]

I think the pertinent question is whether Microsoft or Google or Yahoo should responsible for the ads they show.

That's a very good question. Because the major search engines do not vet their advertisers very well. Google had to pay $500,000,000 to the USDOJ when they were caught willfully running ads for an obvious drug dealer. [wsj.com] (No, it wasn't about "Canadian pharmacies". Some Google apologists tried to spin it that way, but the details came out.) Google has since clamped down. They had to; they were on DOJ probation for two years, with felony charges hanging over them. "Oxycontin no prescription" no longer returns ad results. Same for "viagra". Bing now pops up an "Is it legit?" box for searches like that.

Google's clampdown was narrow. Searches with "foreclosure" and "credit repair" have a high population of scammers. Financial search keywords carry a high price, because the marks can be taken for big amounts.

It's possible to measure basic advertiser legitimacy. We do that with SiteTruth [sitetruth.com], which tries to find the real-world business behind the ad. For over 30% of Google advertisers (by domain name), there's no identifiable real-world business behind the ad. (Running an anonymous business is illegal in some states and in the EU.) That's embarrassing, and highly profitable for Google.

Re:

[c-A-d]

Those "1 weird trick" ads did push me to install dnsmasq on my laptop. I've configured dnsmasq to handle domain lookups for lots of ad serving hosts and domains and it returns 127.0.0.1 for those lookups which saves me from said ads.

Re:

[intangible]

Rather than making them all point at 127.0.0.1, I like just killing their dns lookup when using dnsmasq (this only looks in /etc/hosts for the dns entry instead of a 127.0.0.1 response)...

local=/zedo.com/
local=/infolinks.com/
local=/intellitxt.com/
local=/vibrantmedia.com/
local=/kontera.com/

It's faster / less resource hungry then 404s hitting myself (since I often run a local apache for some static content and development).

I mostly KILL WITH FIRE the stupid "textual" ad providers... I HATE when I hover/highli

All ad networks do this

[onyxruby]

Not defending Bing in particular here, but every ad network gets utilized to deliver ads by malicious parties. Every ad company you can think of has staff that work full time just to look for and filter out malicious ads. A pretty significant portion [securitybistro.com] of all malware is delivered my ads that are unwittingly served by sites from Facebook to CNN or any other site you can think of.

Here's a nice link to a NIST [pdfeigchxu....awccadrja] report on the matter that you can get to once the government gets back to work. The problem goes back many, many years, so why on earth is this being reported as news?

Re:

[swb]

My understanding of this is that the ad networks historically didn't do much if any scrutiny and the business was largely built on near total automation which made it very easy for malware-based ads to filter through.

Have they changed this? I would guess that having people do this manually would not be remotely cost effective given the revenue per ad.

Re:

[onyxruby]

I sincerely doubt that they have people manually review much of anything (new accounts perhaps?). Companies are going to fight this kind of thing at the macro level, not at the micro level. I'm sure security staff investigate individual instances of note that are flagged by automated system in order to beef up security knowledge or see if an account should be banned. That being said I would imagine that they have automate the overwhelming majority of the work.

The ad agencies have been battling this kind of

surely i'm not alone?

[steak]

doesn't every body love bonzi buddy?

not remotely news

[slashmydots]

This just in: a freaking buttload of Google ads redirect to malware. If you want an example, type in "[insert name of any manufacturer or anything] support" into Google. 100% of the paid results are fakes, scams, or install malware. This has been true for years. Why don't they do anything about it? $$$$$$$$$ of course.

Bing

[Ralph Ostrander]

Because of this I was messing around and found the biggest act of defiance anyone or group can do is turn off cookies.

Use ABP/ABE, noscript and ghostery.

[Anonymous Coward]

Advertisers have risen from their graves to eat your brains. Stop them with adblock plus / edge, noscript and ghostery.

You know they are effective when advertisers call them the 'trifecta of evil' - http://www.makeuseof.com/tag/adblock-noscript-ghostery-trifecta-evil-opinion/

Oh, and if you happen to be an advertiser who is reading this comment, I have a very special message to you. Advertisers: please kill yourself. You failed out of your chosen field and profession and have become an advertiser. You ha

Bing ads that infect users with malware ..

[codeusirae]

Bing ads that infect users Microsoft Windows computers with malware, shurly :)