Good job, that Bing!
-
So I just finished reinstalling Windows 10 on my father's PC. So first thing I do is fire up Edge and go to download Chrome.
Because of course I did.
What Bing returned (as the first 'ad' result) was... Less than savory.
-
Republicans want to prove that the government doesn't work by not working when they are elected into the government.
Microsoft wants to prove Google Chrome is malware by replacing Google Chrome with malware in their search results.
-
I literally got as far as doubleclicking the EXE and noticing the publisher on the UAC screen wasn't right before I hit the eject button before my brain caught up with the reflex clicks.
-
Thankfully you can just cut out the middleman and go directly to http://chrome.com. Easy enough to remember for me.
-
Well, at least it has "Setup" in the executable name, so it wouldn't be able to run as non-administrator anyway.
-
Republicans want to prove that the government doesn't work by not working when they are elected into the government.
Original quote, I think:
The Democrats are the party that says government will make you smarter, taller, richer, and remove the crabgrass on your lawn. The Republicans are the party that says government doesn't work and then they get elected and prove it.
– P.J. O'Rourke
-
Wait, uh, wtf?
The ad says it's at a ".google.com" domain!
How/why the elgiu is Bing letting them get away with that?
-
why the elgiu is Bing letting them get away with that?
Because they're giving Bing MONEY!
-
Hence the "how"
Does Bing really let you put arbitrary crap in the domain field? If so, why hasn't EVERYBODY EVER complained and shut them the hell down?
-
Well, the actual direct link is
65004185.r.msn.com/?ld=d3rROq2y_500kF0awOmoJyIDVUCUwbnDDru328qOui2to1fqzcOg3_z5mlmAia7CVTSXbj4AI7qQqS-E0Er9M0zV6VFR4yxZUW5tqc4xeT5J5XK5k53Brb_zkQ25qaHsEBgVHw8YUJnts7QtLUhNl8vhJJXsH_Xf64jE_3id2ISzAt3xtK&u=www.Google.com%2furl%3fsa%3dt%26rct%3dj%26q%3d%26esrc%3ds%26source%3dweb%26cd%3d1%26cad%3drja%26uact%3d8%26ved%3d0ahUKEwjJhMuzkKPJAhViJKYKHUqqDfIQFggdMAA%26url%3dhttp%253A%252F%252Fnsoftweb.com%252F%26usg%3dAFQjCNEcHiCf4mX9V3Gyww5ZEZtd84FNxg%26sig2%3dEok7NpiPA0x1mE43sd9j0ATaking it apart, that's a 2-value querystring: ID (which looks like it's for tracking) and u
I suspect u is a URLencoded URL to which the link actually goes, which would be...
www.Google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjJhMuzkKPJAhViJKYKHUqqDfIQFggdMAA&url=http://nsoftweb.com/&usg=AFQjCNEcHiCf4mX9V3Gyww5ZEZtd84FNxg&sig2=Eok7NpiPA0x1mE43sd9j0A
google.com/url appears to be a redirect script that redirects you to the &url parameter.
So in Microsoft's shitty secondrate advertising world, that's an ad resident on Google.com - presumably you can set the subdomain to whatever.
The really absurd thing is that Google hasn't blocked the fuck out of that redirect. Chrome flags it as malicious if you try to go there....
-
o.O ygbsm
So, it looks like the advertiser abused an open redirect (the same one used in Google web searches), put the URL into Bing ads, and Bing just accepted it as "Oh, you live on Google.com!".
Jeeesus.
-
Why are ads allowed to be 3XX status codes?
-
And the ad is now gone.
I reported the site as malicious through the "This is a fucking malicious download" thing in Edge. So a few possibilities:
- Bing's advertising gets sanitized after going up (which would be TRWTF)
- Wherever the "This is a malicious site" stuff in Edge goes, it gets acted upon across the Microsoft estate, and quickly
-
The vast majority of them go through at least 2 or 3 layers of redirect. One from the ad network for tracking and shit, one on the advertiser's site for their own metrics, and then whatever the site would normally do.
-
No idea. That's stupid.
Also,
Filed Under: I hope these elgiuers get blacklisted. They probably won't
-
Where's that page?
-
-
Filed for reference.
Would be nice if they had a link to the damned thing somewhere accessible.
-
+1
I got to it from a Google search
Usually they have some kind of "report abuse" link - it's annoying that these ones don't...
-
Not reproducible here in my language setting.
-
It no longer reproduces, likely because of all the form filling that happened above.
-
Presumably. Good thing too.
-
So would this be the place to pontificate about how no one should ever use the internet without ad blockers?
-
Or in fact Google redirection service should block redirect URL request that with referer URL not set to a goggle based domain, if it's sole purpose is to keep track of clicks.
-
Did you happen to scan the file to see what particular strain of bullshit it was trying to infect you with?
Just curious.
-
The Windows install was literally 45 seconds old. Nothing there to scan with.
-
-
Or in fact Google redirection service should block redirect URL request that with referer URL not set to a goggle based domain, if it's sole purpose is to keep track of clicks.
I know, I know! Track the clicks with Javascript!
-
Yeah, I reported it to google too. They probably won't do anything about it... but.....
-
1) Bing's advertising gets sanitized after going up (which would be TRWTF)
2) Wherever the "This is a malicious site" stuff in Edge goes, it gets acted upon across the Microsoft estate, and quickly- That reporting link sets a cookie that hides the ad in your browser only, making it look like Microsoft has the fastest response time ever. They might actually look at your comment half way into next year.
(No, I wouldn't put it past an advertising company to do such a thing...)
-
It makes sense. User thinks ad is abusive, so user probably won't want to see ad.
-
I literally got as far as doubleclicking the EXE and noticing the publisher on the UAC screen wasn't right
And people turn that off!
-
Did you happen to scan the file to see what particular strain of bullshit it was trying to infect you with?
Maybe it was Chrome.
-
-
That's because they're
stupidsick of being annoyed with that bullshit and competent enough with basic computer-ing to verify they're actually downloading what they think they're downloading from the site they think they're downloading it from before running it. Oh, and also to never everclick any adsallow any ads to load under any circumstances.ftfy
-
ftfy
No, anyone using a computer as administrator with UAC disabled is stupid or computer illiterate.
-
Then I guess my 10+ years and running without once being infected with anything is just a really, really, reeeeally long lucky streak.
I should go buy lottery tickets or something.
-
-
TRWTF is that Windows still doesn't have an applications store. Even Shitzen has one.
-
It uh. Does? I guess maybe you could get chrome there? I'll try next time
-
It uh. Does?
The official one sucks balls, though.
If I were you, I'd go with Ninite or something similar next time when setting up a system.
-
Chocolatey looked interesting, but I didn't test it enough.
-
Fuck! PLEASE DON'T TELL MY GIRLFRIEND WHAT'S IN C:\Y!
-
You should move it somewhere like C:\Windows\System32\drivers\UMDF\en-US\Y
-
What? How did you know where I keep my.... nevermind.
-
The Windows install was literally 45 seconds old. Nothing there to scan with.
Can't Windows Defender be persuaded to scan on demand? I don't know, because I always turn it off right after installing Panda Free Antivirus, but I believe it's there from the get-go on any modern Windows installation.
-
Treesize finds all :(
-
TRWTF is that Windows still doesn't have an applications store.
Is this a joke or sarcasm or something? Windows 10 comes with the Store app...
-
Presumably it needs to download definitions before being useful. If not, it presumably would have scanned the damned exe that I just downloaded from the damned Internet before even handing over to UAC, and therefore detected nothing.
-
And why is Chrome not in there? And why isn't the first result on Bing a link to that "store"? Let's see:
Android?
iOS?
Windows?